Since the massive data breach of credit bureau Equifax, the U.S. Congress has become more interested in investigating the causes of data breaches. Australian security expert Troy Hunt, who recently traveled to Washington to share his insights with a House committee, discusses what he told lawmakers in this in-depth interview.
Hunt was one of several experts who testified before the House Committee on Energy and Commerce to address why breaches are becoming so common (see Senators Again Propose National Breach Notification Law).
Hunt is frustrated that despite an endless string of breaches, legislators and organizations alike have yet to take bold breach prevention action. "We keep saying after really serious incidents, 'This was pretty bad. Maybe now everyone will take it seriously.' ... And then we have another breach. And it just goes round and round and round," he says in an interview with Information Security Media Group.
What's missing, he says, is a way to hold companies accountable after a breach, he contends.
In this interview (see audio link below photo), Hunt discusses:
- Whether companies are incentivized enough to invest in security defenses that help prevent data breaches;
- If regulatory regimes are strong enough to compel organizations to make security improvements; and
- What models organizations should use for authenticating customers in an era when so much personally identifiable information has leaked.
Hunt is best known for his Have I Been Pwned service that notifies individuals when their email address turns up in prominent breaches. He's also an author for the technology learning site Pluralsight and a Microsoft regional director and "most valued professional" specializing in online security and cloud development. A frequent speaker at conferences around the world, he runs workshops focusing on how to build more secure software within organizations.