I know many cybersecurity professionals advocate for a defence-in-depth approach to ICT security that consists of many layers. What precisely those layers are can be highly subjective, depending on who you speak with on any given day. In some cases, it’s a firewall, intrusion prevention system, mail filter, and client anti-virus software. In other cases, it’s a locked gate, swipe cards, CCTV, and on-site personnel. Neither is wrong; they suit different objectives. The one constant that I’ve found to be absent regardless of the chosen solution is education.
In speaking with colleagues, contacts, clients and others, the degree to which education and cybersecurity intersect varies as much as the types of businesses and individuals I interact with daily. Security is a word we are faced with within the media daily, whether it’s the latest hacking scandal or vulnerability discovered in hardware or software.
Organisations are allocating more funding for security initiatives and have some form of cyber strategy as we advance. Still, these seem to be limited to hardware upgrades, outsourced management agreements, and possibly taking on staff. I’ve yet to encounter a business that had dedicated funding to ongoing cybersecurity education, and that isn’t reassuring. There are limitless options to suit your needs and budget. Are you looking for suggestions? Reach out to me, and I’ll be the first point of illumination.
We’ve all been in offices that display numerous posters or memos that promote “security”. Thinking that sticking a poster on the wall you’ve overpaid for will drastically improve security is cheesy.
They’re tired, cliché, and often feature a stock photo of a criminal in a balaclava staring intently at a screen in a room with low lighting. Some organisations circulate emails citing policy and consequences. Other organisations speak of awareness and even invite speakers such as me to present to a group on Cybersecurity. For the most part, these initiatives are ignored, have minimal impact, or, more commonly, forgotten altogether.
Don’t tell us what NOT to do; tell us what TO DO.
Or have we missed the boat completely? Feel like you’re standing on an abandoned platform waiting for a train that will never arrive? You’re not alone.
In recent discussions with some trusted contacts of mine, all of whom I respect immensely, the common thread seems to be absent cyber education. That’s not to say it does not exist; it’s just sorely lacking in its traditional sense of quickly-forgotten scare tactics. Often, the idea of cybersecurity education only enters once we become a part of the workforce. To me, this is far too late. We may entertain the thought of including cybersecurity as part of a degree or a diploma, and while those exist to some extent, they’re not as thorough as I’d like them to be (but they are improving) and again, too late.
We now live in a time where our children become exposed to technology from the time they enter our world. First baby photos are often taken on mobile phones and shared on Facebook, Instagram, and Twitter. Children from primary school to tertiary facilities use and are exposed to technology for hours upon hours every single day and night.
Rare is the kid these days without a smartphone, a Facebook account and an email address (or several of each). Nearly every action, word, and nuance can be captured by technology and replicated globally faster than I can finish this sentence, negative or positive. Of course, there are the knock-on effects I’ll reserve for future articles like cyberbullying, FOMO, an inflated or devalued sense of self, and a plethora of other societal issues we didn’t have a few decades ago.
Technology isn’t solely to blame; it merely exacerbates an underlying problem.
How has the education curriculum adapted to include this technology? We send our kids to school to get an education and to get the skills they need. Wouldn’t it make sense to have cybersecurity since nearly everything we do, from banking to applying for jobs to communicating with friends and family, includes technology? Rather than the bog-standard “don’t talk to strangers” or “if you can’t say something nice….” spiel, focus on intelligent thought and technology engagement. Rather than fear, facilitate knowledge and understanding. Every action has a consequence.
Reading, writing, arithmetic, and cybersecurity? Does that sound so strange? I don’t think so. It sounds darn good.
Technology is technology, and it will continue to evolve and change whether we want it to or not. The time was that a business needed a listing in the yellow pages. Next, you needed a website. Now you need a social media presence, and your content must be mobile-friendly. How we view and use technology must adapt. There cannot be assumed trust. By beginning this education much earlier than the corporate world and earlier than even the college and university world, we’re giving the next generation a good skill set that complements literacy and mathematics skills, among others.
One doesn’t have to look far to realise the impact technology has on the next generations. The discovery of a website a couple of years ago used for trading pictures of Australian schoolgirls. The Snapchat compromise from a couple of years before that. Online bullying through social media of students, parents, and teachers. The list of issues enabled or driven by technology is endless. Fast forward into adulthood, and similar problems remain but now include events such as the iCloud hack, Sony Pictures hack, the Ashley Madison hack, continuing fallout from Cambridge Analytica, election interference allegations, and so on.
Do I think introducing cybersecurity awareness education from a very young age is the solution to all these problems? No, I’m not that naive. Human nature and the risk it poses when enabled by technology will never be eliminated. My goal would be to mitigate these issues by equipping the next generations with the skills and tools they need to manage better their use of technology and the problems presented.
And that all starts at home with you and your family.
Stay safe out there.
Disclaimer: The thoughts and opinions presented on this blog are my own and not those of any associated third party. The content is provided for general information, educational, and entertainment purposes and does not constitute legal advice or recommendations; do not rely upon it as such. Obtain appropriate legal advice in actual situations. All images, unless otherwise credited, are licensed through Shutterstock.