“I’m sorry, but the bank cannot provide you with any services due to you being a cyber risk”. Fiction? Perhaps at the moment but as the financial services sector continues to try and integrate legacy systems into online platforms more and more security holes appear. If you add more customers to these systems, then there is a greater likelihood that they will be compromised.
Therefore, the cost of administering these systems do prevent them from scaling and reaching more users. This interesting view of cyber security was discussed by Forbes who went on to discuss how Banks need to look at alternative security methodologies, such as the asymmetric encryption that is a part of the Bitcoin blockchain, for inspiration on how to improve their service offering. Will other industries hit this cyber induced glass ceiling on service offerings where the risks are just too high for the business to scale further?
The IB Times, like many, reported on the conclusions of the government investigation into the TalkTalk breach from last year. Their expression of choice was that the public still needs to ‘wise up’ to cyber security. Quoting from the report they reported that “There needs to be a step change in consumer awareness of online and telephone scams. All relevant companies should provide well-publicised guidance to existing and new customers on how they will contact customers and how to make contact to verify that communications from the company are genuine. This verification mechanism should be clearly signposted and readily accessible.” My interpretation of this is that should the public ‘wise up’ then they will start to ask these questions, and market forces will compel business to address them accordingly.
I applaud this recommendation, however there is still a lack of consumer education being undertaken in order to get the public to ‘wise up’. It seems like a classic chicken and egg situation where the public don’t know what to ask, so the businesses don’t provide it. What can break this cycle? Perhaps when businesses cotton on that as cyber security has finally entered the public consciousness that it is in their long term interests and in some cases can provide short term business differentiation if they proactively address it. Some companies are starting to do this but talking about the protection of customer privacy, as opposed to hard core cyber security. Perhaps the public can relate and respond more favorably to discussions about privacy issues, then cyber security? If so does cyber security need a bit of a makeover to make it more palatable and less frightening to the general populous?
One think that has been learned from the TalkTalk hack is that a business reputation can take a terrible beating once it is associated with a cyber-attack. Sony, Target, TalkTalk and more all have a tarnished reputation that will take many years to recover. The Huffington post discussed how many businesses and individuals are ‘sitting ducks’ for cyber criminals and opposed to waiting should proactively take measures in order to preserve their reputation in advance of any attack, breach or hack.
Of the nine recommendations listed, six of them could be easily implemented by those of even the most basic technical skill set and achieved in a couple of days or less. However, as I read them I knew from personal experience that we all live increasingly busy lives and to many people sitting down and working through lists of recommendations to pro-actively preserve their online reputation will fall well down the ‘to do list’. What is needed is a motivation, but not one that is brought on by an attack. What could that be? Perhaps being declined access to a banking service might do that.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.