←back to thread

SEC charges four companies with misleading cyber disclosures

(www.sec.gov)
81 points impish9208 | 1 comments | 22 Oct 24 16:56 UTC | HN request time: 0.202s | source
Show context
MattSteelblade ◴[22 Oct 24 18:14 UTC] No.41917058[source]
> Unisys will pay a $4 million civil penalty;

> Avaya. will pay a $1 million civil penalty;

> Check Point will pay a $995,000 civil penalty; and

> Mimecast will pay a $990,000 civil penalty.

With the exception of Mimecast, these are companies that are bringing in billions of dollars in revenue annually. How is this supposed to deter them?

replies(7): >>41917158 #>>41917164 #>>41917717 #>>41917985 #>>41918127 #>>41918370 #>>41918473 #
1. Hilift ◴[22 Oct 24 20:03 UTC] No.41918127[source]
The fines are symbolic. Even if you look at the fine for the hotel data breach in 2018, that was only $52 million (US) and $23 million (UK), total of $75 million. And the Equifax breach? An executive VP of IT sold $584k of shares right after the breach and before the press release. Nothing happened to him, he said he was unaware of the breach. https://www.npr.org/sections/thetwo-way/2017/09/08/549434187...

The SW supply chain attack is one of the most brilliant cyber attacks in recent history. They hit a train load of gold bars, and had a much as 14 months of dwell time with potentially 18,000 customers. Discovery must have been disappointing for the attackers.

If you follow the most important rule, secrecy, you get plausible deniability and small-er fines.