Following the Equifax hack, do we need stricter regulation to prevent data breaches in the future?
Jon Geater, chief technology officer at Thales e-Security, says YES.
Generally, good legislation needs to be backed up by a strong and technically competent enforcement regime. This is sadly lacking when it comes to data protection.
We are now well past the point that we – as a society – can hide behind the “cyber” word, and pretend that computers and data are somehow special and mysterious.
It would be unthinkable to take away building code compliance for buildings, or indeed roadworthiness certification for vehicles. Yet we exist in a world where computers and data are just as integral to the proper functioning of society, in which anyone can play without fear of breaking the rules.
The internet should remain free and open to enable the great benefits and innovation that we can expect of a connected society. But the operating businesses that take advantage of it also have the responsibility to treat both their computer systems and data professionally. Strong IT management, access control, and encryption should be the absolute minimum standard.
Read more: Equifax shares tank as US markets open
Dave Palmer, director of technology at Darktrace, says NO.
No amount of new government regulation is going to stop digital criminal activities. Fundamentally, it is down to businesses to take responsibility for their own security and the protection of their customers’ data.
Businesses need to recognise that it is simply not possible to keep criminals out of a network entirely: attacks are too diverse and fast-changing, and will get in eventually. Instead, organisations need to be prepared to spot in-progress attacks and handle them before they become a crisis. AI-based self-learning technologies now exist to support this, and can even act autonomously to buy human teams time to respond.
New regulations may raise awareness of security and privacy issues with company boards, but the technological landscape and criminal ecosystems change far faster than regulation can hope to keep up with. Resources would be better invested in diplomacy to support the pursuit and prosecution of criminals across international borders, rather than writing regulations affecting victim organisations.