The thing that IT security professionals have in common with most police officers is that they are both committed to protect and serve a constituency that doesn’t always see or appreciate their efforts unless something goes horribly wrong. In both cases, it’s often a thankless job that the average person isn’t even aware of as they go about their daily routine.
One of the more significant differences, however, is that most people take reasonable precautions to secure their persons, families and valuables in a way that help reduce the overall crime rate. But when it comes to their digital personas that same level of caution is not nearly as widespread.
A new survey of 1,300 consumers in the U.S. concerning attitudes to digital security conducted by TeleSign, a provider of technologies for securing end user accounts, finds that more than half (55%) believe that a business should be ultimately responsible for protecting their information even though the passwords being used to access that data were generally created by the end user. There’s no doubt that a business is responsible for defending itself against cyberattacks directed against it. But there’s not much a business can do when social engineering techniques are used to fool end users into giving up passwords and other forms of personally identifiable information, or because the passwords being used were so weak that guessing what they are was little more than child’s play.
The survey also finds that 44 percent of the respondents have had at least one account hacked; with 64 percent of millennials reporting being victimized. Unfairly or not, the survey finds that 32 percent of consumers stopped doing business with one or more companies after an account was compromised.
Calls for abandoning passwords as a means of securing digital identities have now been made for years with no effect. No amount of hectoring about the need for more security awareness seems to make much of a difference either. There are, however, several other methods of multi-factor authentication that organizations can put in place. Those approaches are clearly more challenging to implement and manage. But given the general lack of commitment to securing passwords it’s clear the primary method being used to secure digital identities doesn’t work.The real issue is at what point will the public accept the replacement of passwords as a means for securing their online assets. Click To Tweet
The one potential bright spot in the survey is that it appears end users are starting to appreciate the value of their digital lives. The survey finds that just under a third of the respondents (31%) placed a value on their online account information at an excess of $100,000. Most people once they realize the value of something tend to take more precautions to protect it. In fact, people that have had their accounts hack will usually take some additional steps to better secure their online identity.
The real issue is at what point will the public accept the replacement of passwords as a means for securing their online assets. Naturally, that would require a government mandate to universally enforce. But many businesses are heading in that direction on their own accord. IT security has become a no-win proposition for businesses because they get penalized when something goes wrong even though the end customer isn’t willing to take the most basic of precautions.
Fortunately, IT industry leaders such as Intel, Microsoft and Apple are working on a variety of technologies to provide more reliable means of authenticating end users. But it might still be years before any of those technologies gets broadly employed.
In the meantime, businesses have every right to protect themselves better. They just need to find a way to do it in a way that doesn’t overtly impinge on the online customer experience. There are ways of accomplishing that goal. But like most forms of security, the business needs to be willing to go to the trouble and expense of first implementing them, and then getting everybody to feel comfortable using them. The conversation IT security leaders need to have with business leaders is explaining how the costs involved in making that transition mitigate a risk to the business that keeps getting more expensive with each passing day.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.