Following the news about the next US President Election, IT security experts from Prevoty, InfoArmor, VASCO Data Security and STEALTHbits Technologies commented below.
“Improve cyber security compliance controls. Treat cyber security the same way financial controls and reporting are handled with Sarbanes-Oxley for example. Enterprises should not be allowed to check the box of cyber security compliance without their controls being rigorously tested by an independent audit body.
Empower enterprises to better encrypt data. Stop trying to tap into every internet company database or user data data feed for national security reasons as it actually increases the risk for cyber security. Lead by example and invest in modern cyber security to protect government properties and databases.”
“Protect trans-Atlantic cables that carry most of the world’s data. Work closely with major us service providers, financial, electronic, retail and the users to prevent, detect and respond to cyber-attacks.
Immediately harden critical infrastructure, i.e. power grids and work with US citizens to prepare for a major outage related to critical infrastructure.”
“To strengthen our national security, we need to identify all sensitive data and infrastructure in both the private and public sector that would have high value to our adversaries and then protect it. This will require a much higher level of protection along with close government involvement and oversight. People forget that in 2012, NASA’s Jet Propulsion Labs was breached and the foreign-state hackers could have stolen whatever critical information they wanted. We think of JPL as this cool scientific organization that makes space vehicles fly to far away planets. Our enemies view JPL as a treasure trove of the most advanced technology that can be used create weapons that can strike anyone from anywhere in space. Securing advanced technology that could have a military use against us needs to be accomplished through involvement of government agencies such as the NSA and a much stronger requirement for IT security safeguards.”
Scott Clements, Executive Vice President and Chief Security Officer at VASCO Data Security:
“Put more force behind the National Strategy for Trusted Identities in Cyberspace/NIST standard development including support and adoption by government agencies, followed by regulations that hold organizations accountable if they don’t meet basic security standards of protecting consumer information. Additionally, agencies with antitrust authority need to update their models to more fully recognize that as we are in an “information based” economy, hording or excessive control of user or consumer information is not only insecure, but may be just as anticompetitive as was Standard Oil’s monopolistic behavior of the last century. I’m not suggesting the EU’s mercantilist approach of using antitrust to compensate for a poor competitive position in internet technology, but a reasonable focus on consumer protection that encourages innovation and recognizes zero marginal supply cost of information technology as opposed to the large and growing value of personally identifiable information that companies are failing to effectively protect. Loss of faith in the internet economy will have massive and negative effects on the economic security of the Unites States.”
“The president should focus on promoting multi-factor authentication to websites and applications for businesses as well as consumers. Breaches continue to grow year over year because of the weaknesses that passwords inherently possess. The technology exists to easily make this concept a reality and most everyone already has the perfect second factor of authentication readily available – a smart phone.
The alarming shortfall of cyber security trained individuals needs to be remediated. The president must mandate outreach to all levels of education focused on cybersecurity. Colleges around the United States need to ramp up and improve programs that offer varied specialties in cyber. Training is essential to our survival in the cyber arms race. The president need to mandate that enterprises enable the entire workforce with on the job training regarding cyber security. Think of this like running fire drills. Everyone knows what to do and where to go in the case of an emergency because they have drilled and practiced several times a year. The same thing needs to happen with cyber security. Companies need to develop programs to keep themselves safe and establish best practices that every employee can follow, regardless of job title. The real key to a successful cyber security program is to expose the entire organization to security on an ongoing basis.”
“Consult the technical security community and take the criminal aspect of cyber crime seriously. You can’t address a threat if you don’t appreciate the threat for what it is. Familarize him/herself with the EU General Data Protection Regulation and look to implement a parallel regulation in the US. Also emphasize the importance to US business the importance of readying for the EU enforcement of they wish to use EU citizen data. Conduct public campaigns to make the average person aware of their own responsibilities to protect their own identities and data.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.