Why Better Security is the First Step to Greater Trust

By Tim Mullahy, Executive Vice President and Managing Director, Liberty One Center

We are currently in the midst of a technological renaissance, and the world is going digital. On the one hand, that’s great. Innovations such as the Internet of Things (IoT) come hand-in-hand with incredible benefits, including new revenue streams, more efficient workflows, and untold convenience in our personal lives.

On the other hand, it’s a cybersecurity nightmare. As IoT continues to gain prominence, more and more businesses are diving headlong into bringing their products onto the Internet. The problem is that many of these organizations are not technology companies.

Instead, they’re consumer-focused vendors who have a history of selling products like home appliances, light bulbs, media players, and televisions. Products, in other words, for which endpoint security is traditionally unimportant. As a result, these vendors lack the expertise of a company with a background in digital technology.

And it shows.

In McAfee’s Mobile Threat Report 2019, for example, the vendor revealed that the majority of IoT devices fail at even rudimentary security practices. While some of these - such as easily-guessable credentials - can be placed at the feet of the user, most are solely the domain of the vendor. The firm predicts that as IoT continues to grow, these simple, easily-patchable vulnerabilities will become increasingly valuable to criminals as an attack vector.

“Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings,” Raj Samani, Fellow and Chief Scientist at McAfee, explained in a presentation at Mobile World Congress. “From building botnets to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals.”

If you don’t find that news concerning, you should. We are already in a time of crisis, and one in which consumer trust in businesses is at an all-time low. Just a quick look at the news is enough to confirm that. See how long you can go without hearing about some new data breach or security failure.

Alternatively, you could simply have a look at the 2019 data breach timeline compiled by security agency Selfkey. It’s a sobering read. I’d recommend keeping a stiff drink nearby if you’re planning to go through the whole thing.

Unsurprisingly, people are fed up. Data breaches cause more than financial damage. They erode trust.

And trust is already at an all-time low. Last year, for example, Oxford Economics found that a paltry eight percent of consumers trust businesses to keep their personal information safe. Another survey from that same year by identity security specialist Ping found that 78 percent of people stop engaging with a brand online after a breach, and 36 percent write off the brand entirely.

“Trust [is] both the most important aspect of any commercial interaction and the hardest to measure,” writes Immuta Chief Privacy Officer and Legal Engineer Andrew Burt. “If we don’t trust the maker, we simply don’t know what it is we’re getting. And because trust cannot be proven, it must be signaled - through branding, marketing, and more.”

“Security and privacy concerns can no longer take a back seat in the product development lifecycle,” he continues. “Clear and demonstrable processes must be put in place to illustrate the importance of data protection, both inside and outside every organization … Companies and consumers alike must be honest about the risks we collectively face in the digital world.”

So what exactly does this involve? How can your brand follow Burt’s advice and prioritize cybersecurity, thereby regaining the trust of its customers?

• Engage with experts. There are many agencies out there whose sole purpose is to help businesses improve their security posture. Seek one such third party out, and work with them to address vulnerabilities within your internal organization, your products, and your supply chain.
• Be transparent. If you suffer a breach, do not try to sweep it under the rug. Notify customers and shareholders the moment you suspect something has gone wrong, and explain what you are doing to mitigate the attack. Sure, you might suffer a bit of reputational damage - but the damage will be worse if you wait.
• Be accountable. Continuing my point above, if your customers suffer as a result of a breach, step up and offer reparations of some kind. Equifax, for all its failings, had the right idea when it offered a decade of free credit monitoring to everyone impacted by its breach. You’d be well-advised to do the same.
• Understand that cybersecurity is everyone’s job. Your IT department should not be the sole gatekeeper of security. Everyone, from marketing to human resources to manufacturing, now has skin in the game. It’s important to understand that and to incorporate measures at every step of your product’s lifecycle to keep you in control of your systems and data.

People no longer trust brands. They don’t believe businesses have their best interests at heart. In order to challenge that belief, you need to implement stronger security measures to show them that keeping their data safe is a priority.

Only then can you begin to regain the trust you’ve lost.

About the Author: Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.