How can security professionals drive consumer awareness of new tech without hampering mainstream adoption?

Security Strategy & RoadmapAwareness & TrainingInnovation
750 views1 Upvote3 Comments
Sort By:
Oldest
Founder/Chairman/CTO in Telecommunication2 years ago
When I was watching PCI (payment card industry) Security Standards roll out, I saw that all of the pressure was put on the banks and service providers, but not on the merchants. Part of the reason I perceived at the time was that if someone's putting money on a credit card, you don't want to encourage them to think about risk because that's against the business model of credit. You want people to spend, so the last thing you want to do is say, "Stop that, it's potentially dangerous." You can see this idea throughout a lot of the problems that we try to solve in this industry, where there’s an incentive almost to allow the bad behaviors whilst trying to enforce the good ones. It's one of those issues that we can't quite nail down. If you can make secure obvious and insecure easy for the user, and then have your product be seen as superior, less dangerous and more useful as a result of that, that's an ideal outcome. But there are not a lot of organizations that pursue that goal.

I cut my teeth on the solution side in security architecture, mostly driven by PCI, so that influenced my point of view. But it's an interesting dichotomy to process: To what degree is risk acceptable for the audience that we're trying to build out into, from a customer standpoint? Where do we factor them in? When do we need to stop freaking them out? The conversations that we have around cybersecurity are fundamentally scary, so we have to factor that in.

Voting machine vulnerabilities was one of the things that we pushed that drove much adoption of vulnerability disclosure in the US government around the 2020 election. The problem is not the fact that voting machines have vulnerabilities because they're a computer. The problem is that if you get on Twitter and tweet a picture of a voting machine with ransomware on it, even if you Photoshop that, you'll create a broader issue at that point. How do you address the issue of trust and transparency, and the idea that it’s being approached in a rational way, not in one that's purely beholden to the attacker or purely exploitative of the consumer? If we solve that, we'll solve the planet.
1 1 Reply
Senior Information Security Manager in Software2 years ago

PCI....stands for: pay cash instead  :)

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CIO/CISO in Healthcare and Biotech2 years ago
Quite simply, the best way is to think of the consumer first and where that consumer's pain may lie from a protection perspective. Touting benefits of new technology while weaving in specific cautions to take will not only educate and promote new tech, but also bring awareness to possible security issues one might encounter while utilizing that tech. Far from hampering mainstream use, this will further empower usage of new tech, but with the added benefit of awareness of possible threats specific to that tech.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapTeam & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results
3.1k views

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes

Does anyone have information about Japan's ESPA (Economic Security Promotion Act) regulation and its applicability, and does anyone have any information on the consultants/assessors who can walk us through the process of complying? 

Peer InsightsSecurity Strategy & Roadmap
78 views