Who’s responsibility is cyber security?

Over the past 25 years, we have gone from corded phones to walking around with computers in our pockets. This rapid technological development is a testament to our ingenuity and scientific prowess. It has brought the world together, enhancing our accessibility to community created apps, websites, add-ons and softwares. But in doing so, it has put the individual at a greater risk. In the technology industry, we have been so obsessed with innovation that we have neglected to keep our cyber security measures developing at the same rate.

This could affect everyone with a smart phone. But whose responsibility is it to solve this problem? Should phone companies be setting aside technological advances for the sake of security concerns or should it be the responsibility of the end user to utilise third party softwares to secure their devices?

Security is the responsibility of the customer 

Upon launch, the hardware that makes up a mobile device is introduced to the masses and can no longer be updated until the next generation is released. The same cannot be said about the software. Considering that phone companies are first and foremost profit-making machines, it therefore makes sense for them not to delay a product’s inauguration in full knowledge that software updates will be made available as soon as security gaps become apparent. Developing an impregnable operating system from the get-go is impractical when you know that its security will be able to be continuously enhanced by “white-hat” hackers.

One prevalent way in which technological advances manifest themselves is through the availability of user created content such as apps and websites which offer more customisation and simplify tasks such as scheduling, uploading files and pictures, or social networking. However, these innovations are accompanied with an increased likelihood of cyber attacks through phishing attacks, trojan viruses and many more. A plethora of security software companies focuses on the development of high performance security systems and firewalls for mobile phones and personal computers, which reduce the risk of these attacks if one was to use these sharing platforms and apps/softwares. Knowing that these security systems are performant and readily available with different prices depending on the level of security, shouldn’t it be the individual’s responsibility to take the necessary measures to purchase and use these if they are afraid of being at risk? This would allow tech companies to focus their resources on the development of high value products and technologies which the user wants, while leaving security and protection to specialised businesses who are more experienced and better placed to do so. This approach grants the user with the freedom to choose the level of security they desire for their device.

Developing an impregnable operating system from the get-go is impractical

Since improved security measures are synonymous with restricted device capacity and processing power, and considering that most people will never experience a major cyber attack (the majority target organisations rather than individuals), there is scope to argue that companies are taking a utilitarian approach in providing more performant but less secure devices.

Security is the responsibility of the company

Would you purchase a car knowing that it does not have an alarm on it? Would you feel at ease driving around not knowing whether someone has tampered with your car? We have passcodes on our phones, we have locks on our cars and both can be broken. But, if our car is broken into the alarm rings, if our phone is broken into, nothing. Is this ok? Shouldn’t cyber technology companies be working harder to provide the same level of security we expect in our homes and cars, in our phones.

The problem is that a lack of cyber security, due to phone companies not prioritising it, may put everyone at risk. We associate hacking with big organisations but as we become more dependent on our phones for internet banking, for example, we become more of a target to cyber-attacks. And yet we are being left to fend for ourselves, it has become the responsibility of the general public to understand the details of cyber security instead of leaving it to industry professionals.

Phone companies should be pooling more resources into security

You might even be targeted on a more personal level, ask yourself how much personal information your phone contains; passwords, personal identification details, pictures you don’t want your boss to see. Wouldn’t you have much more peace of mind knowing that this information is protected instantly and without the need for expensive private security software? This is why phone companies should be pooling more resources into security instead of research and development and leaving security to the customer

It has been claimed in the previous argument that a utilitarian approach would suggest that innovation should be prioritised by tech companies over the development of security. This argument stands in our current technological state where the majority of people would prefer speed over security, but we need to look to the future. As people become more and more dependent on their phones and use them to store more and more private data, the balance of utilitarianism will shift. Personal security will become more of a concern to the majority of people and it shouldn’t be a problem for them to solve. Even informally, it is common-sense that these phone companies provide high level security with new products instead of waiting for the customer to play catch up for them.

So what should we do?

So who’s responsibility is cyber security? On one hand leaving it to the public allows the phone companies to focus all their resources on creating the best product possible. Ultimately this may be what the average customer wants, wouldn’t you prefer speed over security? On the other hand it seems ethically irresponsible for phone companies to not prioritise security. They are creating these highly personal products that they want us to trust with all our personal details but do not even ensure that they are secure. So, once again, who’s responsibility is cyber security? Yours or theirs, what do you think?

Group 24: Samy Krim, Angelo Darriet, Michael Portnell & Oli Welbourn

Advertisements

12 thoughts on “Who’s responsibility is cyber security?

