pageview
W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9eq0wvanbnl2jhbm5lci1kzwzhdwx0lmpwzyjdxq

Government should name and shame companies with poor cyber security, say experts

over 1 year ago by Lucy Cinder

Government should name and shame companies with poor cyber security, say experts

W1siziisijiwmtkvmdevmjivmtmvmjivmjavotq3l2n5ymvylxnly3vyaxr5ltm0mda2ntdfmtkymcaomskuanbnil0swyjwiiwidgh1bwiilci3ntb4nduwxijdxq

Academics at King’s College London have called on the government to name and shame companies with poor cyber security.

In a new report published today (22 January), researchers at the university’s cyber security research group argue that consumers deserve greater insight into how firms are protecting their data.

A move to increase transparency around businesses’ cyber defences would force poorly performing companies to improve their protections, leading to a reduction in crime, say the authors.

The intervention comes as the National Cyber Security Centre rolls out out its Active Cyber Defence programme, which has removed thousands of phishing sites, beyond the public sector to all organisations.

“Naming and shaming is an option of last resort, but should not be taken off the table,” said Tim Stevens, convenor of the Cyber Security Research Group at King’s. “ACD’s ambition is to incentivise firms to improve cybersecurity by demonstrating its inherent value to them and their customers.”

“A relatively minimal investment in ACD may raise the bar of cybersecurity across the private sector, but some firms will inevitably be left behind,” he added. “For those unable to invest, guidance and advice will be available from NCSC and others. Those unwilling to invest may find that people move their custom elsewhere. Those that harbour cybercriminality may find themselves identified publicly, as presently happens anyway.”

The academics acknowledge that a move to sign up private sector organisations to government technology such as ACD, which scans sites for vulnerabilities, may raise privacy concerns, but says they could be allayed if regulators were responsible for managing the rollout.

source newstatesman
 
Industry: Cyber Security News
Blank

Latest Jobs