Facebook CSO: We Need More People-Centric Security
At the Annual Black Hat conference, Facebook Chief Security Officer Alex Stamos told the crowd that something needs to change in the security industry.
According to Facebook’s Chief Security Officer, the cybersecurity industry needs to be more focused on people less on technology.
At the annual Black Hat conference this year, Alex Stamos scolded the security industry for being too focused on technology and less focused on finding a mass solution that could help people stay safe in his keynote speech.
“We have perfected the art of finding problems without fixing real work issues,” Stamos told the crowd. “We focus too much on complexity, not harm.”
He cited examples, such as an insulin pump being hacked, that had little relation to real issues experienced by people who use technology rather than work with it or understand it well.
The security industry, according to Stamos, is concentrated too much on the small number of complex attacks aimed at large corporation that were mounted by the most sophisticated adversaries.
For Facebook, Stamos explained, their users are not being targeted by spies or nation-states. The company is more focused on how it can help its users dodge attacks and hacks that happen to its two billion users each day.
"The things that we see, that we come across every day, that cause people to lose control of their information are not that advanced," Stamos said. "Adversaries will do the simplest thing they need to do to make an attack work."
Stamos attributed the lack of focus on the smaller issues to the interest in the more complex hacks that threaten those who are of higher status. He said security experts have little interest or empathy for people, due to the way that they believed there would be fewer breaches and less data loss if people were just perfect.
To Stamos, the growing cybersecurity industry means there is a real chance at improving people’s lives, so why aren’t the experts trying harder?
Watch the entire keynote speech on Facebook’s Security page here.