How can security professionals drive consumer awareness of new tech without hampering mainstream adoption?
Sort By:
Oldest
Senior Information Security Manager in Software2 years ago
PCI....stands for: pay cash instead :)
CIO/CISO in Healthcare and Biotech2 years ago
Quite simply, the best way is to think of the consumer first and where that consumer's pain may lie from a protection perspective. Touting benefits of new technology while weaving in specific cautions to take will not only educate and promote new tech, but also bring awareness to possible security issues one might encounter while utilizing that tech. Far from hampering mainstream use, this will further empower usage of new tech, but with the added benefit of awareness of possible threats specific to that tech.
I cut my teeth on the solution side in security architecture, mostly driven by PCI, so that influenced my point of view. But it's an interesting dichotomy to process: To what degree is risk acceptable for the audience that we're trying to build out into, from a customer standpoint? Where do we factor them in? When do we need to stop freaking them out? The conversations that we have around cybersecurity are fundamentally scary, so we have to factor that in.
Voting machine vulnerabilities was one of the things that we pushed that drove much adoption of vulnerability disclosure in the US government around the 2020 election. The problem is not the fact that voting machines have vulnerabilities because they're a computer. The problem is that if you get on Twitter and tweet a picture of a voting machine with ransomware on it, even if you Photoshop that, you'll create a broader issue at that point. How do you address the issue of trust and transparency, and the idea that it’s being approached in a rational way, not in one that's purely beholden to the attacker or purely exploitative of the consumer? If we solve that, we'll solve the planet.