You might think of cybersecurity professionals as tech’s collective “watchers on the wall”—the guardians who let you know when doom is coming. With that perspective, you might find it hard to believe that hackers, security researchers, and other cybersecurity experts have much to be thankful for, or to look forward to.
Certainly, we’ve recently been bombarded by alarming or depressing news in the cybersecurity and privacy arena, from new scams exploiting hacked passwords to hacks of 30 million Facebook accounts to the rise of the Meltdown and Spectre hardware exploits. But in light of this week’s venerable holiday, we didn’t have to think long or deeply to come up with a handful of events and developments many security experts see as positive for consumers.
As with most things, cybersecurity progress often is kicked off with simply noticing and acknowledging a problem—and then getting influential people to care. And this past year has seen powerful organizations take greater notice of and interest in important problems that have essentially been ignored for decades.
Here are six things on the cybersecurity and privacy front we’re glad that organizations are helping consumers become more aware of than ever before.
1. “Lock the Vote”: When I was a teenager, Rock the Vote was the big campaign to get young Americans to vote. And now that voter numbers are skewing higher and younger, and we have other major issues testing our democracy, you could say a campaign to Lock the Vote is brewing.Amid revelations and widespread concern about Russian interference in the 2016 election, security experts are effectively raising awareness about a couple issues they’ve been talking about since about 2005: Voting machines can be hacked. And social media and other personal-data sources can be used to profile and manipulate people, including voters.As election security experts grab the attention of influencers in D.C., we’re inching toward more secure election technology and policies.
2. Data privacy regulation: Even Facebook CEO Mark Zuckerberg, the reigning king of antiprivacy technologists, acknowledges that regulation of Facebook is “inevitable.”Indeed, in the wake of the major Facebook hack disclosed in September, the company may become the first major test case of Europe’s far-reaching General Data Protection Regulation. It also now must contend with a new consumer data privacy law its home state of California passed on November 8.
3. Flocking to HTTPS: When you visited a website even four years ago, chances were that the data was exposed to hackers. Only a quarter of sites encrypted their traffic.Since then, a broad range of organizations, including Google, Mozilla, the Electronic Frontier Foundation, The Tor Project, Let’s Encrypt, Cloudflare, Cisco Systems, Akamai, Facebook, and more than two dozen others—even the American Library Association—began backing the adoption of HTTPS to protect traffic between website servers and consumers from the easiest of hacks. Google even started to downgrade sites without HTTPS in its search results.Today, approximately 75 percent of sites now use the traffic-encrypting protocol. That’s significant progress. Now we just need to see the rest of the top million sites get with the HTTPS program.
4. Secure messaging: The renewed emphasis on encryption, due in no small part to cybersecurity industry concerns in the aftermath of Edward Snowden’s 2013 whistleblowing efforts, has led to a new cottage industry of competitive end-to-end secure-messaging apps.We’ve written about these apps at length, and while many of them continue to interest their niche users, the fact that since 2016, more than 1 billion people using WhatsApp are texting and calling one another in end-to-end encrypted conversations is nothing short of remarkable.
5. Protection beyond passwords: There’s now wider acceptance of the fact that you can’t secure your online accounts from hackers with merely a password and a prayer. Even “tough” passwords can be hacked, or the account recovery protocol can be exploited and social-engineered away from the account owner.Along with two-factor authentication, however, the rise of the affordable physical two-factor authentication key has helped give consumers more security than ever before. And if you’re still skeptical, it’s what Google makes its employees use to keep them safe from account hacks.
6. Calling out potential IoT disasters: When there’s a Twitter account dedicated to all the worst that the Internet of Things has brought us, you know that there’s a problem. Nobody needs a toothbrush that can be hacked over Wi-Fi, a toilet that automatically records your bowel movements, or a hackable watch that tracks children. But the Internet of Things, a crazy collection of Internet-connected devices, is growing larger by the day.If it’s an unavoidable consequence of technology that everything is going to be on the Internet, we’re glad that hackers are keeping a sharp eye on everything that can go wrong. The shortlist from this year alone includes calling out dangerous vulnerabilities in medical devices, connected cars, gas stations, and power plants.