A high-level US cybersecurity official pointed to Apple as an example of a company with good accountability and transparency in its security practices. And she added others — like tech giants Microsoft and Twitter — might learn a thing or two from it.
“Apple is taking ownership for the security outcomes of their users,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly in a speech Monday at Carnegie Mellon University in Pennsylvania.
High-level cybersecurity official holds up Apple as positive example for accountability and transparency
In her speech, Easterly said the burden should be on businesses to secure services for customers and be held accountable for it, CNBC reported. And new legislation could be a means by which to do that, she said.
Easterly credited Apple for making multifactor authentication (MFA) a default practice. That has led to a stated 95% of iCloud users enabling MFA. The security measure obligates a user on one device to enter a code sent to a different device or account during sign-in.
‘Disappointing’ MFA adoption rates at other companies
She contrasted that with MFA adoption rates at Microsoft (about 25%) and Twitter (less than 3%), calling them “disappointing.”
But she was glad the companies actually shared those figures.
“By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly said. “More should follow their lead — in fact, every organization should demand transparency regarding the practices and controls adopted by technology providers and then demand adoption of such practices as basic criteria for acceptability before procurement or use.”
Possible new legislation
As for new any new legislation on the matter, it should “prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services,” Easterly said.
News outlets indicated the companies mentioned did not provide comment.
Apple’s ongoing efforts
Apple has outpaced some other tech giants in more than just MFA, as well.
In December 2022, the company expanded end-to-end encryption in iCloud services through Advanced Data Protection. Read more about how to take advantage of it for better security.