The centre incorporates GenAI features for generating risk summaries and improving productivity among security teams.

Contrary to common misconceptions, SaaS solutions will be helpful in managing complex IT environments, says Rohan Vaidya

KPMG in India, one of the country’s leading professional services firms, has announced a strategic alliance with SecurityBridge GmbH, a renowned provider of SAP-native cybersecurity solutions. This collaboration aims to enhance SAP security and compliance offerings for clients by integrating SecurityBridge’s cutting-edge technology into KPMG’s comprehensive service portfolio

Data and technology need to be adopted

Sachin Samrat Medavarapu, a recognized leader in AI-enhanced security and performance optimization, has built an impressive career marked by a series of significant achievements.

Economic think tank GTRI (Global Trade Research Initiative) in its report said that India needs to cut its reliance on imported vegetable oils to promote better health outcomes and also reduce the import bill

Exhibition: 28 Mar 2018 - 29 Mar 2018, London, United Kingdom. Organized by The IET.

Every time a transaction is initiated, the backend runs a check whether the customer is using the bank’s mobile app

Move to take care of security concerns, boost domestic manufacturing, say sources

Facebook Offensive Security Engineer Amanda Rousseau aka "Malware Unicorn" uses the power of Twitter to answer common questions about hacking. As an offensive security engineer, Amanda has seen just about everything when it comes computer hacking. What exactly is the difference between a black hat and a white hat hacker? Is there such thing as a red hat hacker? What's the point of malware, is it just to be annoying? Amanda answers all these Twitter questions, and much more!

Anne Neuberger, Director of Cybersecurity at the National Security Agency, speaks with WIRED's Garrett Graff as part of WIRED25, WIRED's second annual conference in San Francisco.

BRANDED CONTENT | Produced by WIRED Brand Lab with Comcast Business | It’s proven that workplace flexibility boosts morale, productivity and retention but there may be a surprising added benefit to a remote work policy shift: improved cybersecurity.

BRANDED CONTENT | Produced by WIRED Brand Lab with ExtraHop | Data is the most valuable enterprise asset. Encryption keeps it secure but can hide malicious traffic from security teams. With personal data and corporate reputations at stake, security experts Jesse Rothstein (ExtraHop) and Mikko Hyppönen (F-Secure) spoke with WIRED's Digital Director Brian Barrett to answer the key question: how can enterprise security and data privacy co-exist?

Cybersecurity expert Eva Galperin helps debunk (and confirm!) some common myths about cybersecurity. Is the government watching you through your computer camera? Does Google read all your Gmail? Does a strong password protect you from hackers? Will encryption keep my data safe? Eva answers all these questions and much more. Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation. Updated 8/20/2020: A previous version of this video incorrectly stated that Google scans Gmail data to target ads. Google stopped this practice in 2017.

Marc Rogers, Nate Warfield, and Ohad Zaidenberg spoke with Andy Greenberg at WIRED25 about the cyber threats facing hospitals and critical infrastructure during the pandemic, and the volunteer cybersecurity experts stopping them.

Produced by Wired Brand Lab with IBM | Businesses face growing cybersecurity threats as digital footprints expand. With limited time to stop breaches, how can businesses accelerate detection and response to cyberattacks? Discover how IBM Security QRadar Log Insights on AWS empowers companies to streamline responses across teams with AI-powered workflows.

U.S. Secretary of State Antony Blinken sits down with WIRED Contributing Editor Garrett M. Graff to talk about emerging technology, cybersecurity, and how the State Department is evolving to meet a new set of challenges. Director: Lisandro Perez-Rey Director of Photography: Charlie Jordan Editor: Louis Lalire Host: Garrett Graff Guest: Antony Blinken Line Producer: Joseph Buscemi Associate Producer: Brandon White Production Manager: Peter Brunette Production Coordinator: Rhyan Lark Camera Operator: Ben Finkel Sound Mixer: Elijah Sutton Post Production Supervisor: Christian Olguin Post Production Coordinator: Ian Bryant Supervising Editor: Doug Larsen Assistant Editor: Justin Symonds

By combining Spanish innovation with India’s potential, a big impact can be made on the global economy and the environment, he says

A good ant-virus program is essential for every Windows computer. Whilst paid applications tend to package in additional items like parent controls, id theft proper protection and a password supervisor, there are plenty of totally free www.vpn-support.net/boardroom-software-that-presents-only-benefits options out there offering just as much spy ware diagnosis as their counterparts. nfl jerseys cheap nike air […]

This innovation has the potential to revolutionise data encryption and security, offering enhanced protection for sensitive information in digital interactions.

