By Rachel Zahr, product marketing manager at Synopsys
Over the last few years, there have been a number of debates reflecting on the necessity of the internet, with some viewing it as a luxury resource. Since the advent of Covid-19, however, we might finally be able to put this argument to rest.
The pandemic has expedited our reliance on the internet and technology exponentially. While mobile and web applications may have once been a useful tool to stay connected with friends or a means of boosting sales, today these are pivotal in the everyday functioning of our society. The vast majority of the world’s workforce have had to move online or into a hybrid working environment, and so too have schools.
This change has introduced both opportunities as well as challenges. On one hand, for web-optimised businesses, such a transition is less disruptive than it is beneficial as they seek to expand their consumer base. On the other hand, the surge of data being transferred within and across the millions of applications that now exist, creates the ideal environment in which malicious hackers lie in wait. In this way, generating an amplified sense of caution and uneasiness among individual users as well as businesses.
The Fight Against Cybercriminals: Where We Stand Today
It is disconcerting just how damaging cyberattacks can be, from exploiting vulnerabilities for financial gain and exposing sensitive information, to damaging reputations of organisations and individuals alike. The impact is significant and the pool of potential victims is extensive. Indeed, the web has become increasingly accessible that everyone, from young children to aging parents, are employing a range of web apps to carry out personal, professional as well as educational tasks. Moreover, they are doing so with hardly any technical proficiency. Yet, regrettably, the majority of these users base their choice of application on its reliance, convenience, accessibility and whether or not it is engaging. Security is an afterthought, if one at all.
The threat landscape is intensifying in scope and sophistication but web users, both novice and veteran, have little security awareness, putting them in a susceptible position. Even individuals who are hyper aware of cyberthreats, risk succumbing to the innovative schemes of bad actors.
The Responsibility of Application Owners and Developers
As such, the responsibility of safeguarding users, while simultaneously offering an experience that meets their wants and needs, falls to the application developers and owners. The way to achieve this is through embedding security throughout the application development lifecycle, beginning in its design and up to its production.
All individuals who play a role in the application’s formation, be it the developers themselves, the architects, managers or executives, need to have the necessary knowledge to maintain its security. In addition to this, the realisation of security cannot afford to sacrifice the speed of its delivery if they hope to meet consumer demands. For that reason, application owners need to strike a balance between education and tooling.
In the same way that school children are having to adapt to remote learning, so too must application owners and their teams. Security training tools and education resources need to be accommodating of our new reality, which is best done through on-demand and/or virtual delivery. In this way, permitting individuals to make time for training amidst their varying schedules.
In prioritising security and protecting their customer base from familiar and unfamiliar threats, application owners can consolidate consumer trust and in turn, retain and gain users. When security is embedded, users can rest assured that their data is in safe hands whilst benefitting from transformative product features.
This year has been anything but predictable, and the best way to keep user and application data safe is to ensure that application development teams are security aware.
On the Consumer-Side: What students, teachers and education administrators can do to protect themselves?
From the opposite side of this, students, teachers and administrators would do well to vet educational apps, choosing to work solely with trusted sources or application owners. If there is ever any uncertainty, it is important that research is conducted to understand what security measures have been adopted by the resource or tool in question. One clear red flag is if the app does not possess an SSL certificate, or more commonly recognised as the little closed padlock in the browser bar.
As we face an economic downturn and a dwindling educational budget, finding free web apps may be just the ticket. However, users need to be conscious that the price comes in the exchange of personal information that will likely be sold off to a third-party. Therefore, such decisions should not be made lightly.
Finally, the next best step that students and staff can take to defend themselves against cybercriminals is through building themselves up as a human firewall. In other words, ensuring that these same individuals understand the importance of long and complex passwords, multifactor authentication and steering clear of links from unknown email senders. Once again, it comes back down to security awareness training.
Similarly to application owners giving precedence to the security training of their developers and employees, school administrators should do the same for teachers, staff and students. It is only by working together on this that we might rise to the challenge posed by attackers, and build a more secure as well as security conscious society.