Yesterday the Dutch parliament passed a law stating that organisations now have the obligation to report on severe cyberattacks.
Last week in a dutch newspaper, an article emerged in which an interview was done with the Dutch ex-prosecutor, Aldo Verbruggen. The topic was cybercrime, or better, if reporting cybercrime really would contribute to a better society.
In the article he stated that companies might be better of not reporting cybercrime to the dutch police, as it would damage the company more than it would benefit them. The public might move away from it after possible public shaming, and this might be of greater impact than just not reporting the hack and maybe getting fined for doing that.
His statements are based on the facts that a lot of cybercrime hits from outside of the Netherlands, and so getting the actual offenders prosecuted is virtually impossible, and his opinion that the Dutch government can not convince him of the need and benefits to do the reporting.
This is of course a horrible article to read from the dutch cybercrime fighting government and justice department. They just passed a law that orders any company losing customers- and/or privacy sensitive data to report this to the authorities. If not done in time, or if can't be proven that the company did enough to protect this data, they could be fined up to € 820.000.
The most interesting part for us however, is the solution Aldo Verbruggen proposes to get the society to be more resistant to cybercrime: make use of ethical hackers. He sees the usage of ethical (white-hat) hackers by government and police as the only solution to get the companies and society as protected as possible. The magic words are returning one’s: PPP or Public Private Partnerships.
We as Zerocopter want to help. We facilitate Responsible Disclosure solutions where hackers interact with reporting hackers and create ‘human readable reports’, as well as bug bounty programs using hackers from around the world on a no cure no pay basis. And this works.
Hackers are pretty cool and important people, and in this case a part of the solution on fighting cybercrime. Use them.
Prevent your application(s) from being hacked, start your own researcher program!