New York Times gets Pwned, Responds all New School
So there’s a New York Times front page story on how “Hackers in China Attacked The Times for Last 4 Months.”
I just listened to the NPR story with Nicole Perlroth, who closed out saying:
“Of course, no company wants to come forward and voluntarily say `hey we were hacked by China, here’s how it happened, here’s what they took’ because they’re probably scared of what it will do to their stock price or their reputation. In this case, what was interesting was that it was my own employer that had been hacked. We felt that it was very important to come out with this and say ‘this is how easy it is for them to break into any US company and here’s how they’re doing it. [Link added.]
On Twitter, Pete Lindstrom suggested that “seems they are highlighting successes, not woes.” Zooko suggested several things including “perhaps since it is news, the NYT is happy to print it, because *any* news sells papers?” and “Or is this a cultural change, where people stop attempting trying to secure their perimeter and hiding their failure to do so?”
Me, I believe it’s culture change, but am aware of the risk of confirmation bias. When I think back to 2008, I think the peanut gallery would have been pointing and giggling, and I think we’re over that.
Thoughts?
I wish I could be as optimistic as you, Adam, but this set my Spidey-sense off and I’m now worried that “We’ve been breached!” will be a marketing tool vs authentic way to share breach data and that it will be tied to efforts by organizations to spend less on defense and more on the PR-side of response (not even necessarily more capable/speedy detection capabilities).
Obviously thats a generalization, but it’s the cheapest path forward for orgs. Invest in cyber-insurance (transfer risk) and spin vs do the hard work.
I honestly hope my cynicism is misguided.
Then again, perhaps it’s a marketing tool *and* status symbol: http://drezner.foreignpolicy.com/posts/2012/06/06/gmail_provides_the_new_hip_trend_in_wonkery