[BreachExchange] Penalise companies for failing to protect data: Huawei

Tue Nov 28 18:49:44 EST 2017

https://news.webindia123.com/news/articles/Business/20171127/3223587.html

With a viable and immediate solution to the growing problem of data breach
eluding the international community for years, governments the world over
should consider instituting a system of incentives and disincentives
whereby companies failing to protect personal data could be penalised,
suggests Chinese technology giant Huawei's global head of cybersecurity
John Suffolk.

"There is no magic solution for cybersecurity, but the governments can
start by putting in place a system to entourage companies that do a good
job in protecting personal data of users and penalise those found wanting
in doing their job," Suffolk, President of Cybersecurity and Privacy at
Huawei, told IANS in an interview here.

The latest report of a massive data breach came from the ride-hailing
platform Uber, which disclosed this month that the breach that occurred
almost a year earlier affected 57 million customers and drivers.

And Uber is not alone in that league.

Earlier, US-based credit reporting agency Equifax announced that hackers
had gained access to the company's data, potentially impacting
approximately 143 million consumers. A hacking attack dating back to 2013
reportedly affected three billion of Yahoo's user accounts.

The 2012 LinkedIn breach, in which millions of passwords were stolen, will
also be fresh in the memory of many. And the list, on which no one wants to
be, could go on.

If heads do not roll and businesses run as usual, even after losing records
of millions of people, how can we expect enhanced protection of data in the
future, Suffolk asked.

"I think one of the gaps that we have at the moment is that we have not
really worked on the incentives and disincentives to get the basics of
cybersecurity done," he added.

Finding a practical solution to the threats posed to the cyber space has
become all the more urgent in view of the increased digitisation process
currently underway in many parts of the world, including India, according
to Suffolk, who served as the UK Government CIO and CISO from 2006 to 2011,
before joining Huawei.

"The world, including India, rightly wants to digitise much of the public
service and use technology to drive growth and innovation. While everybody
is using technology to rebuild their economy, there also arises the need to
protect the data and services," Suffolk said.

"The importance of privacy and cybersecurity increases as an economy relies
on digitial technology," said Suffolk, who was in India for the
just-concluded fifth edition of the Global Conference on Cyber Space (GCCS)
here.

Data breach is a major concern because it can be used for illegal purposes.
With personal data available at their disposal, criminals could use it for
extracting money or applying for a bank loan in someone else's name.

Ensuring cybersecurity, according to Suffolk, comes down to getting the
basics right every day.

"Many people many not find this exciting, but it is also very important. In
the case of Equifax, for example, they did not do the patching, something
which is basic cybersecurity," he pointed out.

"What I have to do to secure your phone may be different from what I have
to do to secure telecommunication infrastructure, or for that matter a
cloud infrastructure. There are differences in terms of scale, but the
basics are similar," Suffolk said, adding that putting in place just four
simple controls can prevent 80 per cent of the attacks.

The governments should give incentives to those who do a good job at
protecting data, he added.

Suffolk, however, did not discount the importance of global collaboration,
which was the focus of discussions at GCCS 2017, for ensuring cybersecurity.

Because the world is becoming more and more reliant on digitisation, global
network and global supply chains, Suffolk believes, every country has the
responsibility to keep that inter-connected world up and running in a safe
and secure way.

"It would be worthwhile to have real action-oriented statements of intents
on a code of conduct on cybersecurity from leaders across the world. It may
not be possible to declare every norm in one statement. But there should be
a gradual progress forward in evolving such a mechanism on cybersecurity,"
he added.

"Creating awareness among the people on how to use the digital platforms
safely is also important for the governments. Teaching people how the
crooks work is very significant because everybody may not be an expert,"
Suffolk said.

He said that Huawei, which works on a range of areas, from chip
manufacturing to cloud computing to telecommunications to device
management, has a "built-in" approach, not an add-on approach, when it
comes to security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171128/234e3c59/attachment.html>