Home » Digital Security » Leading Tech Companies Weigh in On the Future of Digital Security
Digital Security

Leading Tech Companies Weigh in On the Future of Digital Security

Security experts share their thoughts on the impacts of IoT growth for both businesses and individuals.

Angel Grant

Director, Global Product Marketing & Strategy, RSA Fraud & Risk Intelligence Solutions

What are some tips that we can use to improve our digital security?

Much of our personal information is already in the open, whether voluntarily shared in our social media posts or stolen in a data breach. Here are a few quick tips that consumers can act on in less than an hour that will help reduce their risk of becoming a victim of identity theft and account takeover.

  • Back up important data offline, so if you are a ransomware target, you will be prepared. 
  • Ensure all software is updated regularly to patch newly found vulnerabilities.
  • Clean up your social media accounts by both checking your privacy settings and posts.
  • Change your password frequently and avoid using the same one on all accounts. While strong passwords are important, it is even more critical to update your passwords regularly. Also, for your Internet of Things devices, always ensure that you change the default username, password and privacy settings. 
  • Activate multi-factor authentication, when available, with companies you do business with.
  • Resist the click. Always use caution before clicking on any link within a text message, email or social media post — even if it appears to come from someone you know.
  • Activate fraud alerts on all your financial and health related accounts. Examples of alerts: new payee, money withdrawal, high value credit card transaction, insurance claim, loyalty point use or new healthcare record.

In the future how do you think cyber security solutions will combat privacy threats?

Many organizations are moving towards an omni-channel experience for their customers, which will allow them to engage anytime, anywhere and from any device. It also means that companies can have a complete view of their customer, not just from a marketing perspective but also from a security perspective. In our interconnected, digital world, an identity is now made up of infinite factors. Every ounce of meta data we leave behind in our digital footprint can be used to create a credential and help better determine and distinguish between customers and criminals. In the future, cybersecurity solutions will be able to use this data more intelligently and dynamically to identify and stop fraud in real time.

How can businesses and individuals better protect their sensitive information in the digital age?

Simply put, the longer an attack goes undetected, the greater the risk to the business and individual. Therefore, rapid response and remediation for what is most important is critical. However, if you don’t know what sensitive information matters most or where it is, then you can’t protect it. Organizations should immediately determine what data matters most, classify it, make it useless to others, back it up and then monitor it. 

What threats do you see to individual digital privacy that people may be unaware and unprepared for?

One of the biggest digital privacy threats I see emerge is around the Internet of Things, or IoT.  Most of us get excited to use new toys and technologies without understanding the bigger picture consequences. Think about all of your interconnected devices and the type of personal data we are tracking and sharing, like financial, health, driving patterns and home living information such as our normal arrival and departure times. Individuals need to better understand and control what data is being captured and to whom they are giving permission to share and use it. There is very little regulation around IoT right now, so one must consider what potential harm could occur in the future if that information got in the wrong hands. Not only do we need to understand the data collected, we also need to understand how to address the challenges of patching all these devices when vulnerabilities are found. 

When it comes to protecting sensitive information, whether for a business or individual, what do you think are the biggest mistakes people make? What are the biggest misconceptions?

The biggest mistake both businesses and individuals make is denying they will never become a victim and not taking time to understand what information matters most, where and how it is actually stored, and what they would do if it was stolen. Data privacy and security is now the biggest risk companies face. Cybersecurity isn’t an IT, compliance or security responsibility; It’s the responsibility of the entire organization. Today, it’s being inspected by executives and boards, who will need to prove continuous compliance and privacy every day, not just once a year. It’s critical that organizations align information security and fraud strategies to mitigate risk. And if they don’t, it will be costly. Especially as new global legislation like GDPR gets rolled out, which will carry fines of $20 million euros or 4 percent of global revenue, whichever is more.

Bimal Gandhi

Chief Executive Officer, Uniken Inc.

What are some tips that we can use to improve our digital security?

Whenever possible, use services that offer passwordless logins. If you can’t, then never reuse passwords. Hackers rely on this. Instead, use a good password manager to generate and remember all those unique passwords for you. If you must create a password, long, mangled passphrases (like $$May$The$Force$Be$With$You$$) are better than complex passwords (like Tr0ub4d0r&3). And turn on two-factor authentication everywhere, especially for your email.

In the future how do you think cyber security solutions will combat privacy threats?

