Maybe we have the cybersecurity we deserve

Companies have focused more on making the consumer recovery process from fraud and data breaches easier than on better security. Most people seem OK with that.

Three-hundred and twenty-seven million Marriott user accounts compromised. 100 million at Quora. 148 million from Equifax. Those all pale in comparison to the 3 billion user accounts compromised from Yahoo in 2013.

Ask yourself this: do you find yourself becoming outraged or saying “ho-hum” every time you hear about the latest record data breach? Society seems to be agreeing with the latter answer.

I was recently sitting in a room with some of the world’s brightest minds at a Secure Technology Alliance consortium meeting in Washington, DC, trying to figure out how to better authenticate and secure our digital world. It was easily the most-brains-and-experience-per-square-foot meeting I’ve ever been in focusing on better and more pervasive authentication.

Many of the presenters talked about how bad things are today, with continued phishing and unpatched software making Swiss cheese of most organizations’ security defenses. This is despite myriad competing great authentication solutions, which are undermined by seemingly indifferent users.

“Why don’t users care more about security?” was a common question asked during breaks. Many other presenters pointed out that many of the problems each of us were pointing out were the same problems 30 years ago. It was a room full of people dedicated to figuring out the remaining hard problems and trying to get the right authentication solutions developed and standardized.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!