As anticipated, implementation of Public Distribution System (PDS) reforms as mandated in the National Food Security Act, has reduced leakages

It needs to bring together diverse aspects such as defence and finance into a coherent whole; however, this is an exercise that needs to be conducted quietly

The move came after doctors protested against alleged interference by local panchayat leaders, demanding compliance with rules favouring ex-servicemen for hospital security roles

IEEE / Institute of Electrical and Electronics Engineers Incorporated

National Bureau of Economic Research

IEEE Computer Society

IEEE / Institute of Electrical and Electronics Engineers Incorporated

IEEE / Institute of Electrical and Electronics Engineers Incorporated

IEEE Computer Society

IEEE Computer Society

IEEE Computer Society

Concerns about data security practices prompt the move

The Minister highlighted the importance of creating an energy security fund and exploring rare earth minerals

There are concerns on Capitol Hill about Donald Trump tapping members of the House, where the final tally is still uncertain

Noem faced widespread backlash in April when she wrote in a memoir that she shot to death an "untrainable" dog that she "hated" on her family farm

The Hindu Sikh Global Forum members are marching towards the High Commission in the Chanakyapuri area

Molly Wilson and Eileen Wagner battle the age old Christmas issues of right and wrong, good and evil, and how the messages we send through iconography design can impact the decisions users make around important issues of security. Are you icons wise men, or are they actually King Herod?

Congratulations, you’re locked out! The paradox of security visuals

Designers of technology are fortunate to have an established visual language at our fingertips. We try to use colors and symbols in a way that is consistent with people’s existing expectations. When a non-designer asks a designer to “make it intuitive,” what they’re really asking is, “please use elements people already know, even if the concept is new.”

Lots of options for security icons

We’re starting to see more consistency in the symbols that tech uses for privacy and security features, many of them built into robust, standardized icon sets and UI kits. To name a few: we collaborated with Adobe in 2018 to create the Vault UI Kit, which includes UI elements for security, like touch ID login and sending a secure copy of a file. Adobe has also released a UI kit for cookie banners.

Even UI kits that aren’t specialized in security and privacy include icons that can be used to communicate security concepts, like InVision’s Smart Home UI Kit. And, of course, nearly every icon set has security-related symbols, from Material Design to Iconic.

Many of these icons allude to physical analogies for the states and actions we’re trying to communicate. Locks and keys; shields for protection; warning signs and stop signs; happy faces and sad faces. Using these analogies helps build a bridge from the familiar, concrete world of door locks and keyrings to the unfamiliar, abstract realm of public- and private-key encryption.

When concepts don’t match up

Many of the concepts we’re working with are pairs of opposites. Locked or unlocked. Private or public. Trusted or untrusted. Blocked or allowed. Encouraged or discouraged. Good or evil. When those concept pairs appear simultaneously, however, we quickly run into UX problems.

Take the following example. Security is good, right? When something is locked, that means you’re being responsible and careful, and nobody else can access it. It’s protected. That’s cause for celebration. Being locked and protected is a good state.

Whoops.

If the user didn’t mean to lock something, or if the locked state is going to cause them any inconvenience, then extra security is definitely not good news.

Another case in point: Trust is good, right? Something trusted is welcome in people’s lives. It’s allowed to enter, not blocked, and it’s there because people wanted it there. So trusting and allowing something is good.

Nope. Doesn’t work at all. What if we try the opposite colors and iconography?

That’s even worse. Even though we, the designers, were trying both times to keep the user from downloading malware, the user’s actual behavior makes our design completely nonsensical.

