Listen To The Article
Unless you live under a rock or in a cave somewhere (and I don’t judge, that could be cool) there is no way that, in this day and age, you have not heard of the rampant digital crimes that go hand in hand with the electronic era we live in. Cybercrime has blossomed like a strange unwanted digital flower and, as digital technology expands, so does the domain of cybercrime. The surge in online activity has transformed this issue from a rarity to an everyday reality.
Hopefully you have never been amongst the victims of such crimes, but you probably know of someone who was, whether on a personal or corporate level. Networks are getting more complex every day, everything is digitalized, IoT (Internet of Things) devices are rushing their way into our homes in many different shapes and forms, we crave the simplicity of online shopping, online banking, applications for everything and so on.
The year 2022 averaged a cyber-crime victim every 37 seconds and a total of over $6 trillion in damages. That’s trillion with a “T,” let me help you visualize that number: $6,000,000,000,000. A mouthful by any standards. Experts estimate that, in 2023, more than 33 billion accounts will be breached1. I could go on with statistics and frightening numbers, but it is not the point of this piece. Just take my word that it is really bad, and about to get worse unless we start accepting some part of the blame and do something about it.
So, why does it seem so easy for criminals to steal and sell our data, breach our networks, steal our money, ransom our files? In my opinion, they are getting a lot of help, whether consciously or not, and this is the purpose of this article: voicing my opinion on where some of the blame lies and what can be done about it.
Firstly, let’s get the obvious answer out of the way: Yes, the cyber-criminals are to blame. They are the perpetrators of the crimes and, when caught, should be punished accordingly. In no way, shape, or form do I wish to justify their actions nor diminish the impact of their illegal actions.
However, in my humble view, saying that cyber-criminals carry all the blame is a rather simplistic way to look at that particular problem. Indeed, that is not the complete story and there is more to be said on the subject. In reality, blame can be assigned to three other protagonists in this narrative: the users, so that’s all of us, the companies manufacturing and selling hardware and software, and the governments or regulatory authorities. Let me explain.
Users: Unplugged and Unprotected
Let’s start with all of us, the end-users and customers of IoT devices and apps. If you went on a long vacation and left your house door open, valuables showing, safe open and a big sign that said “Out of town for a month” on your front yard, would you be surprised to find, upon returning home, all your possessions missing? Even if you were insured, you probably would not get reimbursed because of some gross negligence clause in your insurance contract. Sure, the main part of the blame would go to the thieves that perpetrated the act, but any decent judge would probably assign you a part of the blame for what happened. Anyway you would never do that, right? And yet, that is basically what we are doing every day with our online accounts and data! As far as IoT devices are concerned, we basically treat them as a brand new safe we just bought but leave the default combination of four zero’s active, and then we are surprised that someone opened it easily and stole our valuables.
We create online accounts without taking the minimum security precautions and adopting best practices: complex and unique passwords, two-factor authentication, regular updates, avoiding interaction with unknown digital entities, lack of digital protection literacy and so on. We basically treat cyber-hygiene like a gym membership we purchased but never use.
Digital security may seem like a daunting task, and let’s be honest, it can get quite bothersome which is why many people opt to ignore it altogether. But following just the basic principles is easier than making sure your house is secure before you leave it. Applying those basic principles would protect you more than most, and hence make you a harder target for attacks. Keep in mind that most cyber criminals are not targeting you personally but cast a wide net and go for the easy pickings. So, make a small effort and evade that net, all the while gaining peace of mind and proper security for your digital life.
Finally, all of us consumers have developed an insatiable appetite for newer, connected devices and always better performing apps and software, and we thus keep driving the demand for products upwards. This brings us to our second culprit in this digital security cyber-maze: the companies manufacturing, coding and putting all of these new products on the market.
Companies’ Rush to Release, Safety Left Behind
We all know that free capitalist markets are driven by demand and offer. When the demand for a certain type of commodity is high, companies rush to satisfy it and try to be first in marketing new products for many reasons, amongst which: usually being the first mover can provide a significant competitive advantage as it allows a company to capture a larger market as well as creating brand recognition, customer loyalty and making it difficult for competitors to catch up. Secondly, being the first on the market allows a company to set the price and potentially enjoy higher profit margins before competitors enter the market and introduce alternative offerings. Finally, being a pioneer in any market enables companies to shape consumer preferences and establish themselves as innovators.
