Menu
Make companies pay full cost of breaches to restore trust in the internet, says ISOC

Make companies pay full cost of breaches to restore trust in the internet, says ISOC

Think of the users, says the campaigner for a safe and secure internet

Fake news, online banking thefts and data breaches: It's no wonder that trust in the internet is at an all-time low. But don't worry: The Internet Society has a five-step plan for restoring faith in the network of networks.

The first step is to put users first, according to ISOC, which published its 2016 Global Internet Report on Thursday. That involves being more transparent (step two) about risk and the incidence of data breaches and prioritizing data security (step three) to ensure breaches don't happen.

ISOC isn't just a talking shop, it is also the organizational home of the Internet Engineering Task Force (IETF), source of many of the protocols and standards on which the internet relies. That adds weight to the more detailed recommendations on how to prioritize security contained in the ISOC report.

Step four, according to Michael Kende, the economist and ISOC Fellow who authored the report, is to make businesses accountable for data breaches. Some businesses evaluate what a breach would cost them (an average of US$4 million, according to ISOC), and invest accordingly in prevention, but part of the problem is that they don't take into account externalities such as the costs affected users will have to bear, Kende said.

It's easy enough to tot up the cost of replacing credit cards and other documents when someone's identity is stolen using data released in a breach, but some of those costs just can't be calculated today.

"No-one has looked at the risk of identity theft in the three to five years after being breached," Kende said. "When you have your identity stolen, you might never be able to trace the cause, particularly in a country that has no disclosure rules."

The fifth step ISOC proposes in the report is for businesses to send clearer signals about the level of security of their websites and the services they provide. Kende envisages that websites could do this by displaying badges identifying the certification processes to which they have submitted. Certified sites would win more business, while uncertified ones would lose out, encouraging businesses to bear the additional cost of certification.

That, though, creates a new problem: How to create confidence in certification. Infidelity website Ashley Madison displayed a fake "trusted security award" on its website before suffering a massive data breach.

Restoring trust in the internet, then, is likely to be a long process.

"If it was a simple thing it would probably be done by now," Kende concluded.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments