Governments in Asia need stronger data-breach laws to ensure businesses improve the security of their customer data, according to a senior executive at IT management specialist CA.
Jerry Cox, CA's director of security sales for the Asia-Pacific region, including Japan, said in an interview that "strong laws would force a company to disclose security breaches often involving the loss of customer data."
According to Cox, Japan and Korea are ahead of most parts of Southern Asia in establishing such laws.
"In Japan, companies pay for security breaches in the form of an 'apology fine,' sometimes per user-account affected, which can amount to millions of dollars," he said, adding, however, that data security in most of Southern Asia is not yet at the level of that deployed in Japan.
Cox said California's strict data-breach law is an example of legislation "driving good security practices." California's law--SB 1386--requires businesses to disclose data-security breaches to residents if their unencrypted personal information is compromised. Other states in the U.S. have since introduced similar laws, and the U.K. is moving in that direction.
Data-breach penalties in Asia are often disproportionately mild compared to the severity and consequences of the breach, Cox said. "In Singapore, spammers can be fined. But you've got half the population online, so it's a bigger crime than it seems, and the penalties should be more severe."
Cox added: "In the United States, the penalty for spamming is jail."
One long-term measure to protect data, Cox suggested, would be to educate people about sound security practices and require them to apply them diligently.
Cox also highlighted the importance of establishing a good security foundation before implementing "higher level" security measures such as identity management.
Explaining what constitutes
a foundation of "sound" network security, Cox said that putting up firewalls and antivirus protection, as well as building policies around user permissions, should be established before implementing ID management.
Companies that do not have a good foundation for network security risk the failure of automated security processes such as ID management. Compared to their western counterparts, more companies in Asia are taking this riskier path, Cox warned, noting that a wide range of security technologies are nonetheless readily available in the region.
"While the United States went with the evolution of security tools, companies in Asia have a lot to choose from, even if their organizations are not ready," said Cox. Unlike many Asian companies, those in the U.S. "grew" their security installations and practices by applying more-sophisticated tools as they became available, he said.
He added that enterprise security policies may not be as developed in Asia, and estimates companies in this region to be "five to seven" years behind their U.S. counterparts, despite having access to the latest technology.
Victoria Ho of ZDNet Asia reported from Singapore.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
The Washington State Senate passed a bill that would charge electric car owners $100 per year to compensate for not paying gas taxes. The bill still has to pass the House.
Keep wishing is all I can say... (* LOL *)
Walt