A Critical Vulnerability In The Post-PSTIA Era 

Uploaded on 2024-05-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Product Security and Telecommunications Infrastructure Act (PSTIA) undoubtedly marks a significant step in bolstering our digital defences.

However, to truly fortify our cybersecurity in this new era, we must address the elephant in the room: the human element. 

Convenience vs. Security: A Risky Trade-off 

Recent consumer research conducted by Nuke From Orbit reveals a concerning trend in the UK: 72% of smartphone users reuse passwords or PINs across multiple platforms, and 48% rarely change them. This creates a significant vulnerability, as stolen credentials can easily be used to access various accounts. Further exacerbating the issue is the rising tide of phone theft, particularly in London, as reported by the Metropolitan Police Force.

This perfect storm of risky user behaviour and rising crime can lead to identity theft and financial fraud, with devastating consequences for individuals and businesses alike. 

Compounding the problem is the fact that many authentication tools, such as one-time passcodes (OTPs) or authenticator apps, reside on the same devices they are meant to protect. In the event of theft, these tools become useless, leaving sensitive information vulnerable. Additionally, victims of such crimes often face difficulties proving they were not responsible for fraudulent transactions, leading to frustrating battles with banks and other institutions. 

The PSTIA, while laudable in its intent to strengthen the security of internet-connected devices, fails to comprehensively address this deeply ingrained human element.

Its primary focus lies in technical and infrastructural security, inadvertently overlooking the behavioural aspects that frequently serve as catalysts for cyberattacks. Action Fraud, the UK's national fraud and cybercrime reporting centre, has consistently highlighted that a considerable proportion of cybercrime and fraud incidents involve some degree of human error or manipulation, underscoring the critical need to address this vulnerability. 

Education & Empowerment: The Key to Change 

To strengthen cybersecurity, we must move beyond regulations and tackle consumer complacency. Education is paramount, but it is not enough to simply warn users about the risks. We must empower them with user-friendly tools and intuitive security solutions that seamlessly integrate into their daily lives. Nuke From Orbit is at the forefront of this effort, developing biometric and passwordless authentication platforms that make security as convenient as it is robust. 

Shared Responsibility: A Collaborative Approach 

The burden of cybersecurity does not solely rest on consumers. Banks, digital wallets, social networks, and other service providers must share the responsibility by tailoring their security measures to user behaviour. This means making security convenient and prioritizing data invalidation protocols in case of theft. Proactive collaboration with government and law enforcement agencies, as recommended by numerous cybersecurity task forces, is essential to creating a more secure digital environment for everyone. 

The Limitations of Technology: A Realistic Perspective 

While promising, emerging technologies like Apple's Stolen Phone Mode and Google's AI-powered theft detection have their limitations. These solutions can be circumvented, and the use of AI (Artificial Intelligence) in tackling phone theft may raise privacy concerns. Moreover, they are only effective for a subset of theft scenarios. 

Furthermore, the industry's focus on biometric authentication, while a step in the right direction, must also acknowledge its limitations. Fingerprints can be spoofed, facial recognition can be fooled, and behavioural biometrics may not be suitable for everyone. Multi-factor authentication, while effective, can introduce friction into the user experience if not implemented thoughtfully. 

The Way Forward: A Multifaceted Approach 

The PSTIA is a positive step, but we need a multifaceted approach to cyber security that: 

  •  Educates users about best practices and the importance of strong, unique passwords and regular updates. 
  • Empowers them with easy-to-use security tools that do not compromise convenience. 
  • Enforces robust security measures at the industry level, including instant data invalidation protocols. 
  • Invests in innovative technologies while acknowledging their limitations and potential for misuse. 
  • Fosters collaboration between industry, government, and law enforcement to create a comprehensive and effective cybersecurity strategy. 

By addressing the human element head-on, we can create a digital world that is both secure and convenient, where individuals can confidently navigate the online world without fear of compromise.  

James O'Sullivan is CEO of Nuke From Orbit 

Image: geralt

You Might Also Read: 

Identity & Authentication For Mobile Users:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Way To Build A Comprehensive Backup Strategy 
Focus On Black Basta Ransomware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Charities Security Forum (CSF)

Charities Security Forum (CSF)

The Charities Security Forum is the premier membership group for information security people working for charities and not-for-profits in the UK.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.