Last year, we published a white paper recommending stakeholders improve cybersecurity and foster innovation by drawing upon time-tested principles from sustainability management. The paper observed that transitioning to a sustainable approach to cybersecurity embraces the principles of shared responsibility and collective action, frames business costs associated with improved security as an investment in the internet ecosystem, encourages broad adoption of risk-management practices, and supports consumer engagement.
Last week the General Data Protection Regulation (GDPR) came in to force. We previously shared the view that while the GDPR is not quite right for the United States, there are important aspects that should be incorporated into the ongoing discussion about privacy legislation. This post addresses other aspects of GDPR, which have created some uncertainty around ongoing efforts to improve cybersecurity and support public safety. Two such efforts are cybersecurity information sharing and access to WHOIS data.
Lots and lots and lots of people are talking about the Equifax breach. Many share similar views: this can’t happen again, Equifax should face some economic consequence, consumers need to be better educated, we need legislation, we need regulation. All of which may be valid and reasonable, but few of which will actually happen. Foremost among them, we will have another breach.