Researchers from Google and UC Berkeley identified this problem in a 2016 USENIX paper analyzing connection security indicators. They pointed out that, when somebody clicks through a warning to an “insecure” website, the browser will show a “neutral or positive indicator” in the URL bar – leading them to think that the website is now safe. Unlike our example above, this may not look like nonsense from the user point of view, but from a security standpoint, suddenly showing “safe/good” without any actual change in safety is a pretty dangerous move.

The deeper issue

Now, one could file these phenomena under “mismatching iconography,” but we think there is a deeper issue here that concerns security UI in particular. Security interface design pretty much always has at least a whiff of “right vs. wrong.” How did this moralizing creep into an ostensibly technical realm?

Well, we usually have a pretty good idea what we’d like people to do with regards to security. Generally speaking, we’d like them to be more cautious than they are (at least, so long as we’re not trying to sneak around behind their backs with confusing consent forms and extracurricular data use). Our well-intentioned educational enthusiasm leads us to use little design nudges that foster better security practices, and that makes us reach into the realm of social and psychological signals. But these nudges can easily backfire and turn into total nonsense.

Another example: NoScript

“No UX designer would be dense enough to make these mistakes,” you might be thinking.

Well, we recently did a redesign of the open-source content-blocking browser extension NoScript, and we can tell you from experience: finding the right visual language for pairs of opposites was a struggle.

NoScript is a browser extension that helps you block potential malware from the websites you’re visiting. It needs to communicate a lot of states and actions to users. A single script can be blocked or allowed. A source of scripts can be trusted or untrusted. NoScript is a tool for the truly paranoid, so in general, wants to encourage blocking and not trusting. But:

“An icon with a crossed-out item is usually BAD, and a sign without anything is usually GOOD. But of course, here blocking something is actually GOOD, while blocking nothing is actually BAD. So whichever indicators NoScript chooses, they should either aim to indicate system state [allow/block] or recommendation [good/bad], but not both. And in any case, NoScript should probably stay away from standard colors and icons.”

So we ended up using hardly any of the many common security icons available. No shields, no alert! signs, no locked locks, no unlocked locks. And we completely avoided the red/green palette to keep from taking on unintended meaning.

Navigating the paradox

Security recommendations appear in most digital services are built nowadays. As we move into 2020, we expect to see a lot more conscious choice around colors, icons, and words related to security. For a start, Firefox already made a step in the right direction by streamlining indicators for SSL encryption as well as content blocking. (Spoilers: they avoided adding multiple dimensions of indicators, too!)

The most important thing to keep in mind, as you’re choosing language around security and privacy features, is: don’t conflate social and technical concepts. Trusting your partner is good. Trusting a website? Well, could be good, could be bad. Locking your bike? Good idea. Locking a file? That depends.

Think about the technical facts you’re trying to communicate. Then, and only then, consider if there’s also a behavioral nudge you want to send, and if you are, try to poke holes in your reasoning. Is there ever a case where your nudge could be dangerous? Colors, icons, and words give you a lot of control over how exactly people experience security and privacy features. Using them in a clear and consistent way will help people understand their choices and make more conscious decisions around security.

About the author

Molly Wilson is a designer by training and a teacher at heart: her passion is leveraging human-centered design to help make technology clear and understandable. She has been designing and leading programs in design thinking and innovation processes since 2010, first at the Stanford d.school in Palo Alto, CA and later at the Hasso-Plattner-Institut School of Design Thinking in Potsdam, Germany. Her work as an interaction designer has focused on complex products in finance, health, and education. Outside of work, talk to her about cross-cultural communication, feminism, DIY projects, and visual note-taking.

Molly holds a master’s degree in Learning, Design, and Technology from Stanford University, and a bachelor’s degree magna cum laude in History of Science from Harvard University. See more about her work and projects at http://molly.is.

Eileen Wagner is Simply Secure’s in-house logician. She advises teams and organizations on UX design, supports research and user testing, and produces open resources for the community. Her focus is on information architecture, content strategy, and interaction design. Sometimes she puts on her admin hat and makes sure her team has the required infrastructure to excel.

She previously campaigned for open data and civic tech at the Open Knowledge Foundation Germany. There she helped establish the first public funding program for open source projects in Germany, the Prototype Fund. Her background is in analytic philosophy (BA Cambridge) and mathematical logic (MSc Amsterdam), and she won’t stop talking about barbershop music.

