By the SMU Social Media Team
In this era of digital disruption and hyper-connectivity, we are becoming accustomed to reports of cyber breaches of personal data and credit card information. Even large-scale cyber-assaults like last year’s WannaCry ransomware attack, aimed at undermining reputations and trust in organisations and governments, are beginning to seem commonplace.
So most of us are aware of the vulnerability of data in the cyber realm, but as consumers, enamoured with our new-found freedom to transact via our smartphones for just about anything, are we being naive in our approach to digital security?
We often assume the companies we transact with and the apps we use come with security provisions built in, or that only corporates get hacked. But, says Gao Debin, Associate Professor of Information Systems at SMU, it’s time we faced up to the real threat of cybercrime.
“Humans are still the weakest link in cybersecurity, and we are way behind in cybercrime awareness and personal data protection. There are still a large group of consumers who feel like cybersecurity is not their business, and there are also a large group of people who just value functionality and convenience a lot more than security.”
Cybersecurity is fundamental to the digital economy, but as more of our assets are digitised and placed in cyberspace, the risk of them being lost or compromised is increased. It’s difficult to have it all—convenience and security, says Assoc Prof Gao.
“Cybersecurity is the Achilles heel of the digital economy, and it probably goes beyond this. Digitisation and cyberspace are now seeping into our everyday life, to an extent that some of us may not have realised.”
At an SMU Master of IT in Business seminar held last year on the challenges of cybersecurity in the digital economy, speaker Benjamin Mah, CEO of mobile identity authentication company V-Key, argued that current measures to counter cybercrime for consumers are too complex, ineffective and actually serve to erode the convenience of smartphone transactions.
“Cybersecurity inconveniences a lot of users—we are not smart enough to remember highly complex passwords that need to be changed on a quarterly basis. Then you have hardware tokens and SMS codes to enter before you can complete a transaction. Jumping into an SMS, memorising that 8-digit number and jumping back into the app—you need to be very fast as well.”
With V-Key, Benjamin Mah has developed virtual technology which could eventually replace SIM cards and the chips used in credit cards, to address one of the key issues with digital transactions.
“Authentication and identity have become very problematic, integrating into the new digital economy,” he says, “We looked at the current core foundation of the smart card chip that is used within credit cards and your [smartphone] SIM cards. And we wrote our own processor codes, to create a virtual microprocessor, and then a security layer to ensure that ongoing threats are being detected and responded to.”
The V-Key virtual security token works as part of any smartphone app, and because it’s virtual it can be distributed across multiple devices quickly and cheaply—removing the need for hardware tokens and SMS codes—so it also removes the burden of security, away from the user.
So perhaps as new technologies evolve, in the future, we will be able to have it all—convenience and security? Assoc Prof Gao remains cautiously optimistic.
“In most cases, better security needs some sacrifice of convenience and functionality. One typically cannot improve both. That said, hopefully, with new technologies being proposed in the future, the equation can be changed a bit so that we don’t have to give up too much convenience in exchange for better security.”
But it will likely be inevitable that efforts to eradicate cybercrime will continue to be met with increasing sophistication by the criminals themselves.
“It’s an arms-race and it will continue to be,” says Assoc Prof Gao, “We will keep seeing new attacks, and then new technologies to combat attacks. I don’t think it will become the attackers’ playground ten years from now, neither do I expect that cyberspace will be 100% secure. Technology changes, but we are all human beings. We will continue to be the weakest link—as the targets and the perpetrators of cyber attacks.”