With a viable and immediate solution to the growing problem of data breach eluding the international community for years, governments the world over should consider instituting a system of incentives and disincentives whereby companies failing to protect personal data could be penalised, suggests Chinese technology giant Huawei’s global head of cybersecurity John Suffolk. “There is no magic solution for cybersecurity, but the governments can start by putting in place a system to entourage companies that do a good job in protecting personal data of users and penalise those found wanting in doing their job,” Suffolk, President of Cybersecurity and Privacy at Huawei, told IANS in an interview here. The latest report of a massive data breach came from the ride-hailing platform Uber, which disclosed this month that the breach that occurred almost a year earlier affected 57 million customers and drivers. And Uber is not alone in that league.
Earlier, US-based credit reporting agency Equifax announced that hackers had gained access to the company’s data, potentially impacting approximately 143 million consumers. A hacking attack dating back to 2013 reportedly affected three billion of Yahoo’s user accounts. The 2012 LinkedIn breach, in which millions of passwords were stolen, will also be fresh in the memory of many. And the list, on which no one wants to be, could go on. If heads do not roll and businesses run as usual, even after losing records of millions of people, how can we expect enhanced protection of data in the future, Suffolk asked. “I think one of the gaps that we have at the moment is that we have not really worked on the incentives and disincentives to get the basics of cybersecurity done,” he added.
Finding a practical solution to the threats posed to the cyber space has become all the more urgent in view of the increased digitisation process currently underway in many parts of the world, including India, according to Suffolk, who served as the UK Government CIO and CISO from 2006 to 2011, before joining Huawei. “The world, including India, rightly wants to digitise much of the public service and use technology to drive growth and innovation. While everybody is using technology to rebuild their economy, there also arises the need to protect the data and services,” Suffolk said. “The importance of privacy and cybersecurity increases as an economy relies on digitial technology,” said Suffolk, who was in India for the just-concluded fifth edition of the Global Conference on Cyber Space (GCCS) here.
Data breach is a major concern because it can be used for illegal purposes. With personal data available at their disposal, criminals could use it for extracting money or applying for a bank loan in someone else’s name. Ensuring cybersecurity, according to Suffolk, comes down to getting the basics right every day. “Many people many not find this exciting, but it is also very important. In the case of Equifax, for example, they did not do the patching, something which is basic cybersecurity,” he pointed out. “What I have to do to secure your phone may be different from what I have to do to secure telecommunication infrastructure, or for that matter a cloud infrastructure. There are differences in terms of scale, but the basics are similar,” Suffolk said, adding that putting in place just four simple controls can prevent 80 per cent of the attacks.
The governments should give incentives to those who do a good job at protecting data, he added. Suffolk, however, did not discount the importance of global collaboration, which was the focus of discussions at GCCS 2017, for ensuring cybersecurity. Because the world is becoming more and more reliant on digitisation, global network and global supply chains, Suffolk believes, every country has the responsibility to keep that inter-connected world up and running in a safe and secure way. “It would be worthwhile to have real action-oriented statements of intents on a code of conduct on cybersecurity from leaders across the world. It may not be possible to declare every norm in one statement. But there should be a gradual progress forward in evolving such a mechanism on cybersecurity,” he added.
“Creating awareness among the people on how to use the digital platforms safely is also important for the governments. Teaching people how the crooks work is very significant because everybody may not be an expert,” Suffolk said. He said that Huawei, which works on a range of areas, from chip manufacturing to cloud computing to telecommunications to device management, has a “built-in” approach, not an add-on approach, when it comes to security.