We already know that cybersecurity isn’t really working. There was the Equifax hack and the Yahoo hack. There was the whole Russian agents stealing NSA secrets and North Korean hackers stealing U.S. and South Korean war plans thing. The problem seems to be getting worse, and we haven’t yet figured out a way to stop the bad guys from getting in.
Even some of the lectures we get after hacks about updating your software and changing your passwords aren’t enough. In fact, Stefan Savage, who was just named a MacArthur fellow for his work studying cybersecurity, says no one really knows how effective those strategies are. He talked with Marketplace Tech’s Molly Wood about why code alone won’t solve our problems. Below is an edited excerpt of their conversation.
Molly Wood:Â Do we know what are the best ways to protect our data?
Stefan Savage: So one of the things that I think has been really unfortunate in the cybersecurity realm is how much of it is really just a set of received wisdom and art, and very little based on science. All of these things that we tell you are important to do, like have a long password and run antivirus and patch and all this other stuff, don’t go to certain sites, don’t use file sharingÂ â we actually have no idea how much that helps. And we’d like to actually measure that effect so that we can have guidance based on science about what practices actually lead us to be more secure.
Wood:Â What do you find are maybe the biggest misconceptions, like you said, for example,…