The Trust Conundrum
Users’ trust in the internet increases with greater usage. On the flip side, as internet usage increases, so does users’ risk exposure. James Bone explores this conundrum; it’s one hackers know well, and one they’re quick to exploit. And yet, businesses across all sectors depend on users’ trust. What’s a company to do?
By: James Bone
“It takes two to do the trust tango – the one who risks (the trustor) and the one who is trustworthy (the trustee); each must play their role.” –Charles H. Green, The Trusted Advisor
In the world in which we live and breathe, “trust” is developed over repeated interactions between parties with whom a relationship has been built. In the world of the internet, trust is established much more quickly and subconsciously based on cognitive queues of similarity or credibility that are not always reliable. This apparent conflict of trust paradigm is the “trust conundrum.” The trust conundrum weakness has become the preferred and most successfully executed attack posture for hackers to exploit due to the relative ease of creating trust in the internet. Cognitive hacks, also known as phishing, social engineering or by other names, is the biggest threat in cybersecurity as the level of sophistication and variants of these attacks evolve.
Trust in the internet is not a new or novel topic for those who have followed these trends over many years. In 2003, the University of Pennsylvania’s Lions Center was created to study cybersecurity, information privacy and trust.[1] The center was established in 2003 to serve three main purposes:
- conduct research to detect and remove threats of information misuse to the human society, mitigate risk, reduce uncertainty and enhance predictability and trust;
- produce leading scholars in interdisciplinary cybersecurity research; and
- become a national leader in information assurance education.
In the same year, the University of Oxford’s Oxford Internet Institute produced a research report titled “Trust in the Internet: The Social Dynamics of an Experience Technology.”[2] Today’s headlines would suggest that we have much more to learn about trust in the internet.
After reviewing a variety of studies on the topic of trust in the internet, the general findings conclude that we have a healthy level of skepticism while conducting business in the internet due to the perceived risks, yet we trust the internet to conduct an ever-expanding list of services. The studies suggest that our use and behavior on the internet is driven by trust. Generally speaking, the more we use the internet, the more trust we have – a concept called cyber trust.
Conversely, we trust (“net confidence”) the internet more as our use increases, exposing us to more threats (“net risks”). This conundrum is partly why cyberattacks continue to grow unabated and demonstrate a huge and growing gap not fully addressed by either cybersecurity professionals, technology frameworks and standards or policies and procedures designed to mitigate these risks. These studies are dated and much more research on the topic of trust in the internet is still needed, but the initial research provides some insight into the root cause of the problem.
The tension between developing net confidence and the threat of net risks will not be solved in this article. The observation, however, is that consumer behaviors on the internet are beginning to change. In a more recent survey posted on the National Telecommunications & Information Administration (NTIA) website, the U.S. Department of Commerce noted, “NTIA’s analysis of recent data shows that Americans are increasingly concerned about online security and privacy at a time when data breaches, cybersecurity incidents and controversies over the privacy of online services have become more prominent. These concerns are prompting some Americans to limit their online activity, according to data collected for NTIA in July 2015 by the U.S. Census Bureau. This survey included several privacy and security questions, which were asked of more than 41,000 households that reported having at least one internet user.”[3]
The implications of these and other studies are: if nothing is done, the growth and huge economic benefits of e-commerce may be curtailed over time as “trust” diminishes as a result of increasing threats in cyberspace. The NTIA’s July 2015 survey found, “Nineteen percent of internet-using households — representing nearly 19 million households — reported that they had been affected by an online security breach, identity theft or similar malicious activity during the 12 months prior.”
While most organizations have been primarily concerned with developing a defensive posture for internal security of customer data, it is becoming increasingly clear that the development of trust will become a critical factor in the expansion of services and uses of the internet by the government, business and the providers of new technology. Therefore, we are at the beginnings of a crossroads where innovation, growth and security may depend as much on developing trust in the internet as on the features and benefits of products and services provided by the internet. There are few easy solutions to this problem, as demonstrated by the hacking of the DNC and the growth of breaches, more broadly. However, the lack of progress made since the early research into the issue of trust demonstrates that a more comprehensive approach is needed. Joint ventures from academia, industry, government, the military and law enforcement must be forged to address these issues of privacy, security and the open internet. The window of opportunity may be closing.
[1] https://ist.psu.edu/sites/default/files/u19/cyber_security.pdf
[2] https://www.oii.ox.ac.uk/archive/downloads/publications/RR3.pdf
[3] https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may-deter-economic-and-other-online-activities