“27 largest companies have admitted to the SEC that cyberattacks are basically meaningless” #security /ht @arashiyama

Since the beginning of the cybersecurity FUDgasm from Congress, we’ve been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn’t necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There’s just one problem: it’s still not true.

The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.

The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.

MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.

So what’s this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public’s privacy by claiming that it needs to see into corporate networks to prevent these attacks.

If this was a real problem, wouldn’t we see at least some evidence?

via As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks | Techdirt.

One Reply to ““27 largest companies have admitted to the SEC that cyberattacks are basically meaningless” #security /ht @arashiyama”

  1. Ultimately, this comes down – on the sides of fearmongers, pragmatists and optimists – to the difficulty of ascribing effect to cause, and the null-positive effect of much of security, in terms of ensuring that “sh*t doesn’t happen”.

    A fearmonger would simply say that “cyberattacks have done little to no damage, *yet*”, arguing that various large archives of exfiltrated data constitute a time-bomb that a ne’er-do-well can set ticking when “the time is right”. Yet, the usefulness of such data is also a function of time, and depending on the nature of the data, that usefulness may or may not be predictable.

    There is also the difficulty of trying to express all forms of harm in terms which have a dollar sign in front. Even if Everett’s many-universe theory is true, there is no means of accurately comparing what has happened, to what might have happened.

    Different analysts and statisticians build different-looking castles in different volumes of air. It’ll take one suitably-correlated event to prove the fearmongers right, but there doesn’t appear to be a concrete means of proving the fearmongers wrong.

Leave a Reply to Dave Walker Cancel reply

Your email address will not be published. Required fields are marked *