Analysis & Opinions - The Conversation
'NotPetya' Ransomware Attack Shows Corporate Social Responsibility Should Include Cybersecurity
Preview
"As the “NotPetya” ransomware attack spreads around the world, it’s making clear how important it is for everyone – and particularly corporations – to take cybersecurity seriously. The companies affected by this malware include power utilities, banks and technology firms. Their customers are now left without power and other crucial services, in part because the companies did not take action and make the investments necessary to better protect themselves from these cyberattacks.
Cybersecurity is becoming another facet of the growing movement demanding corporate social responsibility. This broad effort has already made progress toward getting workers paid a living wage, encouraging companies to operate zero-waste production plants and practice cradle-to-cradle manufacturing – and even getting them to donate products to people in need.
The overall idea is that companies should make corporate decisions that reflect obligations not just to owners and shareholders, customers and employees, but to society at large and the natural environment. As a scholar of cybersecurity law and policy and chair of Indiana University’s new integrated program on cybersecurity risk management, I say it’s time to add cyberspace to that list.
Online security affects everyone
The recent WannaCry ransomware attack affected more than 200,000 computers in 150 nations. The results of the attack made clear that computers whose software is not kept up to date can hurt not only the computers’ owners, but ultimately all internet users. The companies hit by the NotPetya attack didn’t heed that warning, and got caught by an attack using the same vulnerability as WannaCry, because they still haven’t updated their systems.
Some policymakers and managers are taking notice around the world. In the U.S., the Department of Homeland Security, the chief federal agency dealing with cybersecurity, has highlighted businesses’ “shared responsibility” to protect themselves against cyberattacks. Consumers can’t protect their utility services, banking systems or even their personal data on their own, and must depend on companies to handle that security.
Cybersecurity is an effort that not only protects – and even benefits – a company’s bottom line but also contributes to overall corporate and societal sustainability. In addition, by protecting privacy, free expression and the exchange of information, cybersecurity helps support people’s human rights, both online and offline..."
Want to Read More?
The full text of this publication is available via the original publication source.
For more information on this publication:
Please contact
Cyber Project
For Academic Citation:
Shackelford, Scott.“'NotPetya' Ransomware Attack Shows Corporate Social Responsibility Should Include Cybersecurity.” The Conversation, June 27, 2017.
The Author
Scott J. Shackelford
- Affiliate, Cyber Security Project
- Former Research Fellow, Cyber Security Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Video
- SNF Agora Institute
Election 2020 — Securing the Vote
Audio
- Pioneer Institute
Ballot Question 1: Risks & Regulations Regarding Right to Repair
Analysis & Opinions
- Scientific American
The Next Administration Must Get Science and Technology Policy Right
In the Spotlight
Most Viewed
Policy Brief
- Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
Preview
"As the “NotPetya” ransomware attack spreads around the world, it’s making clear how important it is for everyone – and particularly corporations – to take cybersecurity seriously. The companies affected by this malware include power utilities, banks and technology firms. Their customers are now left without power and other crucial services, in part because the companies did not take action and make the investments necessary to better protect themselves from these cyberattacks.
Cybersecurity is becoming another facet of the growing movement demanding corporate social responsibility. This broad effort has already made progress toward getting workers paid a living wage, encouraging companies to operate zero-waste production plants and practice cradle-to-cradle manufacturing – and even getting them to donate products to people in need.
The overall idea is that companies should make corporate decisions that reflect obligations not just to owners and shareholders, customers and employees, but to society at large and the natural environment. As a scholar of cybersecurity law and policy and chair of Indiana University’s new integrated program on cybersecurity risk management, I say it’s time to add cyberspace to that list.
Online security affects everyone
The recent WannaCry ransomware attack affected more than 200,000 computers in 150 nations. The results of the attack made clear that computers whose software is not kept up to date can hurt not only the computers’ owners, but ultimately all internet users. The companies hit by the NotPetya attack didn’t heed that warning, and got caught by an attack using the same vulnerability as WannaCry, because they still haven’t updated their systems.
Some policymakers and managers are taking notice around the world. In the U.S., the Department of Homeland Security, the chief federal agency dealing with cybersecurity, has highlighted businesses’ “shared responsibility” to protect themselves against cyberattacks. Consumers can’t protect their utility services, banking systems or even their personal data on their own, and must depend on companies to handle that security.
Cybersecurity is an effort that not only protects – and even benefits – a company’s bottom line but also contributes to overall corporate and societal sustainability. In addition, by protecting privacy, free expression and the exchange of information, cybersecurity helps support people’s human rights, both online and offline..."
Want to Read More?
The full text of this publication is available via the original publication source.The Author
Scott J. Shackelford
- Affiliate, Cyber Security Project
- Former Research Fellow, Cyber Security Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Video - SNF Agora Institute
Election 2020 — Securing the Vote
Audio - Pioneer Institute
Ballot Question 1: Risks & Regulations Regarding Right to Repair
Analysis & Opinions - Scientific American
The Next Administration Must Get Science and Technology Policy Right
In the Spotlight
Most Viewed
Policy Brief - Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
