Companies have been known to take practical action when faced with potentially threatening situations. Usually, they choose to be proactive to save their own skins, but this can still help people to stay safe. When an existing threat is likely to worsen or spread, this action becomes very important. When we talk of this in terms of cybersecurity, it should become a standard for all online companies and offline ones that access data via the Internet. Cybercrime is always evolving, constantly changing to beat security measures and crack new security technologies. Companies need to be proactive about cybersecurity and stop waiting for a breach to happen before they take action.
It’s Really a Responsibility
Why does it seem like everyone wants to use the Internet because it’s there, and yet no one wants to take responsibility for any maintenance? We are actually all responsible for our Internet, just like we are responsible for our communities. What we do impacts the Net that we love, and we should all be doing something to make it a better place. We look to companies as well because they are putting the consumers that they attract in danger when they don’t provide adequate security. Moreover, they are making money off the free Internet and should give a little back.
We all need to understand a little but about how the Internet and networking and computer security work to see that it is not just the infrastructure that needs maintenance. User computers and networks are a big factor in the severity of the security issues that we all face as Internet users. When our personal devices and the networks that we use to connect to the Internet are not secured, we cause security vulnerabilities that can be exploited by criminal elements to attack us and all the people who use our computers, and with whom we connect through these networks and over the Internet.
It Doesn’t Have to Be a Drag
Still, keeping up with cybercriminal elements may seem daunting to smaller companies with little or no budgets for security. But there are many ways to keep consumers safe without having to break the bank. Many companies don’t even want to talk or think about security because they immediately assume that it is a tedious and costly process. But in the past few years, there have been so many developments in the online security industry that have made it so much easier to get secured. Much of this is due to the motivation that the Snowden revelations provided, and also due to the increasingly pro-active stance that has been adapted by the industry itself to better combat cyber threats.
Some say that we have all had it too easy and so someone will have to provide some kind of motivation for companies to care more about consumer data security. Individuals are motivated by the threat to their personal data, and so many have turned to personal VPNs and local data encryption tools. But companies are not so induced to protect their customers’ data because it does not affect them directly. There are so many existing and known computer and network vulnerabilities that are simply being ignored though they can very easily be fixed. This is because companies are shirking their responsibilities, because they are not being motivated to take action. There just isn’t a big enough threat to them to make it worth their while to clean up.
Case in Point: Mobile Security Updates
Let’s take for example the case presented by the EFF on a typical behavior of mobile carriers. These companies are handling a ton of user data on a daily basis, which makes them a good example to look at. Many mobile carriers are actually purposely controlling the delivery of security updates to mobile phones on their networks. They delay and sometimes completely block these updates that should be prioritized over other types of traffic because they are of vital importance. But carriers need to keep their customers happy, and so they prioritize traffic that these customers would notice to avoid getting complaints.
These companies are motivated to provide better call and text services, but not to ensure better security for their subscribers. They are also not motivated to consider that their actions have put critical infrastructure in danger. They don’t care to even know how they have done so because it seems like a far away issue that must fall under someone else’s area of responsibility. In reality, they are causing mobile security issues to go unchecked and run wild through the kernel, the baseband, apps and application frameworks.
Why is this so bad? Mobile users have far less control over their device security than desktop users do. Most of them have to rely on updates that are pushed via their carriers rather than taking control and installing updates manually. Mobile updates are also few and far between as compared to those that are made available for desktops. This means that as soon as an update is available, it really needs to get to all users as soon as possible. Delays are unacceptable, and blocking updates is just really low.
Wait, What About the Government?
As people who enjoy democracy, we often turn to the government for answers when other people don’t cooperate. Sadly, several governments are obviously more concerned with reestablishing their online spying capabilities than with increasing cybersecurity. The recent bills that have gone through Congress have been about the movement of data rather than data protection, more about intelligence interests than the people’s. The government, like cybercriminals, wants to take advantage of the weaknesses rather than work on eliminating them for the good of the public. Just take a good look at the Cyber Intelligence Sharing and Protection Act (CISPA) and the Cybersecurity Information Sharing Act (CISA) and you will see what the government is leaning towards. Then dig into the current projects of the FBI and the NSA and you will see how the government is so focused on thwarting efforts to increase the strength of encryption and continuing to pour tax dollars into the exploitation of security vulnerabilities. With this kind of attitude, it really is up to companies to take the next step towards better cybersecurity.
Being Proactive About Cybersecurity,