Prioritizing Consumer Security: A Comparison

GDPR is steadily approaching.  It is only a few months now until the EU’s General Data Protection Regulation comes into final effect, and European firms have continued a strong investment in data protection and data loss prevention (DLP).  Both have been among top priorities for organizations; according to a Computer Weekly and TechTarget IT Priorities survey, 55% plan to implement DLP strategies, signaling the gravity that the incoming regulations have impressed across the continent.

Similarly, encryption efforts are also ramping up as protection of data at rest and in transit becomes a greater key focus.

A slight philosophical divide, however, seems to exist between the UK and other European nations.  Rather than prioritizing these areas of security (DLP dropped from first place to seventh in 2017), UK firms are highly concentrating their investments on employee training.  While 43% of European organizations plan increases here, it’s 46% in the UK.  The importance of the human factor in cybersecurity has long been a point of emphasis.  In numerous types of intrusion attempts, such as the common spearphishing attack, users are a first line of defense.  Unfortunately, insufficient training often leaves employees ill-equipped to differentiate between legitimate and scam emails, which ultimately allows hackers a foothold in the network.

Surprisingly, Internet of Things security investment looks to decrease for European firms, although here, too, the UK differs, with a planned 18% increase.  The IoT is still largely a wild west, and consumers bear the greatest risk when every aspect of their personal life and information is connected to the Internet.

You can read the whole report here, which reveals that all differences aside, security spending is on the rise.  At the highest corporate and government levels, cybersecurity threats are being taken seriously.

Which makes the potentially ugly contrast over in the states all the more disappointing.  The former Director of the Consumer Financial Protection Bureau, Richard Cordray, had authorized an investigation into the Equifax breach; under the current director, Mick Mulvaney, these efforts seem to have stalled significantly.  Early this week, Reuters reported that Mulvaney had not carried out the standard steps of requesting subpoenas or sworn testimony from Equifax officials.  Nor has it carried out tests of Equifax security measures, while also rejecting assistance from other regulators.

CFPB statements insist that they are still “looking into” the matter, but so far these assurances have been vague and noncommittal.  Based on the reports, however, the appearance is one of an agency with no interest in holding Equifax accountable, and that does not care about ensuring the security of 140 million consumers.  It’s a disgusting look.  For all the scrambling and frenzy in the EU, at least they’re doing something.