Good afternoon and welcome back to another post from ToBeSecured. I haven't had a change to do a deep dive into a specific topic I would like to discuss today, but I needed to write to get my mind off of cloud computing for a while. Today, i'd just like to discuss an article I read about the US not taking privacy and security as seriously as it should. This post may include information I have already discussed in a previous post but I find it good to be refreshed on certain topics and reasoning behind things.
The title of the article is Will the Us ever get serious about security and privacy? To answer this question, this country is always the last to become serious about anything in all honesty. Privacy and security just adds to the list. There are some states that have their own privacy laws outlines such as California and then there are others that do not. As the "united states" we should all be on one accord, meaning if California has privacy laws, then all states should have privacy laws....hinting at the US constitution. Yes, privacy can fall under the fourth amendment where it outlines search and seizure, but is it outlined as an actual amendment? No. In Europe, privacy is considered to be a human right, as it should be. It appears that our isolated approach is continuing to fail and is hurting us.
Another issue hurting our ability to secure user data are the mostly unknown data brokers. We know that data brokers have free reign in the US because profits appear to mean more to Congress than our privacy. Our lobbyists often come from the government and go on to work for corporations, including data brokers who fund congressional elections. This gives them power to manipulate our government and its laws. This industry knows everything about all of us and sells it. And with our mixed bag of State and Federal laws, there is little to no consistency or standards that we as a nation can comply with.
Every computer in the world now has the ability to connect to any other computer in the world. How many targets are there? Add IoT, the Internet of Things, and cyber criminals can not only spy on your baby monitor and home security system but also compromise your bank account and much more. How many devices are on the internet today? According to Internet World Stats, 4,510,054,272 as of August 25, 2019. According to Privacyrights.org, the total number of records breached since 2005 is 11,600,939,373.
We know where we’ve been, and we know where we are: still in reactive mode with no uniform or comprehensive laws that address security and privacy for all business sectors across our nation. Why have we made minimal progress lately? Because Congress is too busy fighting itself. It’s time for our country to stop the unjust politics. This behavior is so wasteful and unproductive. While the endless fighting and division continues, cyber criminals who don’t work in silos are all too happy to continue to exploit our banks, medical records, military secrets and intellectual property.
Google, which has already paid security researchers over $15 million since launching its bug bounty program in 2010, increased bug bounties across the Chrome Vulnerability Reward Program and the Google Play Security Reward Program. Bug bounty programs are a great complement to existing internal security programs. They help motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will.
We must acknowledge the risk of doing business online and prioritize the risk by industry. We need to provide logical solutions that manage this risk by including industry executives and cyber-security experts.
We need uniform state and federal laws and security frameworks that everyone must adopt. We can’t have some states or corporations doing nothing while others spend large amounts of money addressing this issue. Some industries are regulated, and others are simply ignored or are able to have inadequate security in place.
There needs to be consistent and inclusive mandatory security and privacy laws and corresponding compliance frameworks to meet them. We also need to work with the European Union and adopt GDPR (General Data Protection Regulation). Even if we don’t address data privacy in the Constitution, it should still be a human right – especially in the digital age.
Will the US move in a different direction from the standard one they've been on? Or will people continue to be imperceptive to privacy laws and how we can help to implement them into today's digital era?
If you would like to discuss further, please leave a comment or ask a question. I'd love to chat with my readers and hear your thoughts. Thank you for dropping in and remember ToBeSecured!
Comments