I thought my latest unthinkable thought recently when reading this in an article about what the law demands on IT security:
For most IT organizations, securing corporate data against compromise is priority No. 1. Girding the enterprise against breaches is a constant, thankless task requiring foresight, vigilance, and much in the way of IT expenditures. Keep up with the latest threats, or find your company in the headlines — and your job on the line.
Such is the shift in attitude toward security in IT. In the Wild West, when Jesse James and Butch Cassidy robbed banks, we felt sorry for the banks and hunted down the outlaws. Today, when someone breaks into a company’s computer system, our response is totally different: We blame the company for failing to provide adequate security.
It does seem strange. While it’s reasonable to hold companies responsible for failing to provide adequate security there seems to be an attitude that nothing can be done against the criminals themselves. If the attacks originate (as most seem to) from a handful of countries run by kleptocratic governments the criminals are viewed as untouchable. It’s as if the money was stolen by martians.
But this is nothing but a failure of will on the part of the civilized world.
So here is my unthinkable though for the day: How much less security risk worldwide would there be if Russia was given a year to crack down on the cyber criminals there or be disconnected from the internet at large?
Kind of like a reverse firewall. The point is not to prevent the crimes themselves but to establish a penalty against the countries that provide safe harbor to the criminals.
I only point out Russia because they are one of the worst offenders and their recent behavior in Georgia calls into question their willingness to be a civil part of the global community. But there are also other countries could likewise be sanctioned with the Internet Death Penalty.
Unthinkable? Perhaps. Impossible? No. All it takes is the will to do something about.