A Critical Vulnerability In The Post-PSTIA Era 

Uploaded on 2024-05-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Product Security and Telecommunications Infrastructure Act (PSTIA) undoubtedly marks a significant step in bolstering our digital defences.

However, to truly fortify our cybersecurity in this new era, we must address the elephant in the room: the human element. 

Convenience vs. Security: A Risky Trade-off 

Recent consumer research conducted by Nuke From Orbit reveals a concerning trend in the UK: 72% of smartphone users reuse passwords or PINs across multiple platforms, and 48% rarely change them. This creates a significant vulnerability, as stolen credentials can easily be used to access various accounts. Further exacerbating the issue is the rising tide of phone theft, particularly in London, as reported by the Metropolitan Police Force.

This perfect storm of risky user behaviour and rising crime can lead to identity theft and financial fraud, with devastating consequences for individuals and businesses alike. 

Compounding the problem is the fact that many authentication tools, such as one-time passcodes (OTPs) or authenticator apps, reside on the same devices they are meant to protect. In the event of theft, these tools become useless, leaving sensitive information vulnerable. Additionally, victims of such crimes often face difficulties proving they were not responsible for fraudulent transactions, leading to frustrating battles with banks and other institutions. 

The PSTIA, while laudable in its intent to strengthen the security of internet-connected devices, fails to comprehensively address this deeply ingrained human element.

Its primary focus lies in technical and infrastructural security, inadvertently overlooking the behavioural aspects that frequently serve as catalysts for cyberattacks. Action Fraud, the UK's national fraud and cybercrime reporting centre, has consistently highlighted that a considerable proportion of cybercrime and fraud incidents involve some degree of human error or manipulation, underscoring the critical need to address this vulnerability. 

Education & Empowerment: The Key to Change 

To strengthen cybersecurity, we must move beyond regulations and tackle consumer complacency. Education is paramount, but it is not enough to simply warn users about the risks. We must empower them with user-friendly tools and intuitive security solutions that seamlessly integrate into their daily lives. Nuke From Orbit is at the forefront of this effort, developing biometric and passwordless authentication platforms that make security as convenient as it is robust. 

Shared Responsibility: A Collaborative Approach 

The burden of cybersecurity does not solely rest on consumers. Banks, digital wallets, social networks, and other service providers must share the responsibility by tailoring their security measures to user behaviour. This means making security convenient and prioritizing data invalidation protocols in case of theft. Proactive collaboration with government and law enforcement agencies, as recommended by numerous cybersecurity task forces, is essential to creating a more secure digital environment for everyone. 

The Limitations of Technology: A Realistic Perspective 

While promising, emerging technologies like Apple's Stolen Phone Mode and Google's AI-powered theft detection have their limitations. These solutions can be circumvented, and the use of AI (Artificial Intelligence) in tackling phone theft may raise privacy concerns. Moreover, they are only effective for a subset of theft scenarios. 

Furthermore, the industry's focus on biometric authentication, while a step in the right direction, must also acknowledge its limitations. Fingerprints can be spoofed, facial recognition can be fooled, and behavioural biometrics may not be suitable for everyone. Multi-factor authentication, while effective, can introduce friction into the user experience if not implemented thoughtfully. 

The Way Forward: A Multifaceted Approach 

The PSTIA is a positive step, but we need a multifaceted approach to cyber security that: 

  •  Educates users about best practices and the importance of strong, unique passwords and regular updates. 
  • Empowers them with easy-to-use security tools that do not compromise convenience. 
  • Enforces robust security measures at the industry level, including instant data invalidation protocols. 
  • Invests in innovative technologies while acknowledging their limitations and potential for misuse. 
  • Fosters collaboration between industry, government, and law enforcement to create a comprehensive and effective cybersecurity strategy. 

By addressing the human element head-on, we can create a digital world that is both secure and convenient, where individuals can confidently navigate the online world without fear of compromise.  

James O'Sullivan is CEO of Nuke From Orbit 

Image: geralt

You Might Also Read: 

Identity & Authentication For Mobile Users:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Way To Build A Comprehensive Backup Strategy 
Focus On Black Basta Ransomware »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

White & Black

White & Black

White & Black are specialist corporate & technology lawyers based in London & Oxford.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

Sensity

Sensity

Sensity is a company that offers an AI-driven solution to detect and verify deepfakes and other forms of identity fraud.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.