Philosophizing security in a "mobile-first" world
Conference: Global AppSec Dublin 2023
2023-02-15
Authors: SergiyYakymchuk
Summary
The presentation discusses the importance of problem definition and looking at cybersecurity from different perspectives. It emphasizes the need to address user mistakes and vulnerabilities, and the importance of collecting attack vectors information.
- Technical people often jump to solutions without investing enough time in problem definition and looking at the problem from different perspectives.
- Cyber criminals are pragmatic and use minimum technology to reach their financial goals.
- User mistakes are a weak link in the cybersecurity chain and need to be addressed.
- Attack vectors information is priceless and can be used to train people and improve machine learning mechanisms.
Abstract
A speaker examines in detail the core problems of Mobile App Security subject by applying philosophical methods to avoid technical biases. Among these problems, the speaker distinguishes the following topics: - the engineering bias (streetlight effect) causing engenders to propose solutions for security problems that are "comfortable to solve or they have the technology to apply." - the ambivalence of perception of security by engineers and users. Users welcome individual safety feelings and can be irritated by security measures. I.e., the Security and Freedom dilemma defines individual user safety perception. - Complexity of managing Social Contracts in the Apps world for users. Related to Privacy, Personal Data Processing, Surveillance, ... - The challenge to make the security level of the App verifiable by users. How to make the security visual and clear for users. - Problems of engaging users in the security journey without boring and annoying. - How to approach the collective defense concept to share the attack vectors' data and use the exploits to improve the defense.
Materials: