Last week, The New York Times published an article by Marc Maiffret, an ex-hacker turned cyber security expert. Maiffret’s article criticizes the private sector for not acting to improve the nation’s cyber security more aggressively.
As hacking used to be a way for computer enthusiasts to explore systems and occasionally serve as a medium for activism, it is now a dangerous tool for cybercrime and national attacks. On a daily basis, the systems of universities, health care providers and even mainstream news sources are manipulated by hackers and sensitive data is exposed. Although these crimes are recognized, not much is done to punish cyber criminals—or more importantly, not much is done to secure the software that allowed these attacks to occur. In his article, Maiffret makes the point that, “too much of the debate begins and ends with the perpetrators and victims of cyber attacks, and not enough is focused on the real problem: the insecure software or technology that allows such attacks to succeed.”
Several well known and high profile software companies published products that turned out to have significant security flaws. Of course, one never knows for sure before a release whether there is any security flaw that can be used by cyber criminals. However, it is of greatest importance that those security flaws that become public are quickly fixed. Thus, software companies should take care of an agile patch management.
In order for systems to be completely secure, the private sector must design products with security at the forefront. However, Maiffret explains that many large companies are not focused on creating completely secured software as they are not liable for losses resulting from the software’s flaws. Instead, the private sector is more motivated to create products that are competitive and offer the latest features that consumers and businesses seek.
The government should consider setting standards for software products. We, here at HOB, suggest the following government requirements to improve security in the private sector:
Create security standards and require companies in the private sector to pass this criteria before making their product available to the public
Create a guide that helps consumers become aware of security vulnerabilities and allows them to make better cyber-risk based decisions
Assign letter grades to security products that depend on the level of security they maintain
Force private sector companies to hold a certain level of liability for cyber attacks that occurred from holes in their program
Readers, how do you feel about cyber security in regards to the private sector? What do you suggest to improve security in the private sector? Please share in the comments below.
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here