So, you’ve got your organization all set to meet the requirements of the General Data Protection Regulation (GDPR). You tell yourself you can relax. But have you heard about the Cybersecurity Tech Accord?
Generally, cybersecurity government regulation is exactly that—rules laid out by ruling authorities that generally end up adding to your to do list. But the Cybersecurity Tech Accord is driven by 34 of the world’s largest international companies—this time the private sector is taking on cyberwarfare by making a commitment to create stronger defenses against cyber attacks and to make sure they’re not unwittingly helping governments attack other countries.
The Cybersecurity Tech Accord is more than just a positioning statement. It’s going beyond cybersecurity government regulation in that the participating companies are pledging to empower their employees and clients to better protect themselves, while improving technical collaboration to make cyberspace safer. In most cases, cybersecurity government regulation lays out compliance obligations, but it’s generally up to companies and their IT staff to figure out how best to follow those rules.
Going beyond cybersecurity government regulation
While this so-called “Digital Geneva Accord” has private sector companies taking the initiative, it requires those in the trenches of IT to go the extra mile—the Cybersecurity Tech Accord puts the onus on everyone in the organization to make good cybersecurity part their culture. And while it’s not obligatory, your employer could soon decide it should follow this accord as a good corporate citizen.
The good news is that accord starts at the design level. It vows that the signers “will protect against tampering with and exploitation of technology products and services during their development, design, distribution and use.” This means you can expect more security by design in the software and hardware you deploy, although already intelligent devices such as modern multi-function printers come equipped with their own embedded security smarts to better defend your network at large.
But should your organization sign on to this new digital accord, you many find yourself getting out of your comfort zone for the greater good and better cybersecurity.
The Cybersecurity Tech Accord makes four commitments
So just what are you committed to if your employer decides to sign on to this Cybersecurity Tech Accord?
The early supporters of this initiative, including Cisco, Facebook, HP, HPE, Microsoft and Trend Micro, have outlined four key areas for adopters to focus on. The first is on building a stronger defense against online attacks and recognizes everyone deserves protection around the world, regardless of what motivated the cyberattack. Second, these companies will make sure they’re not part of the problem by making sure their products aren’t tampered with or exploited to help governments launch cyberattacks against innocent citizens and enterprises.
The third commitment is where creating a culture of good cybersecurity comes into play, as accord supports are will more do more capacity building by empowering developers as well as users of their technology to be to better protect themselves. It may include collaborative work on new cybersecurity practices as well as new features that customers can integrate into their own products and services. Finally, the Cybersecurity Tech Accord calls for collective action by building existing relationships and creating new partnerships within industry and society at large to improve technical collaboration and minimize the potential for new online threats.
The new normal is always changing
The Cybersecurity Tech Accord reflects new normal of data privacy and security is multifaceted. Legislation such as GDPR and Canada’s own Personal Information Protection and Electronic Documents Act (PIPEDA) are fostering the concept of privacy by design, while technology vendors have realized that exponential rise in cybersecurity threats require an automated response powered by artificial intelligence and machine.
But this new accord also reflects that reality cybersecurity must be not only be embedded in your IT infrastructure. It must also be weaved throughout the culture of the organization and also be a collaborative endeavor with other organizations. Having a modern operating system with a strong security foundation is a starting point. If your IT team develops apps either for internal employees or external customers, a DevOps culture could strengthen your security and is in spirt with the Cybersecurity Tech Accord.
What this new industry-led initiative is a heralding, however, is the embedding of data privacy and security into the culture of the organization, which means you may find yourself acting as cybersecurity evangelist and teacher for your fellow employees and your customers.
Gary Hilson is a freelance writer with a focus on B2B technology, including information technology, cybersecurity, and semiconductors. A revised version of this article was published on Tektonika Canada.