Symantec: Poorly designed security, data protection rules can create new vulnerabilities

Symantec Headquarters Mountain

Increasing concerns about security and information privacy in the digital world will drive legislative and regulatory action globally, but poorly conceived regulations could also create new vulnerabilities, warns Symantec, a provider of cyber security solutions.

According to Symantec’s 2019 cybersecurity forecast, while “upticks in legislative and regulatory actions “are likely to address security and privacy needs, “some requirements have the potential to prove more counterproductive than helpful.

“Speaking to PTI, Symantec Managing Director (India and SAARC) Gaurav Agarwal said that certain aspects need to be taken into account when framing and implementing these regulations.

“An administrative / regulatory body, for example, requires a company / person to investigate some information. There must be clarity as to how the data is collected, processed and discarded after use, so that no misuse is made by anyone else, “he explained.

The Symantec report indicated that the implementation of the General Data Protection Regulation (GDPR) by the European Union earlier this year is likely to be a precursor to a number of security and privacy initiatives in other areas. Countries such as Canada and Brazil already have regulations on the subject, while India considers its own data protection standards, the report added.

“Security and privacy regulations could create new vulnerabilities even as they close others if poorly conceived, ” the report warned. Agarwal said that an important step in the process would be to make people aware of the changes that are being made and how these rules are likely to affect their lives.”

The banking system has done an excellent job to make people aware that they should not share the transaction OTP… When new regulations are introduced, scammers can use fear to encourage consumers to share private information, which can only be countered by training the public, “he added.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.