Cyber security has never been more important than it is today. With recent incidents epitomised by the Log4j vulnerability and recent hacking scandals, the risk to both individuals and organisations across the world has never been clearer.
These challenges form the central theme of DocuSign’s recent webinar “Cyber risks — How to stay a step ahead”, in which a panel of experts discuss the big issues of contemporary cybersecurity, and offer some steps we can take to protect ourselves. Along with host and award-winning documentarian Louis Theroux, we hear from DocuSign CISO Jessica Ferguson, former Anonymous hacker Lauri Love, and hacker/entrepreneur Harper Reed.
Trust and predictability
With cybersecurity, as in life, trust is an integral element of safety. Lauri Love sums it up:
“Security is an aspect of predictability, and predictability is the only way that we can exist in a complex society where we are having to interact with each other.” Trust and predictability go hand in hand — users need to trust that an organisation will predictably handle their data securely, for example, while organisations need to demonstrate evidence of that. As Jessica Ferguson points out, this trust can easily be eroded on both sides when data is outsourced.
“There’s a lot of focus right now on this concept of supply chain, and more functions are moving into cloud and third party hosted solutions,” Ferguson says. “We’re really starting to outsource more and more of our trust, and in a lot of ways our risk, to these third party organisations, and how do we know what organisations we can trust, and whom we should steer away from?”
For Harper Reed, the internet is emblematic of free creation, but it’s worth considering how common practices can create unpredictable cybersecurity outcomes. “The thing that I’m most worried about is the software practises that we have all created over the last 10 years, that have created this wonderful world of building things really, really quickly, but relatively sloppy,” Reed says. “We can do audits, build better practices, we can slow ourselves down, but it seems to not necessarily alleviate the fundamental problem, which is that […] we’re reliant on the wonderful world of open source software, and you never know what’s going to happen.”
‘Hygiene’ and informed relationships
For Harper Reed, individual cybersecurity is complex, but there are some basic levels of control for everyone. “Things like strong passwords, two factor [authentication] etc.” Reed says. “I think a lot of it is about just sanitary use of the internet more so than being super worried and changing your behaviour.”
Lauri Love goes further, suggesting that users need to think more clearly about how choices can create consequences down the line. “The other side is learning a new kind of civics, which is your relationship with the various mediators of our experience online,” Love says. “It’s learning to have a bit more of an informed relationship, rather than the de facto one that would just sort of click through, ‘okay, this looks fun, I’m gonna use this. Oh no, now it’s integral to my life. Can I renegotiate the terms of this, in terms of privacy of data, in terms of vendors and business to business?’”
The responsibility of organisations
Although users have a responsibility to be informed with where and how their data is used, Reed believes most of the burden falls on those creating cyber infrastructure. Having worked with Facebook data on Barack Obama’s presidential campaign, Reed has seen the potential for misuse firsthand. “This is where lots and lots of different software can be weaponized against the users,” Reed says. “And so we need to be very thoughtful when we’re building things so that we’re not accidentally creating opportunities for data to be weaponized in ways that we didn’t expect.”
For Ferguson, the expectation is that contemporary solutions will only ever be temporary, and those tasked with protecting user data (such as organisations and developers) need to be constantly looking ahead. “I think the challenge that we have really is that as much as we think we’ve figured all this out, the technology in 15 years is going to be totally different,” Ferguson says. “We’ll be looking at a totally different set of challenges when it comes to privacy and data and security, and what trust means in that world. As we start looking at more connected IOT, more connected biotech, the whole paradigm will get turned on its head again. There’s this point where the problem that we see is so big because it’s right in front of our face, but we’re really not even seeing the problems that we are going to have down the road.”
Read now: Six ways e-signatures improve productivity and streamline workflows