Cybersecurity, Human Factors & User Experience – Part 3

In 1965, Gordon Moore predicted that computing power would double every two years. Moore, who co-founded Intel, was surprisingly accurate in his rough estimation. What does this imply?  Your current computer is likely to be at least 10,000,000,000,000,000,000,000,000 times faster than a computer from 50 years ago, and that’s if you have a slow and outdated machine.

Yet it’s also a deceptively simple picture of the evolution of technology. As Niklaus Wirth observed in 1995, “Software is getting slower more rapidly than hardware becomes faster.” Google founder Larry Page restated this in 2009 – quite a credible endorsement in the tech world that was ultimately renamed ‘Page’s Law.’ This trend has proven as valid as Moore’s Law. Software obviously it isn’t getting slower, per se, but in relation to its hardware counterpart, it lags.  

This stems partially from the fact that as software becomes bigger, the number of bugs increases exponentially (not linearly). Bugs beget more bugs, and their relation to each other becomes more cryptic as software grows in size. Debugging is a huge part of developing software, often the most expensive line item in the cost of a project overall.

The bugs and loose ends that haunt R&D beneath the surface are usually a hacker’s secret back door. It’s the things we don’t know we don’t know that threaten us the most. 

As the evolution of computer programming continues, but as it becomes increasingly complicated for its creators, new vulnerabilities for end users keep cropping up as well. We’re standing on the shoulders of giants every time we boot up a computer, tablet or smartphone. Our user experience is more complicated and overlapped than ever before, with social media, banking, networking, photo and video sites, and email all interconnected. Yet we only see about 10% of what comprises a user interface. While the gears under the hood purr obediently, we take security and functionality for granted.

Think of the cyber landscape as an iceberg, with 90% of its mass beneath the surface, ambiguous to the eye and difficult to measure. Unfortunately, many of us make decisions based on the 10% of the data we have readily available. This can be deceptive – symptoms are not necessarily root problems, and causation can be hard to decipher.

While software engineers and architects grapple with a behemoth set of bugs, holes and vulnerabilities that help keep things secure on the back end, smart users should take on some of this responsibility as well.  Vigilance and caution are the keys to avoiding hacker attacks. A system is only as strong as its weakest link. If we bite a worm with a hook in it, we not only compromise ourselves but also our co-workers, friends and employers. We might even inadvertently expose sensitive or classified data that could threaten anything from a small business to our national security.

As consumers, we must stay abreast of new scams, bogus apps, and other potential threats that might be introduced into a system due to our clumsiness. All encryption, password protection, even voice and facial recognition safety measures fly out the window once a human user overrides these measures with an approving mouse click. A recent study showed 93% of computers have antivirus software installed, yet only 23% of smartphone users said they intend to install such software. On top of that, only half of all mobile users even lock their phones.

These are just basic front line measures. With smartphone threats on the rise, we’re sure to see new, prolific viruses making their way through the mobile OS world. The idea that everything is safe as long as you have antivirus software is an outdated concept. A zero-day virus (immune to all known antivirus software) can find its way onto a machine with the help of a human mistake, through a technical weakness, or by a combination thereof.

One of the most common ways humans betray their own security is by falling for ‘spear phishing’ schemes, many of which rely on a genuine-looking but utterly counterfeit UI. The ruse can take many forms, like a Facebook icon saying a new friend has invited you to do something, or that your password needs to be or has already been changed. Or, you may receive a fake eBay or Amazon confirmation email with an authentic-looking logo warning you that your credit card has just been charged. Fake emails that appear to come from a coworker or boss are common as well.

We take for granted the everyday user experiences we have with websites and applications we trust. Phishing schemes play on that very familiarity and sense of comfort. Familiar icons and logos automatically register in our brains as safe.

Cyber security could also be described as ‘cyber vulnerability.’ Since the Web became publicly accessible in 1995, we have gone from a simple boxy PC plugged into a phone jack to an era of smartphones, 4G tablets, laptops, and cloud computing. As consumers and end users, we cope with many more dangers in the digital wild than ever before. What we see on the surface is not all that meets the eye.

Our experience as users should be one of utility and convenience; this lies at the heart of UX and UI design. We just need to remember to use caution and skepticism as well when we navigate the potentially perilous open seas.


Comments are closed.