Technology / How better design could give the security industry a more positive reputation

How better design could give the security industry a more positive reputation

Cyber security professionals and manufacturers need to work together to give the industry a more positive reputation, according to an expert.

While security staff are actually working to ensure businesses and their customers are safe, they can be viewed as negative because they have to stop employees and consumers from using certain insecure products, for example, and this inconveniences them.

"We set ourselves up to be viewed as the people that say no, but we need to be seen as a business enabler," (ISC)2 CEO David Shearer said, speaking to Business Reporter ahead of the Infosecurity Europe conference in London.

This reputation is feeding into the information security skills crisis, he explained. Many young people have a negative perception of security staff and therefore are not likely to pursue a similar career. Less than six per cent of cyber security staff are under 30 years old.

“We are not attracting young people and part of it is the perception that we are the no folks,” Shearer said. “We want to be the people who say yes and make things go, not say no.”

Another part of the issue is that manufacturers of “cool” products do not build in security from the start, he explained. Consumers like their connected cars, for example, so it can be frustrating when security researchers tell them their new purchases are not secure.

“Part of the way we can get out of being the people who say no is by getting manufacturers to build security features into the products they sell us,” Shearer said. “Everyone says, ‘I love the fact I have WiFi in my car.’ It sets us up more and more again to be the people who say no when we want to be the people that make it go.”

He added that he would encourage universities teaching engineering to include cyber security on their syllabuses. This would ensure that Internet of Things-connected products are designed with security in the mind from the start, rather than being retrofitted.

Shearer compared security to safety, in that manufacturers should consider it from their products’ beginnings. As well as keeping consumers more secure, this would mean security experts would not have to chime in with as many inconvenient vulnerability warnings.

“In the US, people make decisions on the car they buy by the five-star crash rating,” he said. “People make product decisions on those ratings. Why should there not be cyber security ratings on those products? That should be a product differentiator – it is going to affect the bottom line. You should look at cyber security as a QA element of every product that you sell.”

cloud

Shares