Every year around Q4, the ‘security industry’ attempt to roll out a security education and awareness initiative to raise the plight and state of the imposing cyber security dangers, and seek to educate and encourage the promulgation of good, and best-security practice to secure their organisation, company assets, and of course, to assist all of those end-users who rely so very much on technology to drive their business.
In an era in which we would seem to have become personally 99.9% dependent in some way upon technology to support our lifestyle expectation, such initiatives as this should be considered a very high priority on the agenda of securing the public and the economy (yes, the economy).
However, if you have watched closely over the multiples of preceding years, you may, or may not have noticed this valuable initiative tends to pass with a whimper, with no real value-add associated, other than maybe yet another ‘phishing’ poster pinned to the corporate notice board. But that said, even if we were to raise the profile of this event, it will still fail on three fronts which are as follows:
- The approach is taken to date has tended to be focused on the internals of the organisation only (ticking-the-box);
- That we (the security professionals) tend to discuss it inter industry (the converted meet and talk with the converted);
- And here is the killer-statement: It does not involve or communicate with the public at large.
Where there are internal corporate security awareness missions in place in support of this initiative, I am, of course, very supportive.
Where we huddle to discuss and agree the level of cyber threats, this is yet another good way to ensuring we are all levelled with the awareness of the agreed cyber threat – and as valued as these initiatives may be, what we are failing to deliver is the raising of awareness in the public arena to ensure that the ‘Computing can Damage Your Health’ message is communicated to ordinary people. The very same people who are suffering from, and paying for the successful advent of those nasty cyber criminals.
In a nutshell, we need to take the message to the ‘public’ and into their home to raise their awareness, which in turn will be a very real and valuable contribution to driving cyber crime down by commencing the build of a national, if not global, public firewall.
Granted, it will not eradicate the problem, but with cyber crime costing the global economy an estimated $400+ billion per annum, even the smallest percentage number in countering/mitigating cyber-losses will nevertheless translate into a considerable numeric proportionate to the savings in real financial terms.
All that said, this year of 2015 will be different, but why?
Well, out of a brain wave with those nice people at Eskenzi PR, Serious Security Week has been born. It will be running from the October 26 – 30, 2015.
However, what makes this so very different is that they, and some of their supporters, are getting up out of their office bound chairs, and are going out into the public to carry this message onto the streets of London and beyond, with the associated media cover to communicate the mission of spreading awareness into the vox populi and their families.
There will be other associated missions, like professionals donating time to give presentations and lectures and to again engage the public at street level, leading on to work with some of those associations like the Woman’s Institute (WI), the ‘Elders of Society’, and in fact, anyone else who wishes to listen – or if that fails, be told.
From a personal opinion, and this is based on my 30+ years in the security industry – the way to deal with any security problem is to locate the lowest common dominator of the manifestation of the risk/impact, and work from that point upward to mitigate that effect.
Given the public are the most significant landscape of unprotected risk, in my mind by supporting these multiple portals of potential compromise is a positive step in the right direction.
So, the two questions are:
1) Are you taking security seriously?
And if you are,
2) Will you be getting involved?
If the answer to both is “yes,” we all look forward to welcoming you aboard, and working with you.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Title image courtesy of ShutterStock