HTTP sites can create all sorts of security problems for users – and the latest moves by Google Chrome indicate to all of us that now is a good time for website owners to transition over to the more secure HTTPS connections. Currently, if a user loads a site over an HTTP, it is possible for someone else on that same network to modify the site before the user sees it. Google has previously provided no indication that HTTP connections are insecure through its Chrome browser, meaning that users have not been made aware of the security dangers these connections can present. However, in a bid to now improve internet security, Google is aiming to clearly mark all HTTP connections accessed through its Chrome browser as “non-secure”, and is this year starting to put this initiative into place.
Current measures do not reflect dangers
When entering an HTTP connection, a user was until now met with a neutral security indicator. Google now agrees that this indicator does not reflect the true security dangers of HTTP connections. Users are simply not responding to this neutral indicator, and are not taking it to mean that their connections could be insecure. The fact that Google already uses a red warning symbol – specifically to indicate when there is a problem with an HTTPS connection – means that users take a lack of a red symbol to mean that everything is ok.
Research confirms this. A recent study by Google and the University of California, Berkley, found that internet users were ignoring the neutral indicator and did not take the lack of a ‘secure’ warning by Google as an indication that their connection security could be at risk. The study surveyed more than 1,300 people, analysing their reactions to over 40 Chrome icons, and sought to propose new and tighter security measures through the popular Chrome browser.
The recommendations of the study are now being adopted by Google, and the company hopes its actions will encourage others to tighten up their security measures in a bid to crack down on cybercrimes. From January this year, users of HTTP connections are being met with a ‘non-secure’ icon when they open their Chrome 56 browsers. The icon is clearly displayed in a pop-up window and is in a red ‘warning’ colour that is difficult for users to ignore. Users are still able to connect via HTTP, but they will do so with the knowledge that their online security could be compromised.
Transition to HTTPS
Google’s move to warn users of the dangers of HTTP connections is expected to have a significant impact on the internet world – and will help global security efforts to move all internet users over to HTTPS connections. In 2015, cybercrime cost global businesses more than $400 billion, and this figure had quadrupled between 2013 and 2015. If significant changes are not made to the way people access the internet, it is projected that by 2019 the global cost of cybercrime is likely to reach $2 trillion (http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#6f44eecb3bb0). These figures are estimates – the World Economic Forum says the actual figures could be a lot higher, as a huge proportion of web crimes go undetected altogether. This is a huge problem for businesses – and has the potential to cripple small to medium businesses. 20% of SMEs say that they have already been a victim of cybercrime, so this move by Google will be welcome in the long run, once all website owners have switched over to HTTPS.
Shaming HTTP websites
A significant amount of web traffic has already transitioned over to the more secure HTTPS connections. However, connections to HTTP still create a problem for individuals and businesses alike, and Google hopes that its new move will encourage further transitions. Google recently announced that it reached a milestone in HTTPS adoption; a recent report carried out by the company found that 12 out of the world’s 100 largest websites have now transitioned over from HTTP to HTTPS as their default connections. For those websites that remain users of HTTP, Google Chrome’s new non-secure warning will effectively act as a shaming tool. It is expected that these companies will lose a large amount of traffic to their sites now that the new measures are in place – and will start gaining a reputation as being unsafe for users to access.
Change now to avoid lasting damage
In order to keep traffic flowing to their sites, it is highly recommended that web businesses change their connections as soon as possible. A delay in doing so will result in users of Chrome having a lasting impression that these companies’ websites are insecure – and this perception could last a lot longer after a website’s connection change to HTTPS takes place. There are more than one billion users of Google Chrome, so this is a huge proportion of total web traffic and Google’s security move should act as a firm wake-up call for businesses of all sizes.