It's good to see the City of Columbus dropping the case, partly in response to outcry from the security community back in July. This is another example of shooting the messenger, and the potential for this suit to have a chilling effect on others who'd do likewise in the interest of the public is something governments, agencies, and companies should be working hard to avoid.
Unless organizations have complete confidence in their digital assets, have tight control of configurations, changes and interconnected and interdependent digital systems, they must urgently invest in cyber defense using microsegmentation that can help enterprises deny lateral movement to cyber attackers, ensuring the best possible defense against ransomware. Such investments can help organizations avoid these situations when they are forced to face public scrutiny due to immature legal actions.
The city's lawsuit wasn't primarily about denying the breach, but rather about preventing premature disclosure of sensitive details while investigations were ongoing. Based on public statements, the researcher had expressed clear intentions to share additional information that could have exposed the personal details of individuals more transparently and easily.
Collection
[
|
...
]