Cyber risk takes many forms. One that often is glossed over is the risk that comes from making dangerous assumptions about your systems’ vulnerabilities. After all, it isn’t necessary to firewall and pen test that HVAC system, right?
At the Federal Trade Commission’s hearings on data security, held in December 2018, the risks of those kinds of assumptions were one of the critical topics debated by the panel on data security assessments. Malcolm Harkins, Chief Security and Trust Officer for Cylance, sat on that panel with a team of experts from the cybersecurity, finance, insurance and accounting industries.
“Does the compliance regime get us to the right outcome to protect the business, protect its customers and protect society? And if the answer to that is “no,” we should be rethinking that compliance regime.”
- Malcolm Harkins
In Part 1 of our two-part discussion for the Government Technology Insider podcast, Harkins addressed several key issues surrounding security assessments, including the economics of security and the ins-and-outs of cyber insurance. This time, he shared insights on FTC-required assessments, the agency’s role in law enforcement, and the way forward for the FTC and industry.
Listen to Part 2 here
and be sure to check out Part 1 for more of Malcolm’s insights on the FTC hearings.