  1. Phone Companies should definitely be the ones to improve security in their devices. Leaving it to third parties would just create confusion in what is best for the customer so he would be left alone deciding on something he needs but does not want to think about. Ultimately I believe that the average person does appreciate security but just does not want to think of it which makes it just as important as performance

    Like

  2. Good points on both sides. However I feel both customers and companies should co-operate on security. To me it is much like guarding your house against robbers. It is up to the company to provide a good alarm system. However one cannot rely on that alone, a safe neighbourhood would integrate a neighbourhood watch scheme, social awareness and ultimately security towards assisting in making a socially sustainable environment. As it currently stands, companies have a diminished responsibility, as they are not financially damaged directly. The costs are passed on to either the bank or the insurance company if someone hacks your bank details, but as the world becomes increasingly technological I can see this debate being brough up many times again,

    Like

  3. Good read here, I too feel the responsibility falls on both company and consumer. Like Mirel said about the security companies providing a good product, people should do their research get what best fits their needs over what best fits their wants or desires. In addition, they could also do other things or get other technologies to help with their protection. Nothing says you should limit yourself to one product/technology. Just my thoughts.

    Like

  4. I might be a bit old fashion here but to me there is no need for security on something that should hold no secrets. What do we fear of losing when talking about cyber crime? The phone itself in an analogy with the car? Personal details? Money? The answer is all of the above but if we were not so reliant on our phone for fake social interaction like twitter or facebook instead of actually dialling their friends number for a chat then our personal details would not need to be on the phone at all. Also who needs to be able to make in app purchases? Who needs to be able to access their bank (or any) account details from their phone? Who needs to use their phones for contactless payment? If anyone does feel they do need these facilities then the responsibility of securing the device is theirs. I don’t particularly want to buy an expensive alarm for my car so all i do is ensure that the engine is immobilized and that there are no valuables left in it… i try and do the same with my phone.

    Like

  5. Thought provoking discussion. As a technophobe I rely on the inbuilt security systems & would be incapable of sourcing & installing sophisticated security software. Aren’t our devices sold to us as idiot proof? I think the onus is on the device manufacturers to ensure they are just that!

    Like

  6. Interesting and topical subject! All these comments have value but the technicality of it all is beyond me. I am not an expert on any tech whatsoever so I HAVE to rely on my phone company to provide all the security i need on my phone. i would even go so far as to say that should they fail to protect me i would hold them responsible! Like Nellytee said, it has to be idiot proof or i will shop around for a provider that will guarantee my safety.

    Like

  7. Very interesting, relevant and topical subject. The article presents strong robust arguments with excellent examples. I personally agree with the sentiment that industry professionals are irresponsible and forcing the general public to take responsibility and understand the details of cyber security” I doubt very much if the majority of general public have any idea on cyber security let alone take responsibility for it.
    It would have been interesting if the article had focused on a generational or made some comparison with millennials and Gen XY rather than refer to people as one homogeneous mass

    Like

  8. It’s a really interesting question, but surely the responsibility must rest on the manufacturers. It seems almost irresponsible to create a device that is way more powerful than f.ex. the computers that sent the first men to the moon, and then release it to the general public without any constraints or safety measures, especially considering that most people don’t (fully) understand the technology that makes their phones works, and therefore cannot understand just how vulnerable their devices are to attacks. With great power comes great responsibility and all that…

    Like

  9. Surely it must be the joint responsibility of both the device maker and user. A user can’t be expected to see all, or any, holes in a system, nor can a manufacturer be expected to foresee everything that a user might do with their device. A user should consider if the maker of their device has done enough to protect them and the user should seek awareness of possible dangers.

    Like

  10. I definitely think that security should be the responsibility of the device makers. In spite of firewall and subscription for protection, my computer was hacked ! I do not think that speed is more important than security and I would rather have restricted device capacity and processing power and also have a more secure phone with my personal details safe than risk being hacked. This is the reason why I don’t do on line banking!

    Like

  11. On a construction site, everyone today expects the workers to wear helmets and safety goggles. But all offices have procedures for fires and emergencies such as bomb threats. The same needs to hold true for cybersecurity. Security staffs need to do their due diligence and deploy defense-in-depth security with firewalls, anti-malware software, security logs and an IPS. The measures to prevent cyber threats and crimes should be taken by the companies to ensure the privacy and security of their users, users who are mostly unaware of what threats await them. Nothing will be secure or private if companies don’t take the necessary steps, who knows where my email will go after I press ‘Post Comment.’ ‘There’s no silver bullet solution with cyber security, a layered defense is the only viable defense’.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s