This is part II of the why we suck at cyber security series. You can read Part I here.
Part II update: Yup, we’re still screwed
It’s not getting any better out there. Food for thought: 2017 saw a record-breaking number of vulnerabilities, setting the new high at 20,832 (hooray!). I can’t wait to see what the 2018 number will be.
I’ve said it before, and I’ll say it again: cyber security is a direct contradiction of convenience. This simple fact leads to a lot of the security problems that we all hear about on a monthly — sometimes daily — basis. It’s important to remember that shortcuts (convenience) generally work both ways; tracers tell you where you’re shooting, but it also shows the enemy exactly where the bullets are coming from. In the cyber security world, every element that makes accessing your information more convenient for you, also makes it more convenient for adversaries.
Yes, it’s convenient to use the same password for every site you make an account with. Yes, it’s convenient to just have a username and password to login to your bank sites and not require all sorts of two factor steps like clicking a link in your email or a code that gets sent to your phone. Yes, it’s convenient to have a password that’s a single word with no special characters. All of these things are also incredibly insecure.
On the other hand… Sure, we could just program everything to be perfectly secure and require your social security number, mother’s maiden name, first dog’s hair color, and that childhood secret that you’ve never told anyone to gain access to it, but I wouldn’t want to log into anything ever again.
The problem arises
That’s where you hit a catch 22. From a business standpoint, if you keep everything as secure as possible and limit the methods in which your users can access your site or application, how are you supposed to keep drawing new customers when your competitor makes things easier for the consumer? So, it’s partially our fault; we want things to be easy and convenient. I’m not naive enough to expect users to sacrifice convenience for security that can’t very well be measured, but I promise you that the current state of cyber security will not change much if users do not start valuing the security of their own data and leaving it entirely up to the business.
I am by no means putting the security mission solely on the consumer — the new record for vulnerabilities in 2017 highlights how it is absolutely the creators’ fault for the security lapses of today’s products, whether it be Facebook, Microsoft, Apple, or Experian. However, it is entirely up to the consumer to decide how far one breach can go. From password complexity and strength to ensuring that no single breach will compromise multiple accounts; it’s all on us. Everyone has a role in cyber security — don’t take it lightly.
Images courtesy of Pixabay.