A few weeks ago, I was asked to comment on the "most underestimated IT security threat". My answer was "us". The full post is here. My conclusion is going to be valid for 2017 and at least the next 10-20 years. Why? Because there are no magic pills to prevent cybersecurity failures. Only your own diligence and knowledge. The problem is we have grown accustomed to someone else solving these types of problems. Look at health issues. If you watch evening TV, you will be amazed at the number of drugs being marketed to improve lifestyle. Most of these challenges can be mitigated by simple diet and exercise, but that does require discipline and self-knowledge. For cyber threats, there's plenty at stake. Our democratic processes, privacy and financial well-being. But we are going to have to defend these.
A recent column from Hiawatha Bray makes the same point: to create a safe Internet, we all need to be actively involved. Mr. Bray recalls the days of nuclear bomb shelters and civil defense exercises, long gone out of favor. If cyber defense exercises won't get people engaged today, what will, short of a "cyber Pearl Harbor"?
The Commission on Enhancing National Cybersecurity, referred to in my last blog post, considers consumer based cybersecurity efforts to be a national imperative. Their recommendations include:
- Sustained awareness campaign at the national level
- Better security educational efforts from vendors of digital products
- Research on security and usability of digital products
These efforts haven't made much progress in the past. As the Commission pointed out, past awareness campaigns were carried out by technology focused organizations, such as DHS. Before you dismiss all new initiatives, take a look at this site describing the top ad campaigns of the 21st century. Cybersecurity awareness needs participation from experts in advertising and public messaging. Combine their level of creativity and a strong social media campaign, and I can see a new type of cybersecurity awareness campaign getting traction next year.