Voluntary Breach Disclosure Rare But Valuable
Kelly Jackson Higgins writes:
Google’s and Adobe’s disclosure in January that they had been hit by the same wave of targeted attacks were rare voluntary revelations, the likes of which may never be seen again: Most companies won’t disclose an attack unless required to by law or regulations. But security experts and forensics investigators say the best way to defend against targeted attacks and help unmask who’s behind them is to gather and correlate attack information among various victims.
There’s no common way today for victim firms to safely and confidentially share data about attacks they suffer, nor is there necessarily much incentive to do so. The so-called Aurora attacks out of China that hit Google, Adobe, Intel, and an unknown number of other organizations in the U.S. have reignited a debate about voluntary breach disclosure. Google’s discovery of the attacks demonstrated how victims can benefit from collaboration with one another and law enforcement.
Read more on Dark Reading.