HiGirlsRHot said:Well if people haven't figured out that nothing connected to a network is safe by now I don't what to say. Let see tens of million Target customer financial information was stolen over the holidays, and they aren't the only ones. Most large companies deal with hundreds of hacking attempt a month sometimes even week or day. It seems to me these are way bigger stories than few good looking celebrities getting nudes posted of them.
The problem here is two-fold:
- legislation isn't strong enough to punish companies that don't safeguard information properly. In the US, you have to report data breaches and provide things like credit protection/monitoring for some time, but that's cheap as hell to provide and rarely more than a slap in the wrist of the company
- not enough people qualified in security (or in IT) are available, so only the companies that value their data enough end up hiring those folks for the salary they deserve (and that the market has pushed way up). I'm not in security, but a few years ago my manager dropped an interesting statistic - we had to interview *1000* people for every sysadmin/site reliability engineer we hired.. And that's in a role that is way more common than security engineer.
We seen a significant decrease in property theft over the last 20 years, in no small part cause cops have gotten better solving crimes. However, for electronic crimes I suspect the chances of getting caught are getting worse not better in recent years. I think the sheer number makes it hard to find the folk, but part of it is cultural, the stealing of digital property doesn't seem to be an actual crime in many peoples mind.
I still believe it is mostly due to the law. It's really easy to catch people as long as you deploy the required monitoring and auditing infrastructure, but again, this costs money and without legislation forcing companies to do that, only those who value their secrets/intellectual property/user data/reputation end up doing the right thing.