Intel’s Security Flaw Puts Spotlight on Security by Design
This year began with a significant cybersecurity and privacy hit. Intel Corporation confirmed in the first few days of 2018 that flaws in the Intel processor could leave computers around the world open to vulnerabilities. As the largest chipmaker in the world, computers – and not just PCs – are now exposed, and this quite frankly puts a spotlight on security by design.
Security by design is something that consumers should be concerned about. We should demand it actually. But, what is security by design? Using a simple definition from TechTarget, it is “an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.” In addition to security by design, privacy by design should also be included and with the previous definition, privacy by design should be pretty easy to figure out.
Security and privacy by design are two minimum standards that consumers should be asking about and confirming that they are being fully implemented by the companies from whom they purchase products. After all, once a consumer is compromised the level of damage can range from embarrassing to fully destroying one’s life. For example, it could be someone getting access to your social media and taking it over and posting pornography. Or, it could be someone getting access to all your credit card information and then using the information to spoof you and to get many more credit cards in your name and thus ruining your credit and leaving you with thousands or tens of thousands of dollars of debt. It can also mean someone getting access to all your personal information, including all your health records and in addition to getting credit cards in your name, posting all your medical history online and on your own social media for the whole world to see.
Security and privacy by design are not new. People have been talking about these principles for years; but the kicker is that there is no legislated requirement to ensure that companies adopt these principles and build them into their standards and operations.
This Intel discovery should really be a warning and wake-up call globally. With Artificial Intelligence (AI) and the Internet of Things (IoT) becoming more and more entrenched in our daily lives, security by design and privacy by design must become the standard and be baked-in at the start of the design process rather than just emerging after an “oops” discovery.
For those that don’t think that IoT is in their lives, think again. Do you have a mobile phone? How about a computer at home? Did you get a fancy new fridge for Christmas that can tell you when you are running low on milk? Or, how about the latest craze in home assistants such as Alexa or Google Home – perhaps this was a new addition to your life? If you said yes to any of these, then you should definitely care about security by design and privacy by design.
So, once you have updated your computers with the patches sent out from your computer provider, let’s use the Intel incident to collectively start asking, no demanding, that all software and hardware providers implement – immediately – security and privacy by demand principles, protocols and standards! If consumers stand up for their rights and only support companies that adopt security and privacy by design, this will cause all companies to follow suit. Better yet, let’s legislate it and have severe penalties in place for those that don’t comply.
[Editor’s Note: A version of this post originally appeared on Heather-Anne MacLean’s blog]
CyberNB is a special operating agency of Opportunities NB.
CyberSmart 2018 is quickly approaching! Register for North America’s first and only cybersecurity skills and workforce development event.