If you are even slightly interested in the world of cyber security, you will have heard of the yearly Black Hat conference. Those gathered watch elaborate hacking performances, attend training sessions and listen to talks about various security topics there are courses about other topics you can take online, like the London TFE Training Courses, for managing courses. This year, Facebook’s chief security officer, Alex Stamos, had an important message for all cyber security experts.
He believes specialists should focus more on helping regular users stay safe, rather than performing complex hacks.
“We have perfected the art of finding problems without fixing real world issues,” he scolds attendees. “We focus too much on complexity, not harm.”
Security industry should focus more on the people
At least once a week, some elaborate hack performed by experts makes headlines and experts warn about vulnerabilities. And we are more likely to see those hacks more and more often. However, in the process of becoming more focused on executing elaborate hacks and hunting for security holes, experts forget about the regular people and their much more mundane security issues.
The reality is that the majority of users are not affected by the vulnerabilities showcased in those complex hacks, which is why focus should shift more to the regular people and more straightforward problems. Re-used passwords, phishing attempts, unpatched systems and clicks on malicious links/attachments are much more basic problems but that is exactly what needs to be addressed. He emphasized that experts should focus more on how to help people develop good security habits rather than perform elaborate hacks and hunt for vulnerabilities.
After all, when someone’s Facebook gets hacked, it is probably not some elaborate ploy, it could simply be a case of re-used passwords. And that does not get talked about enough because security people tend to focus on more complex security issues.
“The things that we see, that we come across every day, that cause people to lose control of their information are not that advanced,” Stamos says. He further explains that this lack of focus comes from experts having little interest or empathy for regular people and their less advanced problems.
Security experts need to have more empathy
Some experts believe that if people were perfect, there would be much less data loss and breach cases, and that kind of attitude makes the situation worse. We often hear security researchers claim that if users would have done this or that a data breach could have been prevented but what we do not realize is that users might simply not be informed about the dangers certain actions could put them in. If experts provided users with more straightforward tools and helped develop good cyber security hygiene, the situation could take a turn for the better and certain scenarios could be avoided.
“It’s unfair for us to say that users should be better,” the chief of security says. He believes that a lot of simple security issues, which are the ones affecting regular people the most, could be solved or at least made better if the industry was more tolerant and empathetic towards the user.
“Things are not getting better, they are getting worse,” Stamos says. “That’s because we do not have enough people and not the right people to make the difference.”