The Daily Decrypt
Secure Cyberspace: Liability Framework and Accountability
Loading
/

In today’s episode, the discussion revolves around the efficacy of password protection methods, contrasting software and hardware encryption for data security. While software encryption comes with convenience, it can be prone to attack methods like brute force, making hardware-encrypted drives a more secure choice, especially for sensitive data protection. Additionally, insights are shared on the Biden administration’s plans to hold the software industry accountable for insecure software, focusing on creating incentives for cybersecurity investment. Furthermore, Microsoft’s recent cybersecurity overhaul showcases a shift towards prioritizing security over new features, highlighting the importance of executive accountability and incentive structures for ensuring robust security practices.

https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/, https://www.cybersecuritydive.com/news/white-house-software-accountable-security/715797/, https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/

Search Phrases:

  1. data theft prevention methods
  2. cybersecurity measures for data protection
  3. Biden administration liability framework software industry
  4. Microsoft cybersecurity initiative executives
  5. software liability framework impact on industry
  6. cybersecurity governance model Microsoft executives compensation

[00:00:00] Passwords versus encryption. How can individuals and businesses prevent data theft and hacking through proper encryption methods beyond simple password protection.

 The Biden administration seeks to establish a liability framework to hold the software industry accountable for insecure software and an effort to shift the security burden away from users and onto the industry. What measures are being taken by federal officials to incentivize longterm investment in cybersecurity through a software liability framework. And how will this shift impact the industry and consumers?

 Microsoft is leading a new cybersecurity initiative with the compensation for senior executives being linked to security standards, fostering a company wide security first approach that emphasizes accountability.

How has Microsoft revamped its cybersecurity governance model. And why is this [00:01:00] tying executive compensation to security? Promoting a stronger focus on cyber security within the company. You’re listening to the daily decrypt.

 Password protection versus encryption. This is an interesting article from health net security titled how secure is the password protection? On your files and drives it. Discusses.

While password protection may be, can be lenient. It can be easily circumvented making it vulnerable to hacking attempts.

In some instances, password protection does use a form of encryption, and we’re going to discuss a couple of different types of encryption in that software encryption and hardware encryption. And we’ll go have a little bit of the differences there.

Software encryption is a way of protecting information on computers and systems online by turning readable data like texts in a document or a message into a scrambled unreadable format.

Imagine you have a letter that you want to send securely, you put it in a box and lock it with a key. You [00:02:00] send the locked box and the recipient uses a copy of the key to open it and read the letter. And software encryption. The box is the encryption technology and the letter is your data.

Many office applications. Do you offer software encryption to protect files? However software encryption has security drawbacks, such as being susceptible to brute force attacks and relying on a single point of failure, like a user’s password or encryption keys.

Hardware encryption. Is similar to software encryption in that it protects data by converting it into a scrambled unreadable format. However, instead of using software to perform this process, hardware encryption relies on a physical device, such as a specialized chip on a hard drive or a USB flash drive to handle the encryption.

Think of hardware, encryption like a safe, where you store your valuable documents. The safe has a built-in lock that automatically locks the documents inside. When you close the door, that’s the encryption chip being the lock and the documents and side being encrypted when the [00:03:00] door’s closed. Only with the right key or combination.

Can you open the safe and access the documents in a readable form that key or combination in this example is the encryption key.

Hardware encrypted drives are designed to resist attacks and have added protections against physical tampering and are portable allowing users to securely transport data outside of the office.

They also offer a superior data of recovery capabilities. Crucial in the face of Verizon ransomware attacks.

Something to consider with all of this is do the devices that you interact with on a regular basis offer any of this protection.

Apple does offer hardware encryption, and it is enabled by default on iOS devices. Once you set up the passcode. This means that the data is automatically encrypted in the key is protected by a service called secure enclave.

Yeah. On the Android side, many devices do support hardware encryption through a dedicated platform like [00:04:00] trusted execution environment. As far as defaults. Newer Android devices that are running Android six oh or later that’s marshmallow. Encryption is enabled by default. For devices, that’s it isn’t enabled by default users can typically enable it manually through the security settings. And then on the windows side, Many modern devices, especially those that come with windows 10 or 11 hardware encryption is often enabled by default.

If the hardware supports it. This is typically managed through a service called BitLocker it’s windows encryption feature, which we’ll use hardware encryption automatically. If a trusted platform module is present and configured correctly.

Password protection does offer basic security. Hardware encryption is definitely the way to go.

Luckily software vendors are getting better at enabling these features by default. So it’s something that a lot of users don’t have to worry about.

[00:05:00]

The white house wants to hold the software sector accountable for security. This article from cybersecurity dive covers the Biden’s administration. And their plan on establishing a liability framework, which will hold the software industry accountable for insecure software. This is aiming to shift the security burden away from users to the industry. Like I said, vendors are getting better at enabling more secured. Options by default.

And this is really just in line with that.

The objective is not to open up the software industry to lawsuits, but to secure investments in secure software development. The administration seeks to create incentives for long-term investment in cybersecurity and resilience.

A symposium of on software liability was hosted by the white house in March, engaging legal scholars, think tank representatives in top administration officials. Currently software license agreements, shield companies from lawsuits [00:06:00] through limitations of liability and disclaimers. According to James Dempsey from Stanford university.

The office of the national cyber director, O N C D included the pursuit of software liability in its cybersecurity posture report, emphasizing the importance of secure software development practices. A group of 68 technology and security firms committed to a security pledge from SISA focusing on practices like multi-factor authentication and vulnerability, disclosure, transparency. The FBI and SISA recently urged tech manufacturers to address directory traversal vulnerabilities in their applications to prevent exploitation by malicious actors.

This is really cool.

Directory traversal can lead to a lot of data exposure, especially across multiple users and companies. Brian Fox co-founder and CTO of Sona type advocates for a long overdue liability regime in the software industry. Emphasizing the need for government [00:07:00] intervention to address market failure.

This effort by the bottom. The administration is. Nice step in the right direction in the way that software security is approached. Striving to foster, a more secure digital landscape for all users by holding the industry accountable for the security of their offerings. Keep an eye on how this policy evolves as it could establish a new benchmark for software security and industry accountability.

Microsoft’s secure future initiative. This article come from the cybersecurity dive where officials see a real change in Microsoft security plans, financial accountability. So Microsoft has a launched, a comprehensive cyber security revamp, including restructuring its governance model and emphasizing security over new features.

Reminiscent of bill gates, 2002 trustworthy computing initiative. The initiative includes a direct link between security and executive [00:08:00] compensation, symbolizing, a prioritization of security within the company and potentially driving customer confidence. Cybersecurity experts like Jen easterly and Chris Krebs, praise Microsoft’s initiative, highlighting the importance of executive accountability and compensation, linked pressures and driving a security first approach throughout the company. Microsoft faces significant pressure to enhance its security posture.

Following recent high profile attacks, including a China affiliated threat group, compromising Microsoft exchange accounts and emails of senior us officials

Microsoft is intensifying its efforts to instill a security first mindset across all its teams with each team. Having designated individuals accountable for ensuring robust security practices are in place. The strategy emphasizes the importance of integrating security considerations into every aspect of the development process. Reinforcing the company’s commitment to leading by example in cyber [00:09:00] security. I really like this. I hope that more companies follow suit with this, it does sound a little fluffy.

I think it is a great approach. Keeping executives financially tied to this decisions that they make in regards to cybersecurity will hopefully just bolster cybersecurity as a whole.

This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don’t forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.