Industry Experts Analyze US National Cybersecurity Strategy
Friday, March 3, 2023
The White House has released its National Cybersecurity Strategy, seeking to shift the burden for managing cyber risk from individuals and small businesses to tech companies, while taking a more offensive approach to dealing with threat actors.
Ilia Kolochenko, founder, CEO, ImmuniWeb:
“Even amid the surging cybercrime, shifting the cybersecurity burden to software developers and tech solution providers may seem an unduly harsh move, however, economically speaking it makes perfect sense.
Software vendors will certainly argue that they will be required to raise their prices, eventually harming the end users and innocent consumers. This is, however, comparable to carmakers complaining about “unnecessarily expensive” airbag systems and seatbelts, arguing that each manufacturer should have the freedom to build cars as it sees fit.
Most industries – apart from software – are already comprehensively regulated in most of the developed countries: you cannot just manufacture what you want without a license or without following prescribed safety, quality and reliability standards. Software and SaaS solutions shall be no exception to that.
That being said, overregulation or bureaucracy will certainly be harmful and rather produce a counterproductive effect. The technical scope, timing of implementation and niche-specific requirements for tech vendors will be paramount for the eventual success or failure of the proposed legislation. Unnecessarily burdensome or, contrariwise, formalistic and lenient security requirements will definitely bring more harm than good. Therefore, the new legislation shall derive from the intensive and open collaboration of independent experts coming from industry, academia and specialized organizations to ensure a properly balanced regulation that would consider legitimate interests of all concerned parties.” Read Full Article
Forbes: Why You Should Stop Using LastPass After New Hack Method Update
Security Boulevard: LastPass Devs Were Phished for Credentials