With cybercrime on the rise, and mistrust of how businesses handle data, it’s time to be more transparent and focus on security to win back the confidence of our customers.
“There is a crisis of trust in American democracy.” So begins a 2019 report from the Knight Commission on Trust, Media and Democracy organized by the Aspen Institute. It lays blame on the nation’s political discourse, racial tensions, and the technology that gives people greater access to commentary and news. The report concludes that since 2018, “unwelcome facts are labeled as fake.”
Rising cybercrime reduces trust
Part of the problem with trust in the technology industry has to do with the ease cybercriminals now have to ply their trade. Once relegated to a dark corner of the internet, now many criminals operate in the public view. On the dark web, you can buy various pieces of technology such as ready-made phishing kits to seed infections, carders to collect credit card numbers, botnets and web stressors to deliver DDoS attacks, and other malware construction kits that require little to no technical expertise beyond clicking a few buttons on a web form. A 2019 report from CheckPoint shows that anyone who’s willing to pay can easily obtain these tools. Forget ‘software-as-a-service’: we’re witnessing the growth of the ‘malware-as-a-service’ industry.
This is a team sport: security, IT, operations and risk groups all need to work together.
At a recent RSA forum in London, UK, I interviewed numerous experts who’ve spent their careers examining cybercrime and understanding how to combat fraud. It was a somewhat sobering picture, to be sure. RSA’s president, Rohit Ghai, spoke about how the largest facet of risk today is digital risk, and how businesses need to better integrate risk management and cybersecurity methods. “This is a team sport: security, IT, operations and risk groups all need to work together,” he said. “Our goal is not just about protecting apps or data, but about protecting our trust assets. We trust strangers to share our homes and cars because tech brings us together and drives the sharing economy.” Ghai believes we need to replicate this trust system in the B2B world, just as Airbnb and Uber have done for consumer-based businesses.
Trust at an all-time low?
Ghai agrees with the conclusions of the Knight Commission report: trust is at an all-time low. Some have become so distrustful of our digital lives that we now have a new acronym, LDL (‘let’s discuss live’). But we can’t, and shouldn’t, turn back the clock to the analog era: we need to be able to trust each other again to fuel our growth. He mentioned that to be trustful, “an ethical company should do the right thing, even if no one is observing them.” I liked that idea: too often, we hear about corporations that are causing damage, like polluting our environment, before denying any responsibility, or worse, covering up the details when they get caught.
Аn ethical company should do the right thing, even if no one is observing them.
Part of the challenge for IT professionals is that cybersecurity is really a business problem, not a failure of technology. “Breaches and intrusions will occur,” says Ghai. “We have to move beyond the shame of admitting a data intrusion and understanding its business impact. Our goal should be maintaining ‘cyber-wellness’, not trying to totally eradicate threats.”
Taking better care of customers’ privacy is also good for business, as numerous reports have concluded recently. Almost half of the consumers surveyed believe there are ethical ways companies can use their data.
How much do you value your data?
Another issue is that what we say and what we actually do about maintaining our digital privacy is often at odds with each other. In a 2017 MIT privacy experiment, they found that student participants would quite readily give up personal data for very small incentives, such as a free pizza. And the same casual value exchange played out when Kaspersky offered up freebies in exchange for personal data in this storefront stunt.
This dichotomy is seen even with IT security pros. Another survey by Yubico found that more than half of IT managers who have been phished have still not changed their password behavior. If they don’t change to improve their own personal security, who will?
The same dichotomy can be said about transparency: sadly, there are few companies who are actually as transparent as they claim, either by wilfully misleading the public (Facebook is top in this regard) or by just doing a poor job of keeping their IT assets under appropriate controls (British Airways is a prime case study here).
Trust is fragile
Where do we go from here? Security expert Bruce Schneier says that trust is fragile, and transparency is essential to trust. The Knight Commission report carries a series of recommendations for journalists, technology vendor managers and ordinary citizens.
Recommendations include being better at practicing radical transparency, for journalists to disclose information sources as a rule, and making social networks step up and take responsibility for protecting their users. I hope we can implement many or all of them to make for a better, mutual and trusted future. All of us need to work together if we want to turn this around and improve customers’ trust in business.
This article represents the personal opinion of the author.