In the recently held 2017 Black Hat conference, the Chief Security Officer (CSO) of Facebook Alex Stamos reprimanded the security industry for being more concerned about the technological aspect of a cyber attack rather than being focused on finding methods that would ensure protection for the common people on the Internet. He provided examples of technically sound presentations at the conference which failed to address the “real” issues faced by people who have less clarity while working around a technology. Stamos said, “We have perfected the art of finding problems without fixing real world issues. We focus too much on complexity, not harm.”
Addressing the audience, Stamos asked the security industry to show more empathy towards people or “the situation will only worsen.” According to Stamos, the security industry is only concerned about the “small number of complex hacks” that affects large corporations, and said “most Facebook users who lost data were not being targeted by spies or nation-states.” He added that, “things that we see, that we come across every day, that cause people to lose control of their information are not that advanced. Adversaries will do the simplest thing they need to do to make an attack work.”
Addressing the issue about the security breaches due to human negligence, Stamos urged the security experts to provide “tools and services that were more straightforward to use.” He also cited examples of rolling out end-to-end encryption for Facebook-owned WhatsApp which was not appreciated by some experts, and said that the WhatsApp security team had to make “difficult choices” to make the app easier to use.
Stamos also asked the cybersecurity industry to be more tolerant towards accepting human failures and to find a workforce balance to take care of the “blind spots” faced by the industry. He said, “Things are not getting better, they are getting worse. That’s because we do not have enough people and not the right people to make the difference. The growing importance and influence of cyber-security meant the industry had a real chance to improve peoples’ lives. We have the world’s attention, now we have to ask what we are going to do with it.”
