• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   FTC Has Authority to Enforce Corporate Cybersecurity

FTC Has Authority to Enforce Corporate Cybersecurity

  • Posted on:August 27, 2015 at 12:31 pm
  • Posted in:Bad Sites
  • Author:Tom Kellermann
0

Up to now, there have been relatively few laws or regulations from government agencies that mandate just how companies should protect their data. In the United States, however, that may be about to change.

Earlier this week, the United States Court of Appeals for the Third Circuit decided in FTC v. Wyndham Worldwide Corp. that the Federal Trade Commission (FTC) had the authority under existing law to regulate the cybersecurity practices of businesses. This sets a precedent that could change how and why companies protect the information of their users. In the long term, it also sends a message: the FTC is keeping an eye on how companies secure their data, and will punish those who fail to do so.

To recap, the FTC is a body of the United States government that is mandated to enforce consumer protection laws via voluntary consent decrees, administrative complaints, or federal lawsuits. Historically, the FTC has concentrated what it considers to be unfair or deceptive business practices.

The FTC has been battling Wyndham (a global hotel conglomerate) since 2012, when the latter suffered a breach that led to the personal details of more than 600,000 guests being stolen. Wyndham alleged that the FTC’s authority did not extend to punishing the hotel chain for the breach. The court, however, disagreed.

In a very real way, this decision modernizes the authority of the FTC. It’s become clear that  multiple large-scale breaches are as large a threat to consumers as the more pedestrian issues the FTC has handled in the past. However, this is not as unprecedented as one may think: the FTC has kept an eye on how tech companies implement security and privacy policies. For example, the FTC pointed out at this year’s Black Hat convention that they’d settled with Snapchat over how the latter handled messages and photos.

What does this mean for companies? Simply put, it means that promises of “security” and “privacy” can no longer can be glib phrases that, legally speaking, mean nothing. Instead, companies will actually have to make these promises happen, lest they be subject to an enforcement action that could cost millions. This raises proper cybersecurity from a nice to have thing (which, in many organizations, is still the case) to a must have item, in order to comply with the requirements of regulations. The FTC is watching for gross violations of cybersecurity and will punish those accordingly to set an example to others.

The US is not alone in this. European regulators have also been moving to impose regulations, albeit from a slightly different approach (data protection versus business practices). In the end, whatever the approach may be, this is welcome news that should help keep the personal data of consumers safe and secure.

 

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
  • Windows App Runs on Mac, Downloads Info Stealer and Adware
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures

Popular Posts

  • Going In-depth with Emotet: Multilayer Operating Mechanisms
  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.