Maksim Kabakou - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss comments from the FBI's Donald Freese on the practice of blaming and shaming hacking victims and its effects.
Blaming, and even shaming hacking victims following high-profile data breaches and cyberattacks has become commonplace, but one top law enforcement official says it's time for the infosec profession to break that habit.
Donald Freese, deputy assistant director of the FBI and former head of the bureau's National Cyber Investigative Joint Task Force, spoke at the (ISC)2 Security Congress in Austin, Texas, last week. While he spoke at length on proper enterprise security hygiene and the importance of risk management, Freese also addressed the tendency, both in the infosec industry and among law enforcement agencies, to blame hacking victims.
Freese discussed how security professionals in both the public and private sector need to exhibit more humility to better understand victims and the problems they are trying to solve. In the case of the FBI, placing too much blame on victims, he said, can harm already fragile relationships and communications with enterprises.
Freese's comments follow a similar message from Facebook CSO Alex Stamos, who talked about the need for empathy in the infosec community during his Black Hat USA 2017 keynote.
Does the infosec community heap too much blame on hacking victims? Is there a line between criticizing companies that have suffered data breaches and shaming them for their mistakes? Could victim-blaming have a negative effect on the cybersecurity workforce shortage? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.
Risk & Repeat: McAfee attacks Kaspersky Lab over government ban
Risk & Repeat: Equifax breach attributed to Apache Struts flaw
Risk & Repeat: Equifax's data breach response criticized