Federal Trade Commission Chairwoman Edith Ramirez is reinforcing the need for technology startups to invest in ensuring cybersecurity measures are integrated into their products from Day 1, the Financial Times reported yesterday (Sept. 10).
Ramirez called for a “culture of security” during the FTC’s Start With Security conference in San Francisco on Wednesday (Sept. 9), where developers and companies were encouraged to think about security earlier on in the product lifecycle instead of when it has already gained popularity.
The event was part of the agency’s business education initiative to ensure businesses have practical resources to implement successful data security strategies, rather than making security an afterthought.
“A number of companies still don’t understand the importance of making the appropriate investment when it comes to security,” Ramirez explained to the Financial Times.
“The economic incentives may not necessarily always be there to make the requisite investment. Sometimes the devices themselves might be difficult to embed appropriate security in. So we want to see the ingenuity that we see behind all these terrific new devices and services also thinking about how to embed security.”
The FTC’s Start With Security program is just another example of how the agency is continuing to make cybersecurity a priority on its agenda.
The FTC’s authority in cybersecurity matters was recently affirmed when a federal court said companies that fail to provide their consumers with “reasonable protections” against data breaches can be sued and held accountable by consumer protection agencies.
This move allowed the FTC to proceed with its standing lawsuit against Wyndham Worldwide, alleging the hotel chain was and remains responsible for three data breaches that took place between 2008 and 2010. Through those incidents of data theft, hackers made off with nearly 620,000 credit and debit card numbers. The FTC has maintained the hacks led to more than $10 million in losses tied to fraud.
In a release following the court’s ruling, Ramirez stated the result “reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data. It is not only appropriate, but critical,” she said, “that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.”