With the constantly accelerating pace of cybersecurity threats, technology companies must take on the responsibility of securing their systems for customers, and one top U.S. cybersecurity official thinks it may be time for new legislation to enforce it. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly delivered a speech at Carnegie Mellon University in February 2023, in which she praised Apple for its commitment and accountability towards customer protections. At the same time, Director Easterly criticized Microsoft and Twitter for the avoidance of widespread multi-factor authentication (MFA) use in their products and platforms.
While the CISA director criticized the two big tech companies, she also acknowledged their transparency in disclosing their low MFA adoption numbers. She believes that such practice illuminates the needs for default security and that more organizations should demand “radical transparency” and the adoption of MFA as a basic requirement. New legislation is needed to prevent tech companies from rejecting liability for security concerns, while setting higher standards for critical infrastructure software and rewarding organizations that integrate these into their security.