With the federal government shoring up defenses against cybercrime, the conversation about your role in data security is changing ― here’s what you need to know.
The need for improved cybersecurity to protect the critical infrastructure we all rely on isn’t new. What is new is that the Biden administration’s update to the National Cybersecurity Strategy is poised to shift the consequences for data breaches away from end users.
In its introduction, the strategy references the ever-growing value and collective insecurity that comes from our dependence on complex software and systems. It also states that the “widespread introduction of artificial intelligence systems ― which can act in ways unexpected to even their own creators ― is heightening the complexity and risk associated with many of our most important technological systems.”
As a recent article from Ars Technica states, “The document also reclassifies ransomware as a national security threat, whereas previously, it was seen as a criminal threat.” With this significant change in classification, it’s important to note that cybercriminals aren’t the only ones who might face more serious consequences for disruptions; companies in the private sector should prepare to accept increased liability for data breaches and misuse of their products.
Strategic Objective 3.3 in the National Cybersecurity Strategy notes that software developers have market leverage that enables them to disregard best practices and known vulnerabilities, while fully disclaiming liability in their contracts. As a result, the administration intends to “work with Congress and the private sector to develop legislation establishing liability for software products and services. Any such legislation should prevent manufacturers and software publishers with market power from fully disclaiming liability by contract, and establish higher standards of care for software in specific high-risk scenarios.”
Widespread changes to legislation will take time, but the shift in tone from the federal branch highlights the growing need to adapt and prioritize data security ― setting your company up for resilience as tides turn in the digital ecosystem. For many decision-makers across industries, risks are often ignored for the sake of saving on the cost of ongoing website modernization.
In industries that are already more regulated ― real estate, healthcare, and fintech, to name a few ― something as simple as outdated software can quickly turn into a costly compliance issue. Oversights like this tend to have a snowball effect, and a poorly-timed audit can result in hefty fines that could sink your organization.
Last year more than 500 e-commerce sites fell prey to card-skimming malware attacks that, according to Sansec researchers, utilized a known weakness in Magento 1’s Quickview plugin to run malicious code directly on the server and left as many as 19 back doors in the code. Even when frequent updates are released to address risks, there are always some users who continue running the outdated software, leaving customer data open to repeat attacks from hackers.
An independent software audit is a good way to identify weak spots in the systems you already use and develop a strategy to address them.
Educate your staff. When your team is regularly kept up to date ― and tested ― on cybersecurity best practices, they become a crucial asset in protecting the health of your organization.
Commit to the ethical use of customer data. By clearly defining who owns the data you use, ensuring your practices are transparent, and fiercely protecting customer privacy with well-documented procedures, you become a better steward of the digital ecosystem and set your company up for long-term success. Review and update your privacy policy to make these commitments transparent to your clients.