Breaches might be inevitable, but penalties are not harsh enough
A panel on the topic of data breaches organized by cyber security and penetration testing company Cognosec has revealed that most industry professionals believe that breaches are inevitable and that we should just accept this new reality.
The panel, which gathered the Rt Hn David Blunkett, former UK home secretary; Mustafa Al-Bassam, an ex Anonymous and LulzSec hacktivist; Neira Jones, a payment security consultant; and Cognosec CEO Oliver Eckel, was coordinated by Graham Cluley.
They debated the curent situation regarding data breaches, and at the same time the attendees were polled about their own thoughts about the topic and related issues.
68 percent of the pollees said that breaches are inevitable, and 71 percent said that they would like to see harsher penalties for companies that fail to protect their users from cyber attacks.
Token financial penalties are seen as a poor deterrent, and fail to spur companies to make absolutely sure user data is completely protected.
“I wasn’t at all surprised to see that the majority of attendees believe that data breaches are inevitable, nor that people want harsher penalties for companies that fail to protect customer data. It reflects the hostile world we live in today. Hacking is a constant threat and there is growing discontent amongst consumers who feel too little is being done to protect their most sensitive information,” noted Eckel.
When it comes to punishing cyber criminals, 60% of attendees were in favour of custodial sentences as opposed to monetary fines (9%), re-education (3%) or putting hackers to use for good (25%).
The most interesting results were those for the question that asked pollees about their view on latest UK government attempts to bring in more surveillance powers: around 33% were in favour of more surveillance powers, another 33% were against or unsure, and a final 33% had reservations despite understanding the rationale. These results would suggest that the government will have trouble reaching a resolution that will satisfy most citizens.
“Individual privacy and a nation’s ability to protect itself will always be of the upmost importance. However, balancing civil liberties and national security is becoming increasingly difficult,” Blunkett commented. “As evidenced by this event, Government surveillance powers are a remarkably contentious issue. I was fascinated to see how different the thoughts of attendees were from each other, as well as from the current Government.”
Finally, over 91 percent of the attendees said that companies should employ hackers to test their systems. Cognosec believes that this shows that “the role of the ethical hacker or penetration tester has never been more widely accepted.”