5 Major Changes We Need in Security and Privacy in 2020
One of the biggest social changes in the 20th century was the proliferation of the automobile. As they grew more powerful and widespread, traffic incidents became increasingly frequent and fatal. Introducing the seat belt was one of the most important responses to this, yet many people remained too careless or simply apathetic to buckle up.
Despite a number of increasingly strict seat belt laws and associated financial penalties introduced in the UK, it wasn’t until after a series of TV, radio, and newspaper campaigns that the importance of a seat belt was set in the minds of the British public.
Seat belt advertising used real-life situations, were very emotive, convincing and came accompanied by simple and memorable messages such as “Clunk Click” (close the car door with a clunk, fasten your seat belt with a click).
The power of seat belt marketing campaigns was in their simplicity and emotiveness. We have a lot to learn from them in the field of cybersecurity.
Now, as we increasingly deal with machines and technologies of a different kind, history seems to be repeating itself. Our society is trying to fight cyberthreats, but despite getting increasing media attention we are not succeeding. Cybercrime damage is predicted to reach $6 trillion in 2021, and each day seems to bring fresh news of enormous data breaches and escalating corporate fines. People who know me have often heard me quote the saying "One definition of madness is to keep doing what you are doing and expect a different result". With this principle in mind I believe a number of things must change urgently if we want a safer digital future for ourselves and our children.
1. Cybersecurity should become simple and important for the average person
With a similar attitude people had to road safety, many people think of a cybersecurity incident as something that simply won’t happen to them. However, in today’s digital world, the risks are escalating at unprecedented rates, these risks include being locked out of a laptop forever, losing a lot of money instantly, having our identity stolen, being a victim of ransomware and the emotional and potentially huge financial consequences that such attacks can entail.
Protection makes more sense than ever but unlike physical safety, cybersecurity is much more widespread and harder to grasp and practice. We’re simply too busy, and trade convenience for risks we do not comprehend, our digital lives are a torrent of information which sees us skimming emails, books, and films so it is unlikely we will put time aside to start deliberately educating ourselves about cybersecurity.
In its 2019 Smart Home Security Report, Avast stated that 59.1% of users worldwide have never logged into their router or updated its firmware. Personally, I can’t imagine even a single person outside the tech world who would check their router or readily explain what “firmware” is. And the user is not to blame.
At Clario, we want to address this challenge and have created a state-of-the-art product that will make privacy and security easy and manageable for everyone. At CES 2020, we presented our prototype and the response was amazing. It proves people have been eagerly awaiting cybersecurity solutions to match the ever-evolving way we use and engage with technology.
We need a change. We need privacy and security products that are intuitive, simple, educational, and even enjoyable. No more ugly user interfaces and tech jargon. Ultimately, we need simplicity in every user-facing aspect of cybersecurity.
2. Government initiatives in cybersecurity should bring real value
More and more laws to prevent the abuse of personal data are coming into force and powerful companies like Facebook, Equifax, and British Airways have faced huge fines as a result. But the introduction and enforcement of law is not enough. We can endlessly regulate and fine businesses but it’s just like regulating car manufacturing without urging passengers to protect themselves with seat belts.
Governments should approach the problem of cybersecurity with the same commitment and seriousness they have used for other public safety, health and behaviour change campaigns. We already know the principle for effective campaigning: simplicity and emotiveness. So why not apply them to cybersecurity?
In fact, there are multiple governmental bodies and organisations running campaigns to fight cybercrime. In the US, they include the Federal Trade Commission, the Department of Homeland Security, the Federal Bureau of Investigation, and more. Still, how many Americans have heard about their campaigns? Despite the growing attention most people would not know who to turn to if they are hit by identity theft or other cybercrime as conventional police authorities are not able to deal with the problem?
Educational programs must embrace society as a whole, but in security and privacy it is crucial we also address our youngest citizens. Children start using the internet aged between three and five years old, and get their first smartphones at six or seven. At this age, they have no understanding of digital privacy and protection. By downloading and clicking all sorts of things, they put both themselves and their whole home network at risk. This is why parents and schools need to help children stay safe by learning the right way to behave online from an early age.
