“You don’t drown from falling into the water, you drown from not getting out.” Think about that — and think about how that applies to cyber security and data breach issues facing companies in today’s cyber world. Here, in my first ever video blog post, I explain this issue with more detail.
I recently posted about how corporate general counsel now view cybersecurity as a top 3 concern. At this rate, it will soon be their #1 concern. A recent article in Corporate Counsel gives several reasons for why this problem will only continue to increase in volume, expense, and overall risk to companies:
- Companies continue to move more infrastructure online
- The annual cost of data breaches is projected to rise to $2.1 trillion by 2019
- Cybercriminals are more often hacking for profit instead of for “causes” as with hacktivism
- Nearly 60 percent of data breaches in 2015 are anticipated to be in North America
- The average cost of a data breach is projected to exceed $150 million by 2020
- Companies are developing quantum computers with so much power they will render ineffective all currently known defenses
Not only should corporate general counsel be concerned about cybersecurity, but so too should companies’ officers and directors because there is a growing trend toward liability for them as well.
This was the ruling of a District Court in Virginia.
The court’s rationale is that the Fifth Amendment does not protect against providing physical or tangible information to further an investigation, such as DNA evidence or a physical key, but it does protect a defendant from having to provide information that must be communicated because by communicating that information, the defendant would be testifying against himself.
You really need to hear this podcast where we draw lines in the sand staking out what is — and what is not — security research.
The #DtR Gang [Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst)] invited me to tag along for another episode of the Down the Security Rabbit Hole podcast.
Let us know what you think by tagging your comments with #DtR on Twitter!
This is one of my favorite and my most popular posts ever — and you better believe I will find a way to mention it to this group of CEOs to help them understand why it is important to take seriously the data security threat!
I had the pleasure of joining the DtR Gang for another podcast on Down the Security Rabbit Hole and, as usual with this bunch, it was more fun than anything — but I learned a lot as well. Let me just tell you, these guys are the best around at what they do and they’re really great people on top of that!
This episode had the usual suspects of Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst), though James was riding passenger in a car and could only participate through IM. Also joining as a guest along with me was was Philip Beyer (@pjbeyer).
Thank you Raf, James, Michael and Phil — this was a lot of fun!
Today I had a blast doing a podcast on the CFAA, Shellshock, and cyber security research with Rafal Los (@Wh1t3Rabbit), James Jardine (@JardineSoftware), and Michael Santarcangelo (@Catalyst) — in fact, we had so much fun that I suspect Raf had quite a time trying to edit it!
As I mentioned on the show, when I first saw Robert’s article, I viewed it with skepticism. However, after actually reading it (yeah, I know — makes sense, right?), I found the article to be very well written, sound on the principles and issues of the CFAA — in my view, Robert did a great job of framing some key issues in the debate that definitely needs to happen.
From the article, our discussion expanded to a general discussion of the Computer Fraud and Abuse Act, its confusion as to application to “security research,” and whether it is even possible for Congress to “fix” the CFAA.
I do not think Congress is able to “fix” the CFAA right now for many reasons. However, I believe we pointed out some additional issues that must be taken into consideration during the public debate in determining what we as a society really value and want on these issues. Until “we the people” can figure that out, I see no way for Congress to “fix” this law which means the Common Law method is what we are left with.
Anyway, this post is just skimming the surface — Raf turned this into a really nice podcast so check it out: Down the Security Rabbithole.
Thank you Raf, James and Michael — this was a lot of fun!