The sad truth about the CardSystems debacle is that it wasn’t unusual, at least in the delay and obfuscation over reporting it. An AP report in yesterday’s HoustonChronicle says
Most businesses do not report cyber attacks to law enforcement authorities, fearing the disclosure would harm their image and benefit rivals, FBI Director Robert Mueller said Tuesday.
Mueller’s comments were based on an annual survey conducted by the FBI and the private Computer Security Institute that found just 20 percent of businesses reported computer intrusions last year, a figure that has held steady for several years.
The reasons cited most often for keeping the incidents quiet were loss of business to competitors and potential damage to a company’s image.
In other words, don’t tell anyone and you’re fine. The old security through secrecy thang. Hopefully CardSystems will make people aware that’s just not going to cut it anymore.