Why is there no minimum cyber security regulation?

cyber security regulation

By Mark Schaefer

Research shows that the most popular blog posts are positive and uplifting with lots of high energy words. This is not one of those posts.

I don’t know if you can make a point about cybersecurity in this world with a sunny disposition but this has been on my mind and I need to write about it.

I recently had lunch with a friend who is an international cybersecurity expert. It is not a field I normally dwell in, but some of the comments he made to me plucked my head out of the sand …

  • “Once you see what is really happening on the internet, it is terrifying. It has changed me as a person.”
  • “We are fighting a losing battle. For every one person trying to protect our businesses on the internet, there are 800 trying to destroy it.”
  • “Many people think of the internet as baby pictures and funny videos. Imagine the most threatening monster you can dream of. That is the real face of the internet and the picture you need to have in your mind.”
  • “A friend asked me if Russia would hack his small business. Hell, China and Russia are hacking this restaurant right now. They’re pinging everything trying to find vulnerabilities they can exploit.”
  • “We are not ready for the Internet of Things. It is coming faster than we can handle because every new connection is an entry point for hackers.”

The easy life of a hacker

Like you, I am blissfully ignorant of these internet realities. I LIKE baby pictures and funny YouTube videos and I really don’t want to think about this stuff. At all.

But I am also a realist, and a business professional, and here is the conclusion I’m coming to. We need some sort of government regulation of internet security.

I just felt the cumulative cringing of all my readers, but hear me out and then slam me if you like in the comment section!

The biggest cyber-security problem is that there are no minimum internet security requirements and most people don’t care. It’s easy to be a hacker because we just let them in.

A young man recently told me that his entire apartment building uses the wifi from one resident because it is not passcode protected. When he got into an argument with that neighbor, he simply accessed the router and changed the password to lock him out of his own network. You can see why there needs to be some sort of minimum security applied to these appliances before they’re activated. It would be like getting a driver’s license for the internet.

Cybersecurity is not just a problem for dumb and careless people. I recently learned about a Fortune 500 CEO who had his entire company email inbox downloaded by a Chinese hacker. His company supplies the U.S. defense industry.

Now, multiply this kind of vulnerability times millions of people and millions of businesses and trillions of emails and spreadsheets and contracts.

We can’t stop hackers. But can’t we stop making it EASY for hackers?

The internet is a public utility

Every country has very strict regulations on companies who care for the water supply, air traffic control, electrical transmission, and the construction of roads and bridges. Without the highest standards in these areas, the economy could collapse and people would die.

The internet is the backbone of the First World economy. Shouldn’t this utility be protected with the same rigorous scrutiny?

It is a real dilemma because the beauty of the internet is that it is not regulated. Just combining the words “internet” and “government” makes me a bit nauseous. I don’t think there are more than a handful of U.S. legislators who even know enough about the internet to ask the right questions, let alone recognize the severity of the risk.

A new mindset

When I was in the corporate world, our customers required that our manufacturing facilities become ISO 9000 certified. This is a demanding quality standard that came at a very high cost. And yet once we achieved it, our customers felt more secure — and it even turned into a marketing advantage.

There are now ISO standards for cybersecurity, but there’s a big difference. In the manufacturing world, you maintained quality by minimizing change and production fluctuations. The internet is unpredictable and changing in the moment. It’s a complicated problem.

ISO is also an optional program and it’s not likely to be employed by small businesses with limited resources. Isn’t it time for some sort of minimum security level mandate to protect the most vulnerable businesses?

During my lunch meeting, my cyber security friend told me a story about a friend who had to re-build his small business after a cyber attack. The strongest cyber security measures possible should not be inaccessible to everyone.

As I go around the world and talk to executives about business, internet safety is always named as their number one threat. But it really isn’t even at the top of the national political agenda. Why?

SXSW 2016 3Mark Schaefer is the chief blogger for this site, executive director of Schaefer Marketing Solutions, and the author of several best-selling digital marketing books. He is an acclaimed keynote speaker, college educator, and business consultant.  The Marketing Companion podcast is among the top business podcasts in the world.  Contact Mark to have him speak to your company event or conference soon.

Illustration courtesy Flickr CC and The Heiser Project

All posts

The Marketing Companion Podcast

Why not tune into the world’s most entertaining marketing podcast!

View details

Let's plot a strategy together

Want to solve big marketing problems for a little bit of money? Sign up for an hour of Mark’s time and put your business on the fast-track.

View details

Share via