A Critical Vulnerability In The Post-PSTIA Era 

Uploaded on 2024-05-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Product Security and Telecommunications Infrastructure Act (PSTIA) undoubtedly marks a significant step in bolstering our digital defences.

However, to truly fortify our cybersecurity in this new era, we must address the elephant in the room: the human element. 

Convenience vs. Security: A Risky Trade-off 

Recent consumer research conducted by Nuke From Orbit reveals a concerning trend in the UK: 72% of smartphone users reuse passwords or PINs across multiple platforms, and 48% rarely change them. This creates a significant vulnerability, as stolen credentials can easily be used to access various accounts. Further exacerbating the issue is the rising tide of phone theft, particularly in London, as reported by the Metropolitan Police Force.

This perfect storm of risky user behaviour and rising crime can lead to identity theft and financial fraud, with devastating consequences for individuals and businesses alike. 

Compounding the problem is the fact that many authentication tools, such as one-time passcodes (OTPs) or authenticator apps, reside on the same devices they are meant to protect. In the event of theft, these tools become useless, leaving sensitive information vulnerable. Additionally, victims of such crimes often face difficulties proving they were not responsible for fraudulent transactions, leading to frustrating battles with banks and other institutions. 

The PSTIA, while laudable in its intent to strengthen the security of internet-connected devices, fails to comprehensively address this deeply ingrained human element.

Its primary focus lies in technical and infrastructural security, inadvertently overlooking the behavioural aspects that frequently serve as catalysts for cyberattacks. Action Fraud, the UK's national fraud and cybercrime reporting centre, has consistently highlighted that a considerable proportion of cybercrime and fraud incidents involve some degree of human error or manipulation, underscoring the critical need to address this vulnerability. 

Education & Empowerment: The Key to Change 

To strengthen cybersecurity, we must move beyond regulations and tackle consumer complacency. Education is paramount, but it is not enough to simply warn users about the risks. We must empower them with user-friendly tools and intuitive security solutions that seamlessly integrate into their daily lives. Nuke From Orbit is at the forefront of this effort, developing biometric and passwordless authentication platforms that make security as convenient as it is robust. 

Shared Responsibility: A Collaborative Approach 

The burden of cybersecurity does not solely rest on consumers. Banks, digital wallets, social networks, and other service providers must share the responsibility by tailoring their security measures to user behaviour. This means making security convenient and prioritizing data invalidation protocols in case of theft. Proactive collaboration with government and law enforcement agencies, as recommended by numerous cybersecurity task forces, is essential to creating a more secure digital environment for everyone. 

The Limitations of Technology: A Realistic Perspective 

While promising, emerging technologies like Apple's Stolen Phone Mode and Google's AI-powered theft detection have their limitations. These solutions can be circumvented, and the use of AI (Artificial Intelligence) in tackling phone theft may raise privacy concerns. Moreover, they are only effective for a subset of theft scenarios. 

Furthermore, the industry's focus on biometric authentication, while a step in the right direction, must also acknowledge its limitations. Fingerprints can be spoofed, facial recognition can be fooled, and behavioural biometrics may not be suitable for everyone. Multi-factor authentication, while effective, can introduce friction into the user experience if not implemented thoughtfully. 

The Way Forward: A Multifaceted Approach 

The PSTIA is a positive step, but we need a multifaceted approach to cyber security that: 

  •  Educates users about best practices and the importance of strong, unique passwords and regular updates. 
  • Empowers them with easy-to-use security tools that do not compromise convenience. 
  • Enforces robust security measures at the industry level, including instant data invalidation protocols. 
  • Invests in innovative technologies while acknowledging their limitations and potential for misuse. 
  • Fosters collaboration between industry, government, and law enforcement to create a comprehensive and effective cybersecurity strategy. 

By addressing the human element head-on, we can create a digital world that is both secure and convenient, where individuals can confidently navigate the online world without fear of compromise.  

James O'Sullivan is CEO of Nuke From Orbit 

Image: geralt

You Might Also Read: 

Identity & Authentication For Mobile Users:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Way To Build A Comprehensive Backup Strategy 
Focus On Black Basta Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Windscribe

Windscribe

Windscribe is a Virtual Private Network services provider offering secure encrypted access to the internet.

Secucloud

Secucloud

Secucloud GmbH is a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform, particularly for providers.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.