Resolving the cyber security crisis of confidence

CERT-LatestNews ThreatsEconomic ThreatsStrategic Uncategorized
Cyber Security Confidence

Without user education from businesses, experts and peers, offering practical advice and spreading the message that something can be done, consumer complacency will continue to put users at risk of even bigger breaches in the future

As the number of high-profile data breaches continues to rise year-on-year, cybersecurity has never been as prominent in the public eye, with WannaCry being the most obvious recent example.

This has caused a cyber security crisis of confidence for consumers, which businesses must take a leading role in resolving by educating their customers about how they can stay more secure online.

Indeed, security is increasingly becoming a valuable competitive differentiator for businesses in all sectors, as we’ve seen through campaigns such as Barclay’s Digital Eagles.

>See also: Are businesses over confident in their cyber security capabilities?

However, the vast majority of consumers don’t know where to start when it comes to securing their data. Their primary objective is achieving on-the-go convenience and “always on” access to their digital life, which is invariably at odds with staying secure.

RSA recently conducted a global consumer survey to better understand people’s expectations of security, the type of data they are most protective of and the steps they’ve taken to ensure its security. It’s useful reading for any business that wants to better understand how to differentiate on security while still delivering the shopping experience that customers want.

Great expectations

First and foremost, it is important to understand that consumers maintain high expectations for security, no matter how many cybersecurity horror stories they see in the news. Their data is important to them and they expect it to be treated with the care it deserves.

Unsurprisingly, 93% of consumers would prefer to be involved in choosing how their personal information and accounts are protected and 91% want service providers make security more visible.

If a business can’t meet these expectations, there is growing evidence that consumers will simply go elsewhere. In fact, 28% of consumers said they have chosen to boycott companies that mishandle data, opting to move to a more secure alternative instead.

>See also: Gartner identifies the top technologies for security in 2017

Of course, consumer perceptions of security vary greatly depending on their activity, and the nature of the digital application or service they’re using. It is no surprise that consumers are most trusting of banks and their ability to provide the highest level of security.

A massive 96% of respondents believe banking websites and apps are ‘very’ to ‘somewhat’ secure. In stark contrast, social media apps scored the lowest results, with a sizable 4 in 10 consumers stating that social media websites and apps deliver the least secure experience.

There are two very different lessons to be learnt here. For social media organisations and the least trusted industries, there is a tremendous opportunity to debunk these myths, making security a USP.

This can be done by ensuring security policies are more visible, as well as educating users as to how they can stay secure while using their services – as we have seen recently with apps such as Facebook which enabled end-to-end encryption.

For banks and other similarly trusted industries, the expectation of security is already there. For many, this means they will not win brownie points for delivering security alone, they need to do so in a way that makes life easier for the consumer. Customer experience and ease of use will be the new benchmark which these industries are measured against.

Neglecting security

Yet it is becoming increasingly difficult for brands to protect customers from themselves. With every breached organisation, consumer passwords are sold and distributed en masse throughout the Dark Web.

>See also: Businesses should support the new National Cyber Security Strategy

Billions of fresh credentials are available for sale on the dark market for mere pennies. Furthermore, credential checking tools such as Sentry MBA make it easy to test thousands of username and password combinations across multiple websites in minutes.

This means that cyber criminals can leverage one password to break into further accounts, gaining information such as addresses, national insurance numbers and bank details that can be stolen from directly, or sold on to be used in further breaches.

However, one of the most striking findings from the survey was that, while general awareness of data breaches has risen, consumer security practices have not improved accordingly. In many cases, they have even slipped.

To put this into context, 60% of consumers cited the prevalence of password breaches from popular website as their biggest security concern. However, 72% of those same respondents admitted to using the same password after a major breach was announced.

The results suggest that consumers are becoming indifferent to data breaches, which is a worrying state to be in. They continue to see some of the world’s top organisations succumb to massive data breaches, and wonder how they can ever hope to protect their data.

>See also: The cyber security challenge for retail branch IT

Users believe there is nothing they can do to prevent hackers from stealing their personal details; indeed, further RSA research shows that 24% of British consumers have become numb/immune to headlines around data breaches.

The pain of lost passwords and credentials

So what can businesses do to address this problem? Here are a few ways that businesses can fight the data backlash:

1. First and foremost, businesses must encourage their users to change their passwords immediately after a breach. No exceptions.
2. They must also ensure that each online account has a strong unique password, something that is more easily achieved using number of free tools such as free password managers.
3. Enabling two-factor authentication for online logins will also greatly reduce the risk of a hacker accessing a customer’s account. It’s an essential and easy to use security measure for any business or service, and gives customers’ piece of mind that their account is properly secured.

>See also: Half of UK firms feel they lack the skills to combat cyber threats

4. Finally, all security features should be as frictionless as possible. If security is obtrusive or difficult to use, customers will simply ignore or bypass it, both of which are dangerous. Furthermore, because security can be a factor in the user experience, it can therefore impact customer retention and satisfaction.

Without user education from businesses, experts and peers, offering practical advice and spreading the message that something can be done, consumer complacency will continue to put users at risk of even bigger breaches in the future.

However, by taking a common-sense approach that shows users there is something that can be done to prevent cyberattacks, consumer confidence will return. Businesses will play a huge role in making that happen, and those that take the lead in the fight against complacency will feel the benefit. A win-win for everyone involved.

Sourced by Rashmi Knowles CISSP, Field CTO EMEA at RSA

The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

http://www.information-age.com/resolving-cyber-security-crisis-confidence-123467454/

Tagged