Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:30 PM
Peter Hesse
Peter Hesse
Connect Directly
E-Mail vvv

Security Starts with the User Experience

Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.

In a 1912 poem by Joseph Malins, a village debates how best to deal with a dangerous cliff. The town is torn over the decision whether to build a fence around the edge of the cliff or place an ambulance down in the valley. The townspeople decide to fund an ambulance, until a wise man suggests a preventative approach:

Then an old sage remarked, "It's a marvel to me
that people give far more attention
to repairing results than to stopping the cause, 
when they'd much better aim at prevention."

There's no question that preventing a data breach is much safer and more cost-effective than dealing with a breach after it has already occurred. Implementing specialized tools and tactics for data breach response is reactive, like funding the ambulance in the valley. Many breaches, both accidental ones based on user error and malicious attacks, could have been avoided had companies thought about security in the product design phase — if there had only been a "fence" built into the user experience.

The most recent example can be seen in the missile alert that was incorrectly sent to Hawaiians in January 2018. An investigation into the incident determined "that insufficient management controls, poor computer software design and human factors contributed" to the alert and a delayed correction message. While it is impossible to say that the situation could have been totally avoided, a design that deterred sending out actual alerts could have made quite a difference. What might have happened if after the employee had clicked to send the alert, he was prompted with a second step to acknowledge the gravity of his actions, or if a supervisor's approval was required? Changing the user experience could have helped prevent this unintended scare.

Another recent breach that could have been avoided or lessened by secure design is the 2017 Republican National Committee data breach, when it was discovered that a database containing personal details of more than 198 million American voters was exposed. The data was left unprotected after a software upgrade, when the analytics company storing files containing the information failed to re-enable password protection.

As with most breaches, there were numerous failures in this situation. This large amount of sensitive information deserved better protection than a simple website password as its defense. The fact that the upgrade required the password protection to be removed is bad; the fact that the upgrade didn't notify IT personnel to re-enable it is worse. Additionally, the ideal design would have separated the names of the voters from their information altogether.

According to the 2017 Beazley Breach Insights report, unintended disclosures were the cause of a shocking 42% of healthcare-related breaches. These breaches typically are caused by employee error, such as misdirected faxes or improperly released discharge papers. As these processes increasingly are done digitally, properly designed user interfaces can help to reduce or eliminate human error. Additionally, they can warn individuals of risky behaviors before they happen. Imagine seeing a warning that said "You are about to export 135 medical records without encryption. Disclosure of this file could result in up to $6.75 million of HIPAA fines. Do you want to continue?"

Opportunities to protect information in advance arise every day, and not only in the situations involving publicized failures. Consider, for example, an application to help accountants prepare their clients' taxes. This app would collect tax information and store tax returns for easy access. The app should make it very easy for the accountant to search for and view relevant information. However, the application should be designed in a way that makes it very difficult to download an Excel sheet documenting all their clients' Social Security numbers and income. Instead of a simple export button, the designer could implement an approval process, or it could just be difficult to aggregate such information. It would also make sense to warn the user before sensitive information is downloaded in bulk — and inform supervisory personnel as well. The goal for the designer is to give an incentive for safe and secure use, and mitigate or prevent system abuse.

Real and hypothetical situations to protect information with better user experience exist across all industries and types of systems. It is easy to show how a design flaw could create a crisis, while prudent design could prevent or minimize the likelihood of one. The best mechanism to prevent these crises is at the design stage. Developers must always consider making it easier for individuals to do the safer activities, and harder for them to do the unsafe ones. Take the advice of the sage and spend the time to build the fence, rather than calling for an ambulance later.

Related Content:


Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

For nearly two decades, Peter Hesse has leveraged his passion for technology and experience in security to develop successful solutions to interesting problems. From an exciting start developing the reference implementation of a standards-based certification authority for the ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/28/2018 | 11:36:01 AM
Security Starts with the User Experience
@Michael: "...companies think that users with legitimate access to sensitive data are the biggest risk..." The problem is that any data might become "sensitive data" when combined with other data; and that other data might not be considered "sensitive" either, and doesn't have to be from the same data source. 

@Peter: You raise some good points, including the need to emphasize prevention over remediation.  Changing attitudes and practices in application development won't be easy; and there are limitations to the effectiveness of safeguards at the application-user experience level (they really belong closer to the data).  Partly that's the inherent problem of anticipating all of the ways user interaction might compromise security - when you think you've thought of everything, someone will surprise you (usually by doing something very clever or unimaginably dumb).  Also, the user experience part of it nearly always trumps security concerns; so anything that encumbers or makes that experience less enticing will likely be vetoed.  There's another concern that pushes security to the back of the bus: revenue.  From a developer's perspective: compromise the user experience or the revenue stream, and you get immediate, and invariably negative, feedback.  Compromise security, and it might never get back to you - so how would you set your priorities? 
Michael Fimin Netwrix
Michael Fimin Netwrix,
User Rank: Author
2/28/2018 | 4:59:50 AM
Insiders are the weakest link in your security
This is so true! No matter how much effort and investments you have put in your security, your business users can derail all your work in a couple of minutes. Most companies think that users with legitimate access to sensitive data are the biggest risk, and the only way to try to fix that is to educate them and raise cyber security awareness. In addition, you always should have visibility into your IT infrastructure to check if your employees follow security policies established in your company. 
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-04-05
PRTG Network Monitor before allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
PUBLISHED: 2020-04-04
Ivanti Workspace Control before, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.