Transparency: Operation Aurora

Google and Adobe garnered praise from many information security professionals recently after admitting their systems had been compromised.

Such transparency is commendable because it could prompt other companies to become more secure, said Patrik Runald, senior manager of security research at web security firm Websense. The fact that Google admitted it was a target, was a significant step, Runald said.

“If nothing else, I think it will help going forward because people will look at their own security and look at what they can do to protect themselves,” he said.

“Transparency for our customers and partners was a key factor in Adobe's decision to go public with the information,” said Wiebke Lips, a spokesperson at Adobe. “This incident demonstrates the increased sophistication in today's malware design and attack strategies. It also serves as a reminder of the importance of multiple layers of security and the need to follow security best practices.”

“I'm all for as much transparency as possible,” Wysopal said. “When companies learn details and fix their own network, everyone else can benefit from that knowledge too.”

But public admission of attacks is rare, he said. Similar disclosures probably won't become more commonplace in the future because going public about such incidents could lead to a loss of trust from customers and business partners.

“There's a stigma that when you're attacked, you did something wrong,” Wysopal said. “In the physical world, if your store is broken into and burglarized, people don't keep that a secret. For some reason, it's different with cybersecurity.”

Victimized organizations could, however, contribte to the cybersecurity community by providing information anonymously through a third-party forensic company, he said.