When you log into online banking to pay a bill, register to donate blood, or join a dating site, you are trusting a number of services to conduct those transactions safely and securely.
But what happens if the blood bank or bank or dating site is hacked due to poor cybersecurity, compromising your credit card, personal health information and privacy?
Will you continue to place your information online, risking yet another breach?
According to Mark McLaughlin, CEO of cybersecurity firm Palo Alto Networks, once we lose our trust in the technology we entrust with so much, we end up with declining levels of productivity.
“So much of the society we live in today is digital in nature, and it keeps growing and growing and growing – and that’s definitely not going to stop. Cyber issues are not going to stop, the adoption of these technologies, or pace and rate of change in the digital age,” he said.
“What can happen is that we start to lose trust in those technologies. We can lose trust in the digital age and if we do that, we have declining levels of productivity.
“How do you maintain high levels of productivity when technology is supposed to do that for you? And how do you maintain trust in it that it’s actually going to work, for very important things, not the least of which would be privacy?”
Presenting his keynote at RSA Conference 2017, the world’s largest cybersecurity event, McLaughlin cited research showing the lack of faith emerging: 57% of Americans believe the US voting system is failing, and 49% of Americans do not trust the federal government to protect their data.
“People are questioning the ability of the government to protect themselves, let alone their own citizens,” he said. “You can see a lot of this building and growing concern, and the declining productivity that may result if we don’t get that right.”
In 2016, some 1.2 billion records were breached – and that’s only the ones we know about, said McLaughlin.
To restore trust, we need to consider how security innovation is encouraged, how it’s consumed and how it’s delivered.
“We know we're at least a step behind, if not a hundred or a thousand steps behind the adversary, because at the end of the day, one way to look at cyber [security] is that it's just a math battle.
“This is a highly, highly automated adversary that takes increasing advantage of the declining cost of compute power, which will not change. And the more we’re trying to fight that with people and complicated systems, the further and further we fall behind them.
“It is a man versus machine problem. It’s an intensifying problem that’s going to grow very quickly over time.”
It's man vs machine. Source: Palo Alto
“That’s led to a paradigm that we live in today where how we do security… is too complex, it’s too expensive, it’s increasingly hard for security professionals to show returns on investment, and it’s too slow to adapt to changes, despite the fact that there’s actually a lot of very smart and innovative people running around in the security space.”
McLaughlin said the cybersecurity industry needed to engage in more innovation, more sharing, more automation, more software, more ease of deployments and more flexibility.
Security, he said, needs to be viewed as a platform and be opened up from an API perspective.
“What’s going to happen to the security industry? It’s going to turn on its head.”
ACS President Anthony Wong, ACS CEO Andrew Johnson and ACS Fellow Professor Jill Slay travelled to RSA Conference 2017 in San Francisco as part of Australia's Austrade Cybersecurity delegation.