Connect with us

Hi, what are you looking for?

Tech & Science

Are business cybersecurity measures really fit for purpose?

Business efforts to redress the growing cybersecurity threats faced by business are becoming more challenging.

Image: — © AFP
Image: — © AFP

2023 has shown us that all it takes is one compromised identity to have a huge effect on the targeted organization, the industry vertical, and society at large.

This leads to the question: “Are our current cybersecurity measures fit for purpose?” Considering the answer to this question for Digital Journal is Richard Caralli, Senior Cybersecurity Advisor, Axio.

Caralli is concerned that business efforts to redress the growing cybersecurity threats faced by business are becoming more challenging. He observes how “creating a cyber-aware culture is only getting worse”.

At the root of this problem is a lack of focus and an insufficient business culture on the topic of cybersecurity risk. As Caralli finds: ”Technology users are on the front line for cybersecurity, but this responsibility is not taken seriously either because it’s a lower priority (average consumers place preference on product features over security), or they don’t fundamentally understand it (cybersecurity technologies at the consumer level are not entirely intuitive).”

Drawing in a specific example, Caralli puts forward: “There are approximately 12 million lines of code on a typical smartphone operating system, and on those devices, thousands of configurable settings that affect security and privacy.”

As to what this might mean, Caralli cites: “If an organization issues a device like an iPhone, they can centrally ensure the security and privacy settings fall in line with organizational policy. But, in an increasingly bring-your-own-device world, and especially for retail consumers, all bets are off.”

There is also a lack of planning and specifications within many IT department. Caralli finds: “With configurability being a key desirable feature of applications, users unfortunately put little effort into ensuring they are protected from not only attackers, but also from legitimate attempts to use their data in ways that may over-expose them.”

Too often this leads to the wrong responses: “It isn’t sufficient to fall in line with the standard security recommendations anymore—such as implementing MFA. Users must initiate their own security and privacy review of the software and devices they use, instead of focusing only on configuring features and applications that are important to them.”

The consequences are therefore that problems will continue to be manifest: “Until fixed, consumers will continue to be a rich target—and attackers know it. To create a more cyber-aware culture, users should review all default settings on new software and devices and make changes as appropriate.”

Continuing with his recommendations, Caralli acknowledges that “while not an easy task, several guides being produced—Consumer Reports, for example, publishes a Guide to Digital Security and Privacy—can help users configure important settings, or at least give them the option to decide on the balance between functionality and security/privacy.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Digital Journal announced as official media partner for Innovation Week in Calgary.

Life

Internet personality Guilherme Werner chatted about representing Brazil in the 2024 Mister Universe competition.

Tech & Science

Awareness and proactive measures are the best defences against the evolving tactics of cyber attackers.

Business

The skills gap in Site Reliability Engineering (SRE) talent is significantly impacting businesses that are adopting cloud-native architectures.