Based on the above, and in our fast-paced technology driven world, companies often find themselves torn between two competing priorities: ensuring product safety from cyber attacks and being the first to market. Regrettably, the desire to gain a competitive edge and establish dominance often overshadows the importance of safeguarding users’ data and privacy. This leads them to bypass robust security measures, thus leaving their products vulnerable to cyber threats.
It is worth highlighting that rigorous cyber security testing is often a costly endeavor during the pre-market launch phase, whether it involves hardware or software. Consequently, rather than investing in extensive testing themselves, companies often opt for a fast-paced and unsafe approach, releasing their products to market prematurely and relying on subsequent software updates to patch up vulnerabilities. It is the equivalent of sending a ship off to sail without properly checking for leaks, hoping you can fix them while it is already out at sea.
For anyone who owns a laptop, mobile device, or tablet with a multitude of apps, the regular influx of updates is a familiar occurrence. Interestingly, if you delve into the update descriptions, you’ll likely encounter messages such as “improving app” or “eliminating bugs.” The art of sugar-coating in the tech world knows no bounds.
However, beneath these seemingly innocuous statements, the reality is often quite different as it should state the following, “we’ve uncovered another vulnerability or security flaw, and we’re hastily rectifying it.” This comical charade underscores the unfortunate truth that many products hit the market with known vulnerabilities, putting users at risk and requiring ongoing updates to address these issues.
Nevertheless, a critical question arises: Why would companies jeopardize their market shares and risk delayed product launches, potentially sacrificing substantial revenues, just to prioritize the security of their products? After all, without any enforceable legal obligations in place, their primary focus is, and always will be, maximizing profits, which is the gravitational force that guides the capitalistic corporate universe.
But fear not, brave readers, for we now approach the third and final culprit in our blame-assigning expedition: governments and regulatory authorities, the guardians of order or, in this case, the absentee landlords.
Governments Napping on Cyber Legislation
Governments and regulatory authorities are supposed to be the equivalent of digital sheriffs setting and enforcing the laws for the cyber-jungle we live in, helping educate the public about the digital rights and wrongs and establishing cooperation with other nations to ensure cyber criminals do not skip town. After all, it is not easy to catch a cyber outlaw when they can teleport from one virtual hideout to another, leaving nothing but pixels in their wake.
Domestically, governments and regulatory authorities must enact comprehensive cybersecurity legislation, outlining the obligations of all stakeholders and the penalties for non-compliance. This would include setting regulations for companies to adhere to a minimum standard of cyber testing on their products, whether hardware or software, before putting them on the market. This would make companies take cybersecurity as seriously as they do their quarterly profits. It is time to make companies realize that cybersecurity is not a mere afterthought, but a critical ingredient that must be baked into their products from the very beginning. And since the battle for digital safety cannot be won by legislation alone, they should also promote cybersecurity education with public awareness campaigns designed to shake users out of their complacency, collaborate with educational institutions to integrate cybersecurity tutoring into school curricula at different levels and join forces with experts, industry leaders and advocacy groups to develop and disseminate educational materials.
Internationally, governments should cooperate with other nations to implement and standardize cyber laws across borders, share intelligence and collaborate on investigations. This would make the cyber realm a harder environment for criminals to operate in. Moreover, tech companies should be held accountable for data breaches, incentivizing them to continually improve their cybersecurity measures. By establishing clear guidelines and incentivizing companies to invest in robust cybersecurity practices, governments can foster a culture of vigilance and improvement across the tech industry.
Therefore, it seems like we all need a nudge in the right direction and an awakening to the gravity of the situation in order to ensure a safer digital environment for all and to make it harder for cyber criminals to do their bidding. Indeed, it is only by working together that we can build a safer digital world for generations to come.
While I have not gone into specifics in this piece, it is essential to acknowledge that there are minimum precautions that users and corporations can embrace to bolster their defenses against cyber attacks and to become safer than most players in the field. These shall be explored in a forthcoming article.
In conclusion, remember that cybersecurity is not optional, but essential to the functioning and preservation of our digital society. The responsibility of safeguarding it rests upon the collective shoulders of users, corporations and governments alike.
1 h#ps://dataprot.net/sta0s0cs/cybercrime-sta0s0cs/
Instagram: @sehnaoui | Twitter:@sehnaoui
