Lost trust: the catalyst for the cybersecurity revolution
This year, when experts within Forcepoint submitted their thoughts on what lies ahead for cybersecurity, one theme stood out strongly – that of trust. At its most basic, trust is both a logical and emotional act. Trust is a human behavior and something that we engage in every day of our lives to interact with the real and online world around us.
Unlike the plots of many great sci-fi epics, the cybersecurity revolution will not be led by machines. It will not be fought against robots who are trying to enslave and destroy mankind. The cybersecurity revolution will be led by people and it will be driven by innovation focused on regaining control of our privacy and the re-establishment of trust.
Annually when Forcepoint pulls together its Cybersecurity Predictions for the year ahead, we take time to step back and look at the industry from the outside. This year, when Forcepoint Security Labs, Innovation Labs, and experts across the company submitted their thoughts, one theme stood out strongly – that of trust. At its most basic, trust is both a logical and emotional act. Trust is a human behavior and something that we engage in every day of our lives to interact with the real and online world around us.
Focusing on the dimensions of trust in the online world we can see three main categories:
- Trusting the entities that we as consumers interact with
- Gaining value from said entities
- Exposing vulnerabilities (such as passwords) to these entities and trusting them to do the right thing with our information.
To put this simply, let’s imagine signing up for home internet access. We trust our Internet Service Provider (ISP) to provide connectivity to our homes, and our browsers to look after our personally identifiable information (PII) as we set up accounts for different services. When we type in our passwords or do our online banking we trust that the service will be safe, secure – and make our work and personal lives easier.
However, as we examined the cybersecurity landscape over the last year, the reality of this trust is fractured for both businesses and governments. We’ve seen damaging data breaches stemming both from malicious insiders and external cybercriminals and even from poor cyber hygiene. As this IBM poll shows, only 20 percent of consumers completely trust the organisations they interact with. Clearly, short-sighted traditional security measures which lock down the network are insufficient as they are repeatedly infiltrated.
All of this means that online trust is broken and our privacy is perceived as lost. How do we recover from this online state of play? How do we protect ourselves, our businesses, employees, data and governments?
The only consistent element, which has been here since cybersecurity was conceived, is our people. It’s my view that organisations can improve both their cyber defences and restore trust by better understanding the behaviour of humans. This means understanding how people – and all their digital identities and accounts – use business data, systems and applications, whether they’re on or off the corporate network.
By focusing on people and how they interact with data, we can drive better cyber hygiene and policy. One of Forcepoint’s cybersecurity predictions this year opines that good hygiene will be rewarded and visible to the outside world through a new set of business standards or “security trust ratings.” In this way organisations and consumers can make informed decisions on whom they choose do business with.
We also expect that through the introduction of more edge computing, privacy could be placed at the heart of new device or system roll-outs. (Think Apple’s user trust scoring). As long as end-users accept and embrace these systems, they could help rebuild the trust in online interactions and how businesses, their employees, partners and systems interact with data.
Ultimately, behavior modelling will be key. If we can gain a deeper understanding of behaviour, businesses will be able to make determinate decisions to stop the bad and free the good through automatic identification of anomalies, and understanding of the context behind them.
Want to know more? Read our 2019 Cybersecurity Predictions Report.