IT giants should make cyber security a corporate social responsibility

    Updated: 2016-09-12 07:27

    By Lau Wing-cheong and Zhang Kehuan(HK Edition)

      Print Mail Large Medium  Small 分享按鈕 0

    For a city that likes to see itself as modern and high-tech, public awareness about cyber security in Hong Kong has largely stayed at a rather basic level where people are told they should regularly change their passwords. Yet cyber security is very fragile, as was dramatically exposed in a recent controversial London art exhibition that featured images captured from unsecured webcams in homes and businesses in Hong Kong.

    Indeed, cyber security risks are latent in everyday online activity; they can be so dangerous because they are not well understood. For instance, single sign-on (SSO) services, which allow people to use one name and password across different platforms, are not without security loopholes, even if they have been widely adopted by mainstream identity providers (IdPs) such as Facebook, Google, Tencent and Sina, as well as their third-party application developers worldwide.

    Similarly, many users take it for granted that apps distributed on the platforms of IT giants are safe - to provide some context, an average of around 1,500 new apps appeared on Apple App and Google Play stores, respectively, every day between 2015 and 2016 - yet they should realize that not all of these apps are immune to viruses or malwares.

    For companies, even top IT brands, it is always a matter of priorities between ensuring the security or privacy of users and fulfilling other objectives. The reason is simple: Limited business resources require a trade-off between providing "visible" product characteristics such as affordable prices and advanced functionalities, and invisible security properties which are often sacrificed. For an app store, their priority is to provide a large set of timely and popular apps for download, rather than performing thorough security checks of the apps it hosts.

    IT giants should make cyber security a corporate social responsibility

    Equally, any requirements of third-party developers to guarantee the security of their apps will increase costs and ultimately deter supply. And the reality is that most app developers are not necessarily resourceful - even technically trained personnel or computer science majors may not have sufficient ability or even the awareness to take cyber security seriously. As Apple CEO Tim Cook starkly pointed out, even a 9-year-old can write an app today. Therefore, it cannot be expected that app developers, most of whom will have little reputation at stake, will get too exercised about security failings in their designs.

    One may therefore wonder if third-party independent checks of apps can represent a solution if neither companies nor developers can take care of the security of what they sell. However this is easier said than done. Security checks are a huge challenge for the technical community. For instance, how extensive should the checks be for them to be deemed satisfactory? Yet, it is a double-edged sword to put any inspection criteria up for public scrutiny because that would be an open invitation to hackers to find ways to circumvent the checks.

    Despite the apparent conundrum, there is scope for cyber-security protections to improve. For a start, consumers should not expose themselves to risks by shopping at unofficial app stores. At the same time, they should not expect there are no vulnerabilities in apps that are distributed on the most reputable platforms. If this security awareness is turned into consumer pressure, IT giants will be compelled to more robustly vet the security of the apps they put in their stores. Big companies such as Apple and Google have a corporate social responsibility to protect the privacy and security of their users. With recent reports that security loopholes fill 900 million Android devices, IT giants should do more to safeguard the security of everyday services and mobile applications.

    Locally, researchers are involved in efforts to provide new cyber-security solutions. For instance, academics at a key university in Hong Kong have been developing a technology that will enable IdPs to perform systematic security testing of their SSO services so that previously unknown vulnerabilities can be detected. Likewise, a tool is being designed to help both Android app developers and users evaluate and fix the risks of information leakage through shared storage.

    In the long run, if users become more informed about the importance of cyber security, companies will be able to market good security as a selling point of their products or services. And if the Hong Kong government harbors aspirations of making fintech a major industry, it will have to vastly increase the resources it puts into cyber security. Make your own turf safe if money is to be made.

    Professors Lau Wing-Cheong and his co-author Zhang Kehuan are with the Department of Information Engineering, Faculty of Engineering at the Chinese University of Hong Kong.

    (HK Edition 09/12/2016 page10)

    国内精品人妻无码久久久影院导航| 久久久久久无码国产精品中文字幕| 无码中文字幕日韩专区| 亚洲一区日韩高清中文字幕亚洲| 久久精品无码专区免费| 亚洲精品无码午夜福利中文字幕 | 国产亚洲精品无码成人| 中文字幕日韩人妻不卡一区| 在线看中文福利影院| 国产三级无码内射在线看| 国产综合无码一区二区辣椒| 久草中文在线观看| 亚洲欧美日韩、中文字幕不卡| 精品人无码一区二区三区| 中出人妻中文字幕无码| 亚洲美日韩Av中文字幕无码久久久妻妇| 亚洲欧洲中文日韩av乱码| 欧美日韩中文国产一区发布| 精品人妻无码专区中文字幕| 国99精品无码一区二区三区| 麻豆aⅴ精品无码一区二区| 亚洲精品无码国产| 亚洲AV无码国产精品色午友在线 | 亚洲中文字幕成人在线| 最近2019免费中文字幕6| 无码专区中文字幕无码| 天堂√中文最新版在线| 亚洲精品无码成人片在线观看 | 88久久精品无码一区二区毛片| 无码A级毛片免费视频内谢| 无码成A毛片免费| 少妇人妻无码精品视频app| 日韩乱码人妻无码中文字幕| 人妻丰满AV无码久久不卡| 狠狠躁夜夜躁无码中文字幕| 丰满熟妇人妻Av无码区| 国产又爽又黄无码无遮挡在线观看 | 精品久久久久久无码人妻热| 成在线人免费无码高潮喷水| 18禁无遮拦无码国产在线播放| 成在人线AV无码免观看麻豆|