Facebook calls for a more people-centric security industry

| Author: Tony Imossi (Secretariat) | Filed under: General News
Facebook calls for a more people-centric security industry

The security industry needs to worry less about technology and more about people, said Facebook's security boss.

Alex Stamos scolded the security industry in the opening keynote of the 2017 Black Hat conference.

He said there was too much focus on technically complex "stunt" hacks and not enough on finding ways to help the mass of people stay safe.

The problem would only worsen if the industry did not become more diverse and exhibit more empathy, he said.

No spies

"We have perfected the art of finding problems without fixing real world issues," he told attendees. "We focus too much on complexity, not harm."

He cited examples of technically brilliant presentations at the show, such as insulin pumps being hacked, that had little relation to real issues experienced by people who use technology rather than work with it or understand it well.

Cyber-hacks season:

  • Ransomware is here to stay warns Google
  • Ukraine braces for further cyber-attacks
  • Shoddy data-stripping exposes firms to hack attacks
  • How facial recognition could replace train tickets
  • Ransomware spike blamed on easy-to-use tools

Also, he said, the security industry concentrated too much on the small number of complex hack attacks aimed at large corporations that were mounted by the most sophisticated adversaries.

By contrast, he said, most Facebook users who lost data were not being targeted by spies or nation-states.
"The things that we see, that we come across every day, that cause people to lose control of their information are not that advanced," he said. "Adversaries will do the simplest thing they need to do to make an attack work."

The lack of focus on those more mundane problems came about because often security experts had little interest in or empathy for people, he said. This attitude was exemplified by the thought he often heard security pros express that there would be fewer breaches and less data lost if people were perfect, he added.

Instead, Mr Stamos said, it would be better if the industry tried to work with those imperfections by giving people tools and services that were more straight-forward to use.

Reflect diversity

This lack of empathy also showed itself in the way many in the industry reacted when real world issues bumped up against security.

This was evident in the way Facebook subsidiary WhatsApp rolled out end-to-end encryption, he said. The security team at WhatsApp who developed the system had to make "difficult choices" about how they implemented it to make it easier to use.

However, he added, this led to vigorous criticism by many cyber experts who said the usability trade-offs fundamentally broke the system and limited its ability to protect messages.

That was not the case, he said, but many commentators did not appreciate why WhatsApp pursued the course it did.

Wrong people

These blind spots could be tackled by the security industry becoming more tolerant and diverse, he said.
Facebook had set up initiatives that sought to make its workforce more balanced and which encouraged people with non-technical backgrounds to get involved in developing secure systems, products and features.

"Things are not getting better, they are getting worse," he said. "That's because we do not have enough people and not the right people to make the difference."

The growing importance and influence of cyber-security meant the industry had a real chance to improve peoples' lives, he said.

"We have the world's attention, now we have to ask what we are going to do with it."

Source:   BBC

Endorsed by the Law Society

The ABI is the only association in this industry to be endorsed by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

Law Society logo
Scotland Law Society logo