Why Cybersecurity Risk Must Shift to ‘Secure by Default’ Principles

In episode 83 of the Cybersecurity Minute, Chris Hughes takes a look at a new guide out from CISA (Cybersecurity and Infrastructure Agency) that aims to strengthen cybersecurity.

To hear practitioner and platform insights on how solutions such as ChatGPT will impact the future of work, customer experience, data strategy, and cybersecurity, make sure to register for your on-demand pass to Acceleration Economy’s Generative AI Digital Summit.

Highlights

00:43 — There’s a new CISA publication, Shifting the Balance of Cybersecurity Risk. It’s part of the conversation about rebalancing the responsibility to defend cyberspace. The aim is to empower those most capable to be better stewards of our digital ecosystem.

01:38 — Right now, the scenario is that risk is passed down to the consumer whether it be everyday citizens who have no real competencies in cybersecurity or small to mid-sized businesses with limited resources.

02:03 — CISA’s publication focuses on two things: “secure by design” and “secure by default.” “Secure by design” refers to systems or products that prioritize security as a critical consideration alongside customer and business goals. “Secure by default,” on the other hand, refers to those that are inherently secure when taken out of the box.

03:08 —The CISA publication does not impose any requirements or regulations. Some are calling for federal regulations to be put in place, such as those seen in states like New York and California. However, having regulations in individual states creates a patchwork framework with many different cybersecurity requirements across the country, burdening businesses.

03:42 — There’s a similar problem in the privacy landscape. States are tackling the issue since the federal government hasn’t quite stepped in yet and put forward a federal privacy framework that’s been required.

---

Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: