Monday, February 2, 2015

Cybersecurity design: protection, user Experience and cyber weapons

Design as science is a couple of centuries old. Until then, design was called crafts. Then its aesthetic interest was not necessarily related to its functionality. Industrialization of design led us to environment where feelings and experiences of buyers were part of the product value. Actually this affects all economic sectors, being cybersecurity one of the last to take the plunge.

But security must be understood by the end user as information catalyst. Following the news on  some companies using a web tracking system based on a "Zombie Cookie" (a cookie that can not be erased from the system) Verizon is considering to offer its customers the ability to remove it with no adverse effects on their business.

After all, design should make you clearly understand what is happening without unnecessary jargon or alarmism. Chrome's decision to create its own warning page when there was a secure connection failure increased by 28% number of users who decided to "stay safe" and not access such websites. And this was only of a visual change.

A great portion of Google’s success comes from good design on all its products and services. In fact, the company takes design to the extreme, carrying out well designed bug bounty programs in order to encourage external researchers to notify of potential security breaches.

Unfortunately, design plays a key role when it comes to critical infrastructure. The Stuxnet case or other situations like the one experienced by a German smelty company alert of the need for caution and mitigation  and monitoring plans against possible eventualities from an attack.

As a matter of fact, bad guys are often quite clever. A soldier meets a girl online and both start chatting. The girl sends him a picture and the soldier does the same. Coincidentally they were born the same day in different years. Conversation continues until the girl, instigated by the soldier, send another photo. But this second picture comes along with one of the most sophisticated spyware known. It is just an example of good design for cyberwar that actually is being spread across Syria nowadays.

However a wrong security policy on any of your stakeholders can sometimes damage the security of the entire chain. In these cases, it is important to follow standard communication protocols.

As you may have noticed, design is not just making pretty things. Thanks to it, you have the best weapon to protect your interests.


Post a Comment