At one of the world's biggest technology trade shows, cybersecurity — and how unprepared most consumers and even regulators are to address it — emerged as a key theme at various panel discussions interspersed with flashy new product announcements.
At CES 2019 in Las Vegas, analysts, security professionals and even some executives acknowledged that more regulation was likely necessary, but many expressed concerns about the ability of legislators to effectively guide cybersecurity strategy as a "tsunami" of poorly secured connected devices hit the market.
"Lawmakers are woefully ill-informed on how technology works, so asking them to regulate this is almost a disaster waiting to happen" said Simone Petrella, chief cyberstrategy officer at CyberVista, during a panel discussion. She noted that during congressional hearings probing data mishandling by third-party app developers on Facebook Inc., many legislators displayed a lack of basic knowledge about how the social media company's core business model works.
Consumers also often lack "basic hygiene" when it comes to self protection, said Charles Eagan, chief technology officer and senior vice president of mobility software solutions at BlackBerry. He called the new devices being exported from Asian countries, for instance, "a tsunami" of potential security issues. Petrella said industry leaders should use their brand recognition to evangelize and educate consumers on how to manage their own data security as cybersecurity becomes a larger and more dire issue globally.
CES also included an array of new cybersecurity software solutions embedded into new devices. Samsung Electronics, for example, is building its defense-grade enterprise mobile security product Knox into new consumer devices, said Samsung Electronics North America President and CEO Tim Baxter.
However, features like Knox tend to come at a premium, leaving consumers of low-cost technology more exposed, International Business Machines Corp. security architect Doug Lhotka said during a different panel. While security and privacy features are increasingly in demand, they are still only accessible by a fraction of the market.
The problem is sometimes rooted in the business models that drive seemingly free services, and the data that drives them. "We need to step back and change the macroeconomic model, where the value is," Lhotka said. To do so, he believes new regulations will be needed to help shift the landscape so that security is a more proactive part of all technology development — and transparency about data collection and use is not optional.
The wave of new connected technologies and product announcements during CES added a sense of urgency to the cybersecurity discussions.
"On a positive note it's really exciting the idea our world is becoming more open and free," Petrella said when asked about the challenge of a more connected world. "[But] it puts us in the security profession in a constant state of catch-up."