If deception persists, more transparency should be required in breach disclosures.
Alright folks, let’s have a natter about data breach disclosures. Ever had the unnerving feeling you’re being kept in the dark about something highly valuable – your personal data? Yeah, me too. Seems like those chaps who earnestly assert how seriously they take our safety aren’t exactly transparent about data leakage.
Perhaps it’s time we moaned for some legislation requiring full disclosure – y’know, the inconvenient truths usually swept under the corporate rug. We want hard facts, not waffling words that could leave us cyber mug victims.
Take one example: a healthcare company tight-lipped about a data breach, describing it as a mere “cyber event.” Casual phrase for a ransomware attack, wouldn’t you say? As a double whammy, the people affected – that’s us, not just numbers on a spreadsheet – got to know about the breach from outsiders, not from the chaps who buggered up the security. Not exactly cricket, is it?
And this, dear friends, is a recurring bother. We see institutions avoiding admission of ransomware attacks as though it’s a game of Twister – ducking, twisting, and turning phrases. It’s as if they’ve told us our data “might have been exposed” when they know some nasty sod nicked it off their server and published it online.
Don’t you think a company knowing about our stolen data, fluttering about in the virtual badlands, should let us about it? Isn’t there some responsibility to protect the people trusting them with their data? If not, slap them with a fine for every day the vital information remains withheld, and hold the executives accountable.
Now, let’s shift our attention to those companies rushing out to assure us of our data’s safety before the ink on the forensic report has dried. Rather like assuring us their dog won’t bite while it’s baring its fangs, don’t you reckon? Instead of rash reassurances that’ll likely need retraction, we got to hear something more like, “We aren’t quite sure if the stolen data is misused or likely to be, but till then, here’s what you could do to keep yourself safe…”
Another favourite scapegoat of these corporations is our dear old ‘law enforcement.’ Cooperation with the ‘blues and twos’ is touted as a badge of responsibility, but frankly, that’s no reason not to be upfront with us. Unless the coppers specifically say not to disclose something, why have us dithering in anxiety? And if some of them honestly tell us they’ve been counselled against transparency to reduce liability, it’s simply not on!
The real victims, you and I, should be the first to know from the horse’s mouth if our data’s been filched or leaked. We should be told the reality, not sugar-coated corporate babble meant to mislead us. Right, so what do we do till laws and regulations make transparency compulsory?
Sites like DataBreaches take it upon themselves to contact these so-called transparent companies asking for a statement about a data breach. If they don’t answer or are evasive, they spill the beans – rudely awakening the victims about the reality of their stolen data.
In the end, it’s crucial to know when our data is in troubled waters so we can take steps to protect ourselves. But if companies won’t face the music, we can trust watchdogs like DataBreaches to do the dirty work for us.
So that’s the state of the cyber landscape today, folks. Stick around till we dissect more of corporates playing hide and seek with our data.
by Parker Bytes