More articles by Molly Wilson & Eileen

Divya Sasidharan calls into question the trade-offs often made between security and usability. Does a secure interface by necessity need to be hard to use? Or is it the choice we make based on years of habit? Snow has fallen, snow on snow.

Security is often synonymous with poor usability. We assume that in order for something to be secure, it needs to by default appear impenetrable to disincentivize potential bad actors. While this premise is true in many instances like in the security of a bank, it relies on a fundamental assumption: that there is no room for choice.

With the option to choose, a user almost inevitably picks a more usable system or adapts how they interact with it regardless of how insecure it may be. In the context of the web, passwords are a prime example of such behavior. Though passwords were implemented as a way to drastically reduce the risk of attack, they proved to be marginally effective. In the name of convenience, complex, more secure passwords were shirked in favor of easy to remember ones, and passwords were liberally reused across accounts. This example clearly illustrates that usability and security are not mutually exclusive. Rather, security depends on usability, and it is imperative to get user buy-in in order to properly secure our applications.

Security and Usability; a tale of broken trust

At its core, security is about fostering trust. In addition to protecting user accounts from malicious attacks, security protocols provide users with the peace of mind that their accounts and personal information is safe. Ironically, that peace of mind is incumbent on users using the security protocols in the first place, which further relies on them accepting that security is needed. With the increased frequency of cyber security threats and data breaches over the last couple of years, users have grown to be less trusting of security experts and their measures. Security experts have equally become less trusting of users, and see them as the “the weakest link in the chain”. This has led to more cumbersome security practices such as mandatory 2FA and constant re-login flows which bottlenecks users from accomplishing essential tasks. Because of this break down in trust, there is a natural inclination to shortcut security altogether.

Build a culture of trust not fear

Building trust among users requires empowering them to believe that their individual actions have a larger impact on the security of the overall organization. If a user understands that their behavior can put critical resources of an organization at risk, they will more likely behave with security in mind. For this to work, nuance is key. Deeming that every resource needs a similarly high number of checks and balances diminishes how users perceive security and adds unnecessary bottlenecks to user workflows.

In order to lay the foundation for good security, it’s worth noting that risk analysis is the bedrock of security design. Instead of blindly implementing standard security measures recommended by the experts, a better approach is to tailor security protocols to meet specific use cases and adapt as much as possible to user workflows. Here are some examples of how to do just that:

Risk based authentication

Risk based authentication is a powerful way to perform a holistic assessment of the threats facing an organization. Risks occur at the intersection of vulnerability and threat. A high risk account is vulnerable and faces the very real threat of a potential breach. Generally, risk based authentication is about calculating a risk score associated with accounts and determining the proper approach to securing it. It takes into account a combination of the likelihood that that risk will materialize and the impact on the organization should the risk come to pass. With this system, an organization can easily adapt access to resources depending on how critical they are to the business; for instance, internal documentation may not warrant 2FA, while accessing business and financial records may.

Dynamically adaptive auth

Similar to risk based auth, dynamically adaptive auth adjusts to the current situation. Security can be strengthened and slackened as warranted, depending on how risky the access point is. A user accessing an account from a trusted device in a known location may be deemed low risk and therefore not in need of extra security layers. Likewise, a user exhibiting predictive patterns of use should be granted quick and easy access to resources. The ability to adapt authentication based on the most recent security profile of a user significantly improves the experience by reducing unnecessary friction.

Conclusion

Historically, security failed to take the user experience into account, putting the onus of securing accounts solely on users. Considering the fate of password security, we can neither rely on users nor stringent security mechanisms to keep our accounts safe. Instead, we should aim for security measures that give users the freedom to bypass them as needed while still protecting our accounts from attack. The fate of secure systems lies in the understanding that security is a process that must constantly adapt to face the shifting landscape of user behavior and potential threats.

About the author

Divya is a web developer who is passionate about open source and the web. She is currently a developer experience engineer at Netlify, and believes that there is a better workflow for building and deploying sites that doesn’t require a server—ask her about the JAMstack. You will most likely find her in the sunniest spot in the room with a cup of tea in hand.

More articles by Divya