Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories ยป
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

An article relating to this blog post on Finextra:

Gullible Brits make life easy for ID thieves

Despite a massive drive to educate the public about identity theft, Brits are still far too willing to hand over personal information to complete strangers, says Sophos man Graham Cluley.

See article

Maybe security designers need to live with human nature

OK, so people generally reveal too much about themselves.  They tend to be more trusting than security advisers would like them to be.  So, where to next?

Some will view this video with alarm and will conclude that the huge investment in public awareness hasn't been enough.  Perhaps they will advocate even more training and education.

But others might conclude that maybe we've been pushing hard enough against basic human nature.  Maybe getting people to change their instincts and fundamental behaviours is a fool's errand? 

It really wouldn't matter that people gave up their name, DOB and e-mail address if these little ID molecules were useless to criminals.  I know it's not a fashionable view, but let's face it: what we have in security really is a technology problem!  It's absolutely nuts that my name and DOB can be used by someone who is not me in order to gain access to my digital property. 

And please, let's not forget that the majority of stolen IDs are now lifted en masse from backend databases.  So the behaviours of individuals online is less and less relevant to the broader fight against ID crime.

It's actually quite straightforward technologically to render ID data non-replayable.  All we have to do is digitally sign our transactions and communications.  All the requisite asymmetric cryptographic building blocks are built into the standard PC and e-commerce technology stacks. The smartcards, SIMs, smart phones and so on needed to carry individuals' keys are getting ubiquitous.

The Internet is full of paradoxes.  It's not at all like the real world.  We welcome and prize its unreality, yet at the same time, we seem to expect Internet users to embody even greater levels of caution and incredulity than they do in the physical world.  The moral of the vox pop seems to be little more than "Don't talk to strangers".  Sorry, but I think we need a more sophisticated way forward to secure the digital world.  If most people are innately trusting, then we must stop relying on training them, against their human natures, as the primary weapon against cyber crime.

Stephen Wilson, Lockstep.

 

3151
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Stephen Wilson

Stephen Wilson

Managing Director

Lockstep Consulting

Member since

24 Apr 2008

Location

Sydney

Blog posts

34

Comments

183

More from Stephen

Blog post

Now is not the time to go soft

Blog post

How much worse can CNP fraud get?

Blog post

Credit card numbers are like nitroglycerine

Blog post

Banks really know their customers

Now hiring

See more