It’s not like the IT industry hasn’t tried, particularly the payment industry. Think back over the last 40 years or so (since IT began to go truly mainstream) and it’s easy to see that the IT industry, as a whole, has put a lot of effort into cybersecurity, for example, the development of firewalls and antivirus software, two-factor authentication and encryption standards.
Sadly, however, the sheer number of cybersecurity incidents we hear about in the news (and those we don’t hear about) indicates that much more needs to be done, and quickly if the internet is to reach its full potential.
Here are three ideas on what needs to be addressed as a priority.
Passwords, PINs, tokens, and biometrics each have their advantages and disadvantages. Some people see passwords (and PINs) as the dinosaurs of the internet age and yet biometrics are not the panacea for all security ills, not yet at least.
Apart from anything else, fingerprint scanning, for the time being, requires contact between bare skin and the fingerprint reader, which might be fine in a centrally-heated home or office, but is not exactly an attractive option outdoors in the cold, wind, rain and snow.
The disadvantages of passwords and PINs can be overcome by the use of two-factor authentication, which is why this has taken off so much in recent years, however, the flip side of this is that people are now ending up not only with long lists of passwords but with piles of security tokens (e.g. card readers and RSA tokens), which means there is clearly room for innovation to streamline these.
The unstoppable rise of mobile provides another level of impetus for a rethink of user interfaces. Up until now, the emphasis has largely been on usability and accessibility, which is understandable and indeed, arguably, a prerequisite for the internet to have a long-term future.
Now, there’s a strong case for looking to find ways to put user security at the heart of interface design.
The forthcoming GDPR standards give companies a push in the right direction in this regard, but GDPR does not require companies to develop new solutions.
Having said that, the implementation of GDPR will, hopefully, motivate the IT industry to develop ways to deliver higher levels of IT security, ideally, at a cost the average company can afford.
IT has no shortage of security standards, especially if you include the standards maintained by the payment industry. The problem is that they can be extremely confusing for people who are not IT experts, such as business people and members of the general public, who need to secure their home devices.
Internet of Things devices is a particular area where there seems to have been a lax approach, at times, to cybersecurity. In both domestic and business settings, cybersecurity innovation is needed to match the rapid pace of IoT growth that we are seeing.