The lawyers are coming
It's not only your own company's security you need to worry about, but also the security of those you interface with.
Remember this scenario, because it will happen: A company comes under a cyberattackâ€"theft of secrets, denial-of-service, or some other hack. After hiring an expensive consultant to handle damage control, the company goes looking for someone to blame. When it finds out that the attack came from another company's server, it sues. The first company's lawyer has a case, claiming that the second company's lax security left his client wide open to the attack.
"I think we are absolutely going to see something like that happen," says Mitch Dembin, who as an assistant U.S. attorney specialised in cybercrime prosecution and is now a member of Exodus's CATT team. "We are just ahead of the curve on this issue, but it's coming," he says.
Dembin says, "The key to these cases will be establishing what is called a 'duty of care.' " That is, the minimum a company must do to secure its networks to keep hackers from using them to launch attacks. Companies that don't meet that will be considered negligent. "That's when companies are really going to start seeing the importance of security," Dembin says
A good story. Preaching to deaf ears in Australia though. Its going to take a massive attack which brings down a high profile company before people in Australia take security even remotely seriously.