As I talked about in my last post, there is a shame or stigma that is associated with announcing that you as a company were breached. This is something that needs to change.
While it is not a good thing that companies were breached, they need to come forward and say that it happened. This is less likely to happen in a world where people view these companies as untrustworthy. Companies will try and hide the fact that they got breached. This is bad for both the companies users and other companies. If companies come out straight away and say that they were breached and how it happened. It gives users time to change passwords and perform other actions that they need to secure their accounts and information. It can help other companies because they can see how other companies were breached and then look at their own networks and assets to see if they have been breached and/or change their network and security so that the attack that breached the first company won’t hurt them.
There are programs in place for information sharing such as the US Department of Homeland Security’s Cyber Information Sharing and Collaboration Program (CISCP). This is a program where companies can sign up to share and receive anonymized information. That is an added bonus for companies because no one knows who they are with the attacks that are taking place against them. Programs like these are important to help to secure everything in a world of ever-changing cyber threats.