Following the news about the next US President Election, IT security experts from Prevoty, InfoArmor, VASCO Data Security and STEALTHbits Technologies commented below.
Julien Bellanger, Co-founder & CEO at Prevoty:
“Improve cyber security compliance controls. Treat cyber security the same way financial controls and reporting are handled with Sarbanes-Oxley for example. Enterprises should not be allowed to check the box of cyber security compliance without their controls being rigorously tested by an independent audit body.
Empower enterprises to better encrypt data. Stop trying to tap into every internet company database or user data data feed for national security reasons as it actually increases the risk for cyber security. Lead by example and invest in modern cyber security to protect government properties and databases.”
Christian Lees, CISO at InfoArmor:
“Protect trans-Atlantic cables that carry most of the world’s data. Work closely with major us service providers, financial, electronic, retail and the users to prevent, detect and respond to cyber-attacks.
Immediately harden critical infrastructure, i.e. power grids and work with US citizens to prepare for a major outage related to critical infrastructure.”
John Gunn, Vice President at VASCO Data Security:
“To strengthen our national security, we need to identify all sensitive data and infrastructure in both the private and public sector that would have high value to our adversaries and then protect it. This will require a much higher level of protection along with close government involvement and oversight. People forget that in 2012, NASA’s Jet Propulsion Labs was breached and the foreign-state hackers could have stolen whatever critical information they wanted. We think of JPL as this cool scientific organization that makes space vehicles fly to far away planets. Our enemies view JPL as a treasure trove of the most advanced technology that can be used create weapons that can strike anyone from anywhere in space. Securing advanced technology that could have a military use against us needs to be accomplished through involvement of government agencies such as the NSA and a much stronger requirement for IT security safeguards.”
Scott Clements, Executive Vice President and Chief Security Officer at VASCO Data Security:
“Put more force behind the National Strategy for Trusted Identities in Cyberspace/NIST standard development including support and adoption by government agencies, followed by regulations that hold organizations accountable if they don’t meet basic security standards of protecting consumer information. Additionally, agencies with antitrust authority need to update their models to more fully recognize that as we are in an “information based” economy, hording or excessive control of user or consumer information is not only insecure, but may be just as anticompetitive as was Standard Oil’s monopolistic behavior of the last century. I’m not suggesting the EU’s mercantilist approach of using antitrust to compensate for a poor competitive position in internet technology, but a reasonable focus on consumer protection that encourages innovation and recognizes zero marginal supply cost of information technology as opposed to the large and growing value of personally identifiable information that companies are failing to effectively protect. Loss of faith in the internet economy will have massive and negative effects on the economic security of the Unites States.”
Brad Bussie, CISSP, Director of Product Management at STEALTHbits Technologies:
“The president should focus on promoting multi-factor authentication to websites and applications for businesses as well as consumers. Breaches continue to grow year over year because of the weaknesses that passwords inherently possess. The technology exists to easily make this concept a reality and most everyone already has the perfect second factor of authentication readily available – a smart phone.
The alarming shortfall of cyber security trained individuals needs to be remediated. The president must mandate outreach to all levels of education focused on cybersecurity. Colleges around the United States need to ramp up and improve programs that offer varied specialties in cyber. Training is essential to our survival in the cyber arms race. The president need to mandate that enterprises enable the entire workforce with on the job training regarding cyber security. Think of this like running fire drills. Everyone knows what to do and where to go in the case of an emergency because they have drilled and practiced several times a year. The same thing needs to happen with cyber security. Companies need to develop programs to keep themselves safe and establish best practices that every employee can follow, regardless of job title. The real key to a successful cyber security program is to expose the entire organization to security on an ongoing basis.”
Mark Wilson, Director of Product Management at STEALTHbits Technologies:
“Consult the technical security community and take the criminal aspect of cyber crime seriously. You can’t address a threat if you don’t appreciate the threat for what it is. Familarize him/herself with the EU General Data Protection Regulation and look to implement a parallel regulation in the US. Also emphasize the importance to US business the importance of readying for the EU enforcement of they wish to use EU citizen data. Conduct public campaigns to make the average person aware of their own responsibilities to protect their own identities and data.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.