I am one of the many that have had my bank account compromised and money missing from my account. A lot of people talk and focus about Best Practices and training in buisness to stem and reduce the tide of cyber crime. What we are sorely lacking is the concept of culpability.
In our judicial system, we don't prosecute cyber crime to the extent we should. The fear that the non-criminal element have is the fact that if we get caught, we go to jail or loose out business. The criminal element thinks little of our system and even revels in the fact they won't get caught. The companies that don't take the measures they need to be safe can be included in partial culpability to the crime. They are enabling a crime to be committed, so why not make them partially responsible? Do you think a company like TJX would tighten up the security if there was a possibility of the government divesting or eliminating the company?
Every company can button up, tighten up and be impervious to every attack known. Then the unknown hits. Information is compromised. Then the rhetoric begins about Best Practices and everyone doing their part in the "security of the whole" all over again.
Until we get the help of the federal authorities to voraciously hunt down, prosecute and *punish* the criminal element, we are all stuck in a vicious place where lawlessness is not going away anytime soon. All of the Best Practices and security might help in the short run, but we need to start to really focusing on corporate responsibility and appropriately punishing the offenders.