Companies need to start making security part of their brands, experts say

A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in a photo illustration in Paris April 15, 2014. (REUTERS/Mal Langsdon)

As the number of cyberattacks continue to mount, security experts said Monday that consumers are starting to demand that companies show they are taking the issue seriously and are going to punish those that don’t.

That is especially true in an era of the Internet of Things (IOT), the ever-growing network of devices that are connected to the Internet.  By 2020, Cisco estimates that 50 billion devices and objects will be connected to the Internet  - vastly increasing the potential for more and more of our personal data to be stolen.

“You start thinking about security differently. You start demanding security from the vendors and the businesses you are doing transactions with in a different way,” Symantec’s Chief Security Officer Tim Fitzgerald told the National Cyber Security Alliance’s Cybersecurity Summit in New York.  “I think that will help raise the bar. Customers will self-select applications, devices, companies that are doing a poor job of security."

Related: Businesses Brace for Cyber Attacks

Fitzgerald and Janet Bishop-Levesque, chief information security officer at RSA, said much of that is driven by the fact that the Internet has become so central to our daily lives - from banking, to monitoring our health to driving our car.

“The personal component really drives it home for everybody,” Bishop-Levesque said. “When you think about a baby monitor being able to track information, that is core to [the family's] personal life. Or their parents being on an insulin pump or Dick Cheney turning off his pace maker chip so it wasn’t recording information because it could potentially be breached, consumers are going to demand that companies put protective measures out.”

David Burg, a cybersecurity leader with PricewaterhouseCoopers, said a recent survey they did found that a majority of the 10,000 respondents around the world didn't have a strategy for their Internet of Things-enabled devices.

"We have some catch up to do," he said.

"What we got is a massive amount of innovation. There is demand for Internet of Things-enabled devices and products," he continued. "But most companies today are just now beginning to figure out what it really means. When you look at the raw data, almost 66 percent of our respondents don't even have a strategy for the Internet of Things and yet we saw a 157 percent increase in the number of attacks on IOT-type devices just in this last year alone."

David Kleidermacher, Blackberry's chief security officer, agreed, saying all the different stakeholders need to get together - government, consumers, manufacturers - to figure out how they are going to solve this problem because we "are way behind in  my opinion."

"If you look at IOT today going from a few tens of billions to hundreds of billions to ultimately trillions of things connecting up to the Internet, I don't think we truly understand the magnitude of some of the challenges," he said. "The challenges in the area of security and privacy, I think, are huge. If we think we have trouble now trying to secure a couple billion devices connecting, imagine what it is going to be like in the future."

Bishop-Levesque said companies can go a long way toward easing concerns from consumers by being more transparent about how they use personal data.

“Consumers have to demand that security is at the forefront rather than being buried in a privacy policy statement in the dark corners of a website,” she said. “It could frankly become a marketing advantage for companies if they say we built security into our product. It’s the default setting. If you want to turn it off, then that it’s your own decision, rather than a reverse where we've got companies who say we are going to leave it wide open if you want to layer security onto it.”

Related: 5 computer security secrets you need to know

Cisco Chief Information Security Officer Steve Martino said companies also need to ensure that security is considered from the moment they design and build a new product – rather than waiting for something to go wrong and rolling out fixes.

“I think the vendor who is building that needs to have a process to say what am I building, how I am protecting it and making a secure environment,” Martino said, adding that he envisions a time when security, like the endurance of a product, will help anchor a company’s reputation.

“Security is going to be an element of your brand,” he continued. “Very shortly, you are going to start to see companies say security is part of that brand. It’s quality. It’s security. That is where it moves into the board, into the company’s strategy.”

But the panelists also said consumers have to play their part, becoming increasingly aware of the risks posed when they purchase a product or download an app.

“The users need to be thinking about what I am giving up,” Martino said. “Do I want to do it? Is it worth it? And both sides need to be building security into their mindset, how they build it, how they consume it.”

Load more..