In our mobile-first world, cybersecurity will center around the sensor-packed supercomputers we carry everywhere. Using smartphones to verify and securely communicate with people eliminates the use of personal information from online and call center interactions. That helps businesses avoid collecting, storing and protecting that data like toxic waste, reducing their privacy burden and your exposure.

How can businesses and individuals better protect their sensitive information in the digital age?

The best way to protect sensitive information is reduce its need and avoid spreading it around. Individuals should avoid sharing personal information with websites unless absolutely necessary. Make up fake answers for those annoying security questions and save them in the notes for that site in your password manager. Businesses should transition to mobile-centric security and avoid storing personal information they don’t really need.

What threats do you see to individual digital privacy that people may be unaware and unprepared for?

“Synthetic personal information” is data about you that is being derived, compiled and sold by services you use. Privacy is about control, but you can’t control what you don’t see. In the age of algorithms and AI based decision making, the lack of transparency, regulation and recourse around this data can harm us as individuals.

When it comes to protecting sensitive information, whether for a business or individual, what do you think are the biggest mistakes people make? What are the biggest misconceptions?

The biggest misconception that individuals and businesses have is that we can’t have good security and a good user experience. We’re actually at an inflection point where advances in technology, security and people’s understanding and expectations are converging to make human-centered security and privacy not just possible but profitable.

Rob Coombs

Director of Business Development, Arm

What are some tips that we can use to improve our digital security? 

Nobody likes passwords; We forget them, use easily guessed words or end up writing them down. It also turns out that they can be easily “phished” by hackers sending us links in emails that ask us to log on to a website that looks like our email provider or payment company. The most effective “small thing” we can do is turn on two-factor authentication for our most important online accounts such as email and banking. This means that even if the bad guys get you to click on a link and get your passwords, they can’t use them without access to your mobile device or PC.

On our mobile devices, we can often use fingerprints instead of passwords to authenticate – this is a much better situation. There is some clever design from an organization called FIDO that creates the standards and protocols in this area that means that your fingerprint never leaves the phone, but is held securely in a “TrustZone” or other hardware-based store. Your fingerprint or alternative biometric is just used to unlock a strong crypto key on your device, which is used with the website you are using to prove that it is you logging in and not a fraudster.

In the future how do you think cyber security solutions will combat privacy threats?  

One of the biggest threats to our privacy is when the websites we use are hacked and huge databases of individual personally identifiable information are revealed. This seems to be a monthly occurrence, with the Equifax breach being only the most recent in a long line of cyber disasters. The websites need to keep software up to date to fix problems before they are used in an attack. Sensitive information such as passwords need to be encrypted. The technology is here today — businesses just need to use it. In addition, experts are architecting a future in which systems mimic human biology to use digital “immune systems” and “health care services” to constantly combat and respond to attacks. Mobile devices will use AI to understand your usage patterns and geolocation habits to aid in authentication.

How can businesses and individuals better protect their sensitive information in the digital age?

Update the software on your mobile devices and PCs when you are prompted. Many of the updates are to fix security issues (vulnerabilities). If you don’t update, you give more time to the bad guys to think how to extract value from you. As we increasingly rely on Internet of Things gadgets, they will need to be automatically updated too.

What threats do you see to individual digital privacy that people may be unaware and unprepared for?

Cyber criminals are becoming more active and launching more complex, hard-to-detect attacks. Increasingly, IoT devices are seen as softer targets, just at the moment where deployments are starting to scale up and the value and impact of attacks escalate. If your connected burglar alarm, doorbell and lighting system are hacked, then it becomes personal. A hack on your devices might reveal whether you are at home or away and that information could be sold to criminals. Arm believes that we need to build in layers of hardware-based security to combat these threats. Companies have an obligation — a Social Contract for Security — to do more to build and deliver secure devices and services with end-to-end trust.

When it comes to protecting sensitive information, whether for a business or individual, what do you think are the biggest mistakes people make? What are the biggest misconceptions?

Security is not a problem solved at a single point in time. It is a mind-set of adapting to a constantly changing environment. Designing in security to devices isn’t about solving today’s problems, it is about anticipating and providing the tools to react to tomorrow’s. Consumers and businesses must also understand it isn’t all about the technology; The best safe in the world offers no protection at all if everyone knows the combination. People are their first and best line of defense against cyber criminals, and while the tech sector does need to do more to make security stronger and more human-centered, the user also has to become more aware of the rising threat.

Next article