Educate, trigger emotions, make things simple - in social campaigns, governments should approach cybersecurity in the same way they treat public health.
3. Businesses should shift focus from not just corporate but to private security as well
Large corporations have colossal cybersecurity budgets but that’s no guarantee of safety. In February last year Mark Zuckerberg said Facebook was going to spend over $3.7 billion on safety and security in 2019 yet months later an enormous data leak was discovered and 540 million records of Facebook users were exposed online. This story speaks volumes.
It seems that companies are not spending their security budgets completely effectively. When it comes to a data breach, human error is often revealed to be the cause of the incident which is hardly surprising in the context of modern business. With “bring your own device” rising in popularity in the workplace and information flows speeding-up, the risks grow exponentially.
The answer? To educate employees and think beyond job-related security. After all, an employee is a consumer too, so shifting focus to consumers at large makes sense and the collective effort of many companies will amplify the impact.
Companies should do more to educate the general public about cybersecurity. In a digitally literate society, their own corporate security will be on a much higher level.
4. The Internet of Things industry should build up security standards
It is predicted that the number of Internet of Things (IoT) devices worldwide will grow from 22 billion in 2018 to 38.6 billion in 2025 - think smart lenses in your eye or smart mirrors that learn all about your face and body to consult you on personal wellness. But along with the incredible capabilities these devices will bring, come some specific risks.
Firstly, IoT devices do not have user interfaces, so you need to have deep technical knowledge to change their configuration and make them more secure.
Secondly, the extent of what your device can do isn’t always obvious. For example, many people cover their laptop cameras because they are concerned about privacy but how many are aware that their smart TVs have built-in microphones and cameras too, or the vulnerability of security cameras around your house or monitors in nurseries?
Finally, people never consider the whole network at home. Most people might be unconcerned about the security of their smart fridge or smart TV. However, if that fridge or TV is badly protected a hacker can break into your home network and from there into any connected device such as your laptop or phone. As the FBI recently said: “Your fridge and your laptop should not be on the same network. Keep your most private, sensitive data on a separate system from your other IoT devices.” I would bet that 99.99% of people wouldn’t know how to solve this problem by splitting networks making it an impractical solution.
IoT has to grow up and standardize security. Parents giving a smart toy to a child have a right to expect privacy protection in the same way they expect the toy’s material to be non-toxic.
5. Technology should work hand in hand with human experts
While artificial intelligence, robots, and bots have great potential, they are not capable of replacing humans in many roles in the near future. For example, take technical support. For the last five years many companies have used bots instead of humans but the vast majority of users complain about the experience and would always favour being able to reach a human, particularly one with knowledge and expertise. You certainly rarely hear people speaking highly of any form of automated support.
When a security issue happens, it’s often very stressful and an automated response from a 'bot' (robot) is more likely to compound that rather than making you feel secure or establish trust. In a crisis, stress levels are high, speed is critical and you need to speak to an expert capable of solving the problem or able to walk you through the process of resolving the issue. Human flexibility and compassion is highly-sought after by users worldwide as it makes a security issue much less traumatic. That’s why Clario has a team of 600+ tech experts on hand 24/7 to help when needed.
The value of expert human support should not be ignored. When security incidents happen, automated responses feel lifeless and useless. For years to come, humans will still beat bots in security issue resolving.
To sum up, these are the social shifts that, from my point of view, should take place in the near future for our common benefit in security and privacy:
- Cybersecurity should be simplified for the user and open to everyone
- We need impactful social initiatives providing practical education in this field, while this should start in school society as a whole needs to play 'catch up'
- Businesses should encourage employees and customers to use consumer security tools and knowledge outside of working environments and should give rapid, clear and practical advice and support to customers when they suffer from a data breaches
- IoT needs strong regulated security standards as the use of 'smart' devices proliferates
- Human assistance is invaluable, providing practical timely support when needed as technology alone is not enough.
People want to have convenient security solutions because their daily lives are so busy. At Clario, we aim to deliver this alongside reliability and real human support. Let’s go together!
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.