Time For Security Major Effort?

I.e. Do we need to make a major research effort to solve all(or most) Cybersecurity problems?

Why?

Because mistakes keep happening:

And these are not small mistakes – they may shift our world underneath us…  As California considers more legislation and Breach reporting requirements, other states may also look into this issue.  At Databreachtoday.com there is a story about how California is proposing new changes to Data breach notification requirements.

The California law is  adding clarification to potential breaches, as before it is not obvious that government issued identification is part of “personal identification”, and any biometric data as well.

The now defined “personal information” includes:

  • Social Security number;
  • Driver’s license number, California identification card number or other government-issued identification number;
  • Account number or credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account;
  • Medical information;
  • Health insurance information;
  • Unique biometric data generated from measurements or technical analysis of human body characteristics, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data;
  • Information or data collected through the use or operation of an automated license plate recognition system.

It is good to get clarification which only means most other states will follow and also enact similar laws.

If you have a breach you are on the clock and will be judged by how fast you can deliver information to your customers or employees about the breach.

 

What is different in California is the privacy law AB375 which is actually referred as “The California Consumer Privacy Act of 2018.”

(1) The right of Californians to know what personal information is being collected about them.
(2) The right of Californians to know whether their personal information is sold or disclosed and to whom.
(3) The right of Californians to say no to the sale of personal information.
(4) The right of Californians to access their personal information.
(5) The right of Californians to equal service and price, even if they exercise their privacy rights.
There are going to be implications for all companies that store data from this law.
So are we now forced to spend a lot more money and to push for much higher Cybersecurity? Yes and no…  of course we will have to focus on Cyber aware policies that pay closer attention to how we use data, but is it truly necessary to spend an inordinate amount of money on Cyber products and people?
I don’t believe so.
We have to learn how to do the basics efficiently.
It is the basics that are not done right… that is the focus and constant improvement we need to focus on. Maybe a new tech is needed, but it will likely not cost an arm and a leg. It should be a Risk-reward analysis that uncovers what is needed from the governance policy and standards.
That is what is needed – proper governance, and reviewing what is really needed. A ‘moonshot’ or silver bullet is not there for us, we don’t have to ask some super agency to create a Cybersecurity ‘Manhattan Project’  that will solve all our problems.  The problems we have will always be there until we address them.
Let’s get after them now…  Contact us to get started.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.