Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't!
So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices (IoT) that are lacking proper security controls?
I believe there are two primary reasons. First is that most consumers are lacking the skill set required to evaluate the security level of those devices. Second, most customers don't consider the level of security of all those devices as something that is related to their safety. When customers buy those devices, they look at security aspects as something that ensure that their data, content and privacy are being protected properly.
But times are changing and it is no longer matter of having the right insurance, it is becoming a matter of our safety.
Security != "Insurance"
As everything around us becomes digital, more and more things become possible. With our home connected to the Internet, we now have the ability to control many aspects of home operation remotely. Since our cars are now connected to the internet we can consume and share data while we are driving. It's just a matter of time until automobiles become fully controlled by software, releasing us from the burden of holding the wheel.
But wait, what if our home is being hacked and someone tampers with fire detection device, making it unreliable in the case of a fire? And what if someone hacks into our car and tampers with navigation and control systems? And what if someone launches a worldwide distributed ransomware cyber-attack that results in hospital computers that store information becoming unavailable and potentially affecting the quality of the service we receive ? (sounds familiar, you can read more on Akamai blog)
Do you still consider all those realistic scenarios as something that you classify as insurance or safety?
Security == "Safety"
Clearly, it is no longer simply a matter of insuring ourselves from cyber risks. It is our obligation as customers to make sure we are safe!
If we check (at least some of us do) the results of unbiased safety rating tests for the car we want to buy, it is just a matter of time until we will want to have similar unbiased security rating that will give us the ability to easily evaluate the security risks involved with buying the car we want.
If we check the quality of health services that we want to consume in terms of serviceability, staff expertise and facility, I believe it is a matter of time till we will also evaluate those hospitals in terms of to their security reputation and rating.
Consumers are not supposed to understand firewalls, threat landscape and software patches; but It is our obligation as consumers to demand the ability to easily evaluate and rate the level of security of the products and services we want to buy.
It is our own interest to do so. In the cyber era we live in, those security threats pose a great risk to us and our loved ones' well-being. As consumers, we need to make sure we make the right choices. We need to make sure our governments, product manufacturers and service providers create security criteria based on factors that may include: reputation, software security development standards, software updates, etc., all to a simple "score" that offers a clear and easy understanding of a given product's security rating.
Our power as consumers can drive change. Economic pressure makes a difference and can push and encourage product manufacturers and service providers to take better care of the security and risks of the goods they offer consumers.
I hope to see you soon in the "consumers' security awareness era".