Solving the Security Problem Means Solving the Human Problem
For the most part, people consider security breaches to be the fault of the technology put in place to prevent them.
For the most part, people consider security breaches to be the fault of the technology put in place to prevent them – a data hack, for instance, is only possible because of a fundamental weakness that developers did not do enough to address. But, that’s not strictly true: Individuals can be as much at fault, whether as a result of a careless mistake or a targeted phishing scheme. Often, it’s people, not technology, that is the weakest link.
Often, it’s people, not technology, that is the weakest link.
All of this is not to say that people are stupid, or incapable of identifying threats to their personal information. However, we do tend to put a lot of confidence in the institutions that are meant to keep us safe, a confidence that is often misplaced. We shouldn’t underestimate people’s ingenuity, as well as the agility with which one bad actor can weave around the safeguards enacted by institutions. Attack tactics evolve faster than institutions can defend themselves.
Attack tactics evolve faster than institutions can defend themselves.
The best way to keep your information safe – and to avoid being duped – is simply to be aware that the risk exists, and to take care whenever storing or handling sensitive information. You can spend all the money you like on the best lock that money can buy, but if someone tricks you into opening the door, it doesn’t matter how good that lock is – the only thing that counts is how you judge when to unfasten the bolt.
As Theodore Kobus, the head of law firm BakerHostetler’s Privacy and Data Protection team, notes, tactics like phishing scams “are never going to go away.” Says Kobus, “No matter what technology we put in place, no matter how much money we spend on protections for the organization, we still have people and people are fallible.”
So, if you’re a company looking to safeguard the consumer data you have on hand, you have to first educate your consumers about safety measures and security best practices. The second step is to make the user experience as seamless as possible so that people can embrace safety in a way that feels natural and requires minimal effort.
Too often, technology is seen as something opaque, only to be understood by experts and professionals. But, the truth is that as we conduct more of our life on digital channels, we all have to become more aware of the security hazards that lurk behind every email from an unknown sender and pop-up ad telling us we’ve won a cruise to the Bahamas.
Every aspect of our lives has become vulnerable to hackers: Singapore recently announced that a cyber attack on a government database resulted in the theft of the personal information of 1.5 million people, including that of the country’s prime minister.
Closer to our shores, Adidas had to alert millions of customers about a possible data breach that exposed people’s contact information, passwords and usernames. Nor are these hacks limited to revealing people’s personal details: It was recently discovered that thousands of documents containing sensitive information (including trade secrets) from companies like Tesla, GM, and Toyota were available on the internet for all the world to see.
In this case, the breach was not because these companies had a lackadaisical approach to security; rather, it was the fault of a Canadian company, Level One Robotics, and Controls, whose server the information was found on.
As vast amounts of money continue to move to digital platforms, hackers will become even more incentivized to target users directly, through phishing and other fraud schemes. That drastically increases the necessity for people to find tools and services that are not only secure but also take the time to educate users about security best practices.
At Cheetah Mobile, security is at the heart of everything we do, which is why we formed the Blockchain Wave Lab to develop products such as SafeWallet and Dapp Browser that help users carry out transactions without sacrificing on security.
Even people who know better will do dumb things. But, by getting people into the habit of prioritizing their security – requiring two-factor authentication, for instance, or even something as simple as requiring them to log in every x number of days – you make it that much harder for malicious actors to do harm.