Google’s President of Global Affairs & Chief Legal Officer, Kent Walker, and the company’s VP of Engineering for Privacy, Safety, and Security, Royal Hansen, penned a blog post highlighting the need for tech companies to take a “completely new approach” to designing their products and services. “People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” they wrote. “Safety should be fundamental: built-in, enabled out of the box, and not added on as an afterthought.” According to the execs, fixing the flawed cybersecurity ecosystem will require private-public collaboration and rethinking how companies build products and services.
Americans ‘Have Unwittingly Come to Accept’ Unsecure Tech
Walker and Hansen echoed the sentiments expressed in a recent article written by CISA Director Jen Easterly and Executive Assistant Director Eric Goldstein. In the op-ed published in Foreign Affairs magazine on Feb. 1, the officials called on companies to give more importance to consumer safety. “The incentives for developing and selling technology have eclipsed customer safety in importance,” Easterly and Golding said, explaining that Americans have come to accept that devices and software come with numerous defects. “They (Americans) accept that the cybersecurity burden falls disproportionately on consumers and small organizations, which are often least aware of the threat and least capable of protecting themselves,” the officials wrote. Walker and Hansen cited the spike in ransomware attacks in recent years to exemplify the problem. Threat actors usually exploit unpatched vulnerabilities to launch ransomware attacks. Going after the cybercriminals responsible for these attacks is akin to treating the symptoms of the problem, they explain. “Treating the root causes will require addressing the underlying sources of digital vulnerabilities,” the two Google execs noted in their blog post.
‘Secure by Default’
According to Walker and Hansen, prioritizing security doesn’t have to hurt user experience. They highlighted Google’s efforts to increase safety without compromising the user experience of its services. Features like Safe Browsing protects users online without interfering with their browsing experience, they said. Walker and Hansen also cited Google’s decision to turn on two-step verification by default in 2021. They noted that the initiative might not have achieved the desired results if Google had offered users the choice to opt-in for the feature. Creating secure-by-design products will require a change in focus, Walker and Hansen said. The focus should be on upstream software development instead, which will “demand a completely new approach to how companies build products and services.” There are no “cut-and-paste solutions,” they said, explaining that developers need to “think deeply” about potential threats and design their products and services to be impervious to potential attacks. Interested in learning how to protect your organization from online threats? We recommend reading our beginner’s guide to cybersecurity for small businesses to learn how to secure your organization from cyber threats.