The ICO has just announced the findings of a survey which shows that only 20% of UK citizens trust companies with the storing of their data. There are some other great stats including:
- One in ten UK adults (12%) say they have trust and confidence in social messaging platforms storing and using their personal information.
- Less than one in ten (8%) of UK adults say they have a good understanding of how their personal data is made available to third parties and the public by companies and organisations in the UK.
Fraser Kyne, EMEA CTO at Bromium highlighting that the cybersecurity industry doesn’t help the situation by perpetuating a defeatist message.
Fraser Kyne, EMEA CTO at Bromium:
“These are sobering facts that should act as a wake-up call to businesses. The fact is our online economy relies on trust, which is a fragile thing. This lack of trust could result in people turning away from online services in the future which could have a serious business impact. Yet at the same time, is it any wonder the public are losing faith in companies storing their data? We see huge breaches almost every week with massive amounts of customer information leaked. As an example, Yahoo had three billion accounts breached, which means you or someone you know will almost certainly have been affected.
“The industry does not help with its defeatist attitude – it’s common to hear security professionals assert that businesses should work from the assumption they have been breached, this doesn’t inspire much confidence. Consumers are right to feel disillusioned. The fact is most businesses are sitting ducks. They rely on a ‘detect to protect’ approach, which is totally reactive. Instead of stopping hackers, they focus on detecting them after the fact, once they have been compromised. As an industry, we need to do better and businesses need to stop accepting that their customer’s data will be lost – it doesn’t need to be the case.
“We need to start looking at security in a completely different way. Instead of accepting lost data as a fact of business operations, companies need to make it much harder for hackers to get at that data. Sensible isolation of systems and networks, and adding hardware-enforced security where possible, is a vital step towards this. Aside from this, generally we should be focusing more on protection, and not after-the-fact detection. This is why we need to move the perimeter to the application level, so that even if a hacker gains entry they have no data to steal. The only way we can start to rebuild trust is to stop these attacks from happening, and that is never going to happen if we just carry on doing the same thing we always have.”
