We still don’t care enough about security

Neville Lahiru
May 2, 2020 · 5 min read
Image for post
Image for post

With many of us stuck inside our homes, a pandemic like COVID-19 is an apt opportunity for hackers to strike. But even as ample awareness takes place, the average consumer doesn’t care about security as much as they should. Why is that? In a word, convenience.

Take Zoom. Remember those few days where almost everyone reported about Zoom’s many security issues? Governments and tech giants publicly banned employees from using the software. Yet, there seems to be no slowdown of Zoom meetings. Even media platforms that reported about Zoom’s security issues continue to use the software publicly. Times like these, convenience is so important. Particularly when it involves technology.

In Zoom’s case, the value offering as a means of convenience far outweighs the cons for the normal user. When you’re trying to make a living amidst a global pandemic, you would want technology to make things easier for you.

But this isn’t unique to Zoom or COVID-19. Even Microsoft Teams, a competitor to Zoom, was vulnerable enough that company data could have been stolen by a simple GIF. One might think that something of that nature will entice users to tread carefully in the online space. Unfortunately, that isn’t the case.

Cybersecurity has long been a concern in the general domain. But cybercrime has been on the rise during the past few years. In a 2019 report, Accenture estimates a whopping $5.2 trillion in cybersecurity-related costs within the next 5 years. The question is, why are we still lagging in addressing cybersecurity? It's part ignorance, part unawareness, and part unaffordability.

Cybersecurity is a luxury many small companies can’t afford

Much of the reported security breaches are from large corporates. Why? Because security breaches in large companies translate to massive numbers, usually in millions either in data or dollars (or both). Although this often brings in much-needed attention, it doesn’t always reflect the full picture. The smaller organizations’ side is hardly given enough attention.

Large scale security breaches may prompt big companies to be proactive towards cybersecurity. But unlike the big corporates, smaller companies do not have the muscle to pull through. Cybercriminals know this and target such companies as a result.

According to CNBC, 43% of online attacks are aimed at small businesses. However, only 14% are equipped to handle such attacks. On average, cyberattacks cost businesses around $200,000, an almost six-fold increase Year on Year. As a result, 60% go out of business in 6 months following a cybercrime incident.

It isn’t surprising given the actual costs of a cyberattack. The losses include the financial damage of the attack itself, the effect on a company’s brand value and goodwill, investigation expenses, legal fees, etc. All this tally up to unbearable costs for small businesses.

Even in such a scenario, businesses still continue to underestimate the threat of a possible cyberattack. As per Keeper Security’s 2019 report, almost 66% of 500 leaders of SMBs believe a cyberattack is unlikely. Essentially, this leads to a lack of planning for cybersecurity across the board. Companies end up without a cyberattack prevention plan, a security policy. Leaders may not even have an idea of where to start with cybersecurity. This issue trickles down from the management to every single individual in a company.

Lack of awareness

When companies as a whole downplay the importance of cybersecurity, it's hard to make the case for individuals. If the company doesn’t care enough about security, how will employees? This is where the cybersecurity issue starts to propagate at an individual level.

The same Keeper Security report states that 73% of SMBs under $1M in revenue believe they are unlikely to face a cyberattack. “We are too small, too new, too unappealing to be targeted” is a sentiment that draws parallel among the general audience as well.

Image for post
Image for post

The idea that one’s digital activities are uninteresting enough for an attacker to ignore, is a misguided notion. If anything, putting your guard down in the digital space makes you a far more likely target.

But unlike companies, security at an individual level need not be a comprehensive plan. Maintaining one’s security starts with simple tasks like updating your passwords and your software. Of course, there are practical issues. For example, we use so many services online that it has become practically impossible to change passwords often. But the problem also bleeds into the fact that consumers don’t care enough to pay attention.

Remember WannaCry? Out of the 150+ countries affected, England’s National Health Services (NHS) was one of the hardest hit. But the extensive damage could have been easily avoided if computer systems were kept updated in the first place. With the vast number of products and services we use every day, there are bound to be security vulnerabilities. Its important that users are attentive enough to update systems.

Security needs to be part of the design process

Speaking of systems, part of the responsibility also falls on the service providers too. As the Zoom scenario demonstrates, it's not uncommon to see cybersecurity as a compromise for convenience. When UI/UX takes precedence, security takes a backseat during product development. It only takes priority as a reactive measure rather than a proactive one.

Image for post
Image for post
2017 Wannacry attack compromised systems from over 150 countries

For products and services to work at an optimum level, security needs to be part of the design process. After all, the current situation is only amplifying the need for secure products and services. Many people from around the world are trying to achieve normalcy through the comfort of their homes. This means that people, whether tech-savvy or not, are heavily reliant on technology. It should not be as simple as sending an emoji to crash your phone.

It's up to all of us

At the end of the day, it's up to all of us. More people get tech-savvy by the day. But that still hasn’t stopped cybercrime from rising on a global scale. The current pandemic situation is only fueling this trend.

Thereby, as individuals its vital that all of us take extra precautions when engaged in the digital space. It can be as simple as changing your password or updating your Windows OS. But it could very well safeguard your digital privacy.

The Startup

Medium's largest active publication, followed by +773K people. Follow to join our community.

Neville Lahiru

Written by

Freelance Tech Journalist & former Digital Marketer. I spend most of my time writing about tech, business, and occasionally personal. Inquiries: lahiru@hey.com

The Startup

Medium's largest active publication, followed by +773K people. Follow to join our community.

Neville Lahiru

Written by

Freelance Tech Journalist & former Digital Marketer. I spend most of my time writing about tech, business, and occasionally personal. Inquiries: lahiru@hey.com

The Startup

Medium's largest active publication, followed by +773K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store