I was chatting to a journo the other day on the latest cyber-something (there’s always a cyber-something happening somewhere), and they asked this question – are we more secure today than yesterday? This is really one of those binary unanswerable questions that can never be properly addressed with a simple yes or no, but it did get me thinking…
I reckon you can answer this question both ways – yes and no – and there are many examples of each. For instance, think about our mobile devices: an off the shelf consumer product like the iPhone has encryption at rest and really well-implemented biometric authentication. It’s never been easier to protect the valuable things we all have on these devices from the most prominent mobile phone threats everyday folks face, namely petty theft of the device. That and your kids getting into it.
On the other hand, those devices have more apps talking to more services holding more personal data than ever before. Not a day seems to go by where one of them isn’t found to be leaking personal info and with the increasing volume of them, the odds aren’t getting any better. I think about incidents like CloudPets where the database sitting behind the mobile app API was literally sitting there with absolutely zero protection – public network segment, no auth and of course, the inevitable then happened. The nature of the data being compromised is changing too and it that case, we’re talking about kids’ voices. In other cases, the data inadvertently being exposed to other parties can be more, well, personal.
But then I think about how the way we interact with online services as consumers has changed. For example, only five years ago two factor authentication (or multi-step authentication in many cases) was a rarity. These days it’s available across a huge range of the major online services and a bunch of the smaller ones too. Password management tools are also much improved so it’s never been easier to create strong passwords that are genuinely unique across every service. Of course, getting people to use both of these things is another story, but certainly the technology has progressed.
Unfortunately, the flip side of better personal security on websites is more of them than ever getting broken into. The rate of data breaches is insane and we’re seeing a ten-figure numbers of accounts compromised and dumped online each year (so yes, more than a billion). I suspect that’s due to a combination of more sites with more data used by more people; the attack surface of the web as a whole keeps expanding and unfortunately, it’s only natural to expect that in turn we’ll see more nasty incidents.
So are we more secure or less secure? In reality, it’s neither, we’re just differently secure.