One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8309678 |
| Date de publication | 2023-02-13 12:01:11 (vue: 2023-02-13 18:07:08) |
| Titre | The US Government says companies should take more responsibility for cyberattacks. We agree. |
| Texte | Posted by Kent Walker, President, Global Affairs & Chief Legal Officer, Google & Alphabet and Royal Hansen, Vice President of Engineering for Privacy, Safety, and Security Should companies be responsible for cyberattacks? The U.S. government thinks so – and frankly, we agree. Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security planted a flag in the sand: “The incentives for developing and selling technology have eclipsed customer safety in importance. […] Americans…have unwittingly come to accept that it is normal for new software and devices to be indefensible by design. They accept products that are released to market with dozens, hundreds, or even thousands of defects. They accept that the cybersecurity burden falls disproportionately on consumers and small organizations, which are often least aware of the threat and least capable of protecting themselves.”We think they're right. It's time for companies to step up on their own and work with governments to help fix a flawed ecosystem. Just look at the growing threat of ransomware, where bad actors lock up organizations' systems and demand payment or ransom to restore access. Ransomware affects every industry, in every corner of the globe – and it thrives on pre-existing vulnerabilities: insecure software, indefensible architectures, and inadequate security investment. Remember that sophisticated ransomware operators have bosses and budgets too. They increase their return on investment by exploiting outdated and insecure technology systems that are too hard to defend. Alarmingly, the most significant source of compromise is through exploitation of known vulnerabilities, holes sometimes left unpatched for years. While law enforcement works to bring ransomware operators to justice, this merely treats the symptoms of the problem. Treating the root causes will require addressing the underlying sources of digital vulnerabilities. As Easterly and Goldstein rightly point out, “secure by default” and “secure by design” should be table stakes. The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers. Safety should be fundamental: built-in, enabled out of the box, and not added on as an afterthought. In other words, we need secure products, not security products. That's why Google has worked to build security in – often making it invisible – to our users. Many of our most significant security features, including innovations like SafeBrowsing, do their best work behind the scenes for our core consumer products. There's come to be an unfortunate belief that security features are cumbersome and hurt user experience. That can be true – but it doesn't need to be. We can make the safe path the easiest, most helpful path for people using our products. Our approach to multi-factor authentication – one of the most important controls to defend against phishing attacks – provides a great example. Since 2021, we've turned on 2-Step Verification (2SV) by default for hundreds of millions of people to add an additional layer of security across their online accounts. If we had simply announced 2SV as an available option for people to enroll in, it would have failed like so many other security add-ons. Instead, we pioneered an approach using in-app notifications that was so seamless and integrated, many of the millions of people we auto-enrolled never noticed they adopted 2SV. We've taken this approach even further by build |
| Envoyé | Oui |
| Condensat | 2021 2sv about accept access account accounts across action actively actors add added additional address addressing adopted adopting advanced affairs affects after afterthought again against agencies agency agree alarmingly all alphabet also always american americans…have announced app apply approach approaches architectures are attackers attacks authentication auto available avoid aware bad balancing bang baseline basic basics behind belief benchmark best better between bodies borders bosses bottom box bring broad buck budgets build building built burden business but calls can capable case causes chains challenge chief choice classes close cloud collaboration collective come coming companies company completely compromise conflicting consumer consumers contributing controls cooperation coordination core corner countries course covering cross cumbersome customer cut cyber cyberattacks cybersecurity day decade decades deeply default default” defects defend define demand demands department depends deserve design design: design” detailed developers developing development device devices digital digitized disproportionately do: doesn dozens easier easiest easterly easy eclipsed ecosystem egregious eliminate employ enabled enforce enforcement engineering enormous enroll enrolled ensure ensuring enterprise entire eric essential even every everyone example existing experience exploitation exploiting face fact factor factor” failed falls far features fix fixing flag flawed flaws focus form framework frankly from fundamental: further general given giving global globally globe goldstein google government governments great ground growing had hansen hard harder has have help helpful here: holding holds holes homeland hour how however hundreds hurt importance important improve inadequate incentives incident including increase increasingly indefensible industry infrastructure initiatives innovations insecure instead integrated integrity interdependent international investment investments invisible isn its jen just justice keep kent known languages law layer learned learnings least left legal like likely line: link lock look lot made make makes making many market means memory merely millions model modern more most multi must nations nature need never new normal not noticed notifications offers officer often one online only ons onslaught operational operators option organizations other out outdated own part partners past paste path payment people perhaps persistent phishing phones piece pioneered planted point policies posted pre president principles privacy private problem process products promise promote protecting provides public purpose puzzle raising range ransom ransomware reactive recent reengineering regulatory released rely remember require requirements resilience resources response responsibility responsible restore return right rightly risks root royal safe safebrowsing safety same sand: says scale scenes seamless sector secure securing security selling services sharing shift should significant significantly simple simply since slsa small software solution solutions solve sometimes soon sophisticated source sources sport stage stakes standards start step steps stop strong strongest supply symptoms systems table take taken takes team tech technologically technologies technology than that them themselves there these they thing think thinks those thousands threat threats thrives through time too treating treats true trust turned two underlying unfortunate unintentionally unpatched unwittingly upstream use user users users: using usual valuable verification vice view: vulnerabilities vulnerabilities: walker weakest well where which why wider will withstand won words work worked works world would write years “americans “second “secure “the ”we |
| Tags | Ransomware Threat |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.