Enterprise companies must work with consumers to improve online security.
Despite the occurrence of massive cyberattacks and data breaches in 2017, U.S. citizens are seemingly less worried about privacy and online security than they were in 2015. The new NTIA Internet Use Survey shows that 73 percent of those surveyed in 2017 are concerned about privacy and security, which is a significant drop from the 84 percent reported in 2015.
While some may find the decreased concern around security alarming or surprising, the writing has actually been on the wall for several months. Even after the Equifax breach, which impacted 143 million Americans (roughly 45 percent of the population), only 19 percent of those polled by SSRS confirmed that they had taken action to see if their personal information had been affected. To be clear, this was personal information that included names, birthdates, and social security numbers.
Security Worries Slow Online Activities
There are many possible explanations as to why U.S. citizens opted for this kind of inaction, ranging from lack of awareness, feeling overwhelmed, and not knowing what would need to happen in order to ensure their identities are safe. If you’ve ever had to legally change your name, you know how arduous a process that is—just imagine what it would take to deal with identity theft. NTIA’s latest research found that 33 percent of citizens reported that their privacy concerns stopped them from participating in some online activities, such as posting on social media or shopping online. This figure is down from the 45 percent of Americans reporting the same in 2015.
We would be remiss if we didn’t also consider that there may be building apathy in the consumer psyche when it comes to privacy and security—or the perception of privacy and security. This may highlight why the security industry needs to have a chat about how and when we disclose data breaches. In 2017, we were all on high alert as a result of major breaches and attacks, and at a certain point our natural fight-or-flight instincts need to take a rest.
We can also speculate that consumers are simply accepting a certain level of risk when they participate in the digital economy. There is a distinct sense and awareness that consumers are losing control of their data, and there is a feeling that little can be done about it. This lack of control and transparency, coupled with the seemingly unending reports of data breaches and cyberattacks, is what spurred regulations like GDPR and the New York Department of Finance Cybersecurity regulations in the first place. There is a lot to question about whether or not consumers should trust organizations with their data, and in the digital age, consumers are forced to be more diligent and discerning about the organizations and applications with which they share their personal and financial information.
After all, research has shown that there is notable distrust between consumers and businesses, with only half of consumers (49 percent) indicating that they are willing to provide their personal data in exchange for digital services, and 54 percent distrust organizations enough to believe that they will sell their personal data to other companies. This distrust is understandable when you consider that this same report found that business executives believe they’re pretty good at keeping customer data safe, despite the fact that nearly half (43 percent) of business executives admit to selling consumer data that includes personally identifiable information.
Proactive Protection for Privacy
Rest assured, there are plenty of things that consumers can do protect their privacy and have a handle on the security of their data. In a discussion with CNET Reporter Alfred Ng, CA Veracode CTO Chris Wysopal suggested that consumers should, “Be skeptical about any information that’s pushed to you, whether it’s a messaging system or an email system. Just always be skeptical and always find another way of figuring out how to validate that that stuff is real.”
Although the data implies that consumers are becoming more complacent, there is also data that suggests organizations are more consistently moving in the other direction, and are increasingly looking at the security of the software that they purchase with greater scrutiny. In fact, one survey conducted by IDG, which took a closer look at the security concerns that are top of mind for companies purchasing software, found that 94 percent of organizations had increased confidence in vendors whose application security has been validated by an established, independent security expert. To that point, an additional 66 percent said they were far more likely to work with a validated vendor.
The stark reality is that there isn’t an executive on the planet earth that wants his or her company’s software to be the one that leaks sensitive customer data in a cyberattack, and they want their customers and prospects to be assured that their privacy is in good hands. It will take both enterprises and consumers to improve security, but it is the shift in enterprise awareness that can assist in counterbalancing consumer apathy.
Laura is Sr. Web Content Developer for CA Veracode, a business unit within CA Technologies. In this role, she develops content to support marketing, product and public relations efforts. Her responsibilities include publishing the business unit’s research, including the industry-leading State of Software Security report. Additionally, Laura keeps her finger on the pulse of current events to create compelling blog content that helps keep our readers educated and informed.