LinkBack URL
About LinkBacksRead more.Meanwhile, Tesco Bank has been fined £16.4m over a customer hacking incident in 2016.
Read more.Meanwhile, Tesco Bank has been fined £16.4m over a customer hacking incident in 2016.
I was affected, enjoy the fine Facebook
Salazaar : <Touching wood as I write this...>
I'm always skeptical concerning fines for security breaches, they seem a little to much stick than carrot, I'd much prefer if companies were forced to perform X years worth of security audits or something to get them to adopt better security practices.
You don't necessarily get fines, other actions like audits are available instead or as well as fines.Originally Posted by Corky34
If an organisation can show that a breach was down to a previously unknown vulnerability it's unlikely there will be much of a fine. If it was a known vulnerability, out of date software or on obvious attack vector they'll come down harder.
"You've been responsible for something bad happening which you should have prevented, go and sit on the naughty step thinking about what you did and how you can do better!"
The above is a reasonably boiled down summarisation of what you are suggesting in the security world.
Fines are cause and effect and the prospect of fines of the scale the EU suggest have kicked most CSOs in the EU and somewhat worldwide to adopt better practices already.
The fines are a punishment for something they should have prevented by adopting better development and security practices. Additionally, are you not sure that Facebook already has Security Auditors, Researchers and White Hats coming out of their ears? Telling them to get more would be a waste of time.
If there is not an effect, then how will a cause be resolved properly for the prevention in the future. Right now I bet the team responsible for that feature is getting a big shakeup on procedure to prevent that happening again.
On another note, yes! A big company has been pulled over the coals, that makes my job easier!
To note I'm not suggesting they should sit on a naughty step.
It's just I'd prefer something to force them to adopt better security practices, fines always seem a rather blunt instrument as some companies see it as the cost of doing business and just pass the cost onto us consumers, sort of like we potentially pay £1.25bn (or whatever) every 5-10 years or £2m each year for better security, companies inevitably choose the cheapest option and I'd prefer them to be forced into adopting the best option.
Yes FB could have Security Auditors, Researchers and White Hats coming out of their ears but people like that don't act in isolation, for all we know people like that could've been highlighting security issues for ages but been ignored because FB did think the cost/risk ratio was worth worrying about.
EDIT: I've said it before but IMO the way the aviation industry deals with safety issues is the gold standard and i think other industries could benefit from implementing similar practices, if necessary by forcing them to do so.
Last edited by Corky34; 01-10-2018 at 05:24 PM.
I suspect holding their bottom line to the fire is as good an incentive as any to both the company itself and others who may be in a similar position to sharpen up their act.
Tesco seemed to have implemented poor practices that made it relatively easy to exploit. But if they want to play at being a bank, they need the appropriate security measures. The Tesco fine was lower than the maximum because they came clean, cooperated, refunded the losses and paid the fine early - so that is the incentive to 'fess up - because these hacks will be found out eventually, especially where money is involved.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Google & Facebook are the biggest TAX evaders ....no issue here just thought it will be in the range of billion
£1.25bn that's peanuts for these crooks...that's like £5 for an avarage joe. Yet they will probably enter into lawsuit to dispute this.
next month, facebook faces fines for selling children to google to pet their gardening sheep. they now face a $2500 dollar fine
you are assuming a single employee cares about the finances of the company - it's not private it's traded. So that doesn't happen at all. Wierd justices.
hexus trust : n(baby):n(lover):n(sky)|>P(Name)>>nopes
Be Careful on the Internet! I ran and tackled a drive by mining attack today. It's not designed to do anything than provide fake texts (say!)
And they would both deny that, saying they pay all the taxes required of them. Avoiders perhaps, but not evaders.
Exactly. These fines are punitive for a couple of reasons, IMHO. One is that these dsta breaches csn cause significant harm, hassle, aggravation and lost time to large numbers of customers who have little or no direct comeback. Hitting guilty parties in the wallet is likely to be more effective at motivating improvements than anything.
But secondly, there's the example it sets.
Implementing effective security, and msintaining effectiveness, is not cheap.
I remember seeing a TV program about prostitutes that would be caught regularly pay the fine and be right back to work. They treated it as a cost of doing business.
Unless data fines really hurt, the odds are many firms will continue, as they have for years, to pay little more than lip service to true security, and treat penalties as a cost of doing business as usual.
But you hit a business or tso with really heavy fines and not only do you send a message that you're serious about regulation to those firms, but you give every other business an "Oh poop that could be us" moment to motivate them to not be next.
If these fines do not REALLY hurt, they won't have any effect.
They probably don't then as £1.25bn amounts to three months profit for FB.
If you took away 3 months profit from any business they'd notice. Do it from a publicly traded company and its shareholders will definitely notice.
Notice, yes. But Saracen mentioned really hurt and that I'm not so sure on.
Is loosing out on three months worth of earnings enough to instigate what could be costly changes? Or will it just be seen as the cost of doing business.
I mean i have no idea how much extra it would cost someone like FB to ramp up security to something like payment card levels (not that they're immune), or how often someone like FB would expect to get hit with similar levels of fines, IDK if the cost of not doing anything outweighs the cost of doing something.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote