A Critical Vulnerability In The Post-PSTIA Era 

Uploaded on 2024-05-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Product Security and Telecommunications Infrastructure Act (PSTIA) undoubtedly marks a significant step in bolstering our digital defences.

However, to truly fortify our cybersecurity in this new era, we must address the elephant in the room: the human element. 

Convenience vs. Security: A Risky Trade-off 

Recent consumer research conducted by Nuke From Orbit reveals a concerning trend in the UK: 72% of smartphone users reuse passwords or PINs across multiple platforms, and 48% rarely change them. This creates a significant vulnerability, as stolen credentials can easily be used to access various accounts. Further exacerbating the issue is the rising tide of phone theft, particularly in London, as reported by the Metropolitan Police Force.

This perfect storm of risky user behaviour and rising crime can lead to identity theft and financial fraud, with devastating consequences for individuals and businesses alike. 

Compounding the problem is the fact that many authentication tools, such as one-time passcodes (OTPs) or authenticator apps, reside on the same devices they are meant to protect. In the event of theft, these tools become useless, leaving sensitive information vulnerable. Additionally, victims of such crimes often face difficulties proving they were not responsible for fraudulent transactions, leading to frustrating battles with banks and other institutions. 

The PSTIA, while laudable in its intent to strengthen the security of internet-connected devices, fails to comprehensively address this deeply ingrained human element.

Its primary focus lies in technical and infrastructural security, inadvertently overlooking the behavioural aspects that frequently serve as catalysts for cyberattacks. Action Fraud, the UK's national fraud and cybercrime reporting centre, has consistently highlighted that a considerable proportion of cybercrime and fraud incidents involve some degree of human error or manipulation, underscoring the critical need to address this vulnerability. 

Education & Empowerment: The Key to Change 

To strengthen cybersecurity, we must move beyond regulations and tackle consumer complacency. Education is paramount, but it is not enough to simply warn users about the risks. We must empower them with user-friendly tools and intuitive security solutions that seamlessly integrate into their daily lives. Nuke From Orbit is at the forefront of this effort, developing biometric and passwordless authentication platforms that make security as convenient as it is robust. 

Shared Responsibility: A Collaborative Approach 

The burden of cybersecurity does not solely rest on consumers. Banks, digital wallets, social networks, and other service providers must share the responsibility by tailoring their security measures to user behaviour. This means making security convenient and prioritizing data invalidation protocols in case of theft. Proactive collaboration with government and law enforcement agencies, as recommended by numerous cybersecurity task forces, is essential to creating a more secure digital environment for everyone. 

The Limitations of Technology: A Realistic Perspective 

While promising, emerging technologies like Apple's Stolen Phone Mode and Google's AI-powered theft detection have their limitations. These solutions can be circumvented, and the use of AI (Artificial Intelligence) in tackling phone theft may raise privacy concerns. Moreover, they are only effective for a subset of theft scenarios. 

Furthermore, the industry's focus on biometric authentication, while a step in the right direction, must also acknowledge its limitations. Fingerprints can be spoofed, facial recognition can be fooled, and behavioural biometrics may not be suitable for everyone. Multi-factor authentication, while effective, can introduce friction into the user experience if not implemented thoughtfully. 

The Way Forward: A Multifaceted Approach 

The PSTIA is a positive step, but we need a multifaceted approach to cyber security that: 

  •  Educates users about best practices and the importance of strong, unique passwords and regular updates. 
  • Empowers them with easy-to-use security tools that do not compromise convenience. 
  • Enforces robust security measures at the industry level, including instant data invalidation protocols. 
  • Invests in innovative technologies while acknowledging their limitations and potential for misuse. 
  • Fosters collaboration between industry, government, and law enforcement to create a comprehensive and effective cybersecurity strategy. 

By addressing the human element head-on, we can create a digital world that is both secure and convenient, where individuals can confidently navigate the online world without fear of compromise.  

James O'Sullivan is CEO of Nuke From Orbit 

Image: geralt

You Might Also Read: 

Identity & Authentication For Mobile Users:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Way To Build A Comprehensive Backup Strategy 
Focus On Black Basta Ransomware »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.