Many IT security experts and even government officials now acknowledge the need for better education on cybersecurity on all levels, but it seems that nobody quite knows where to begin.
A paper published by Chatham House last month found that “there was considered to be an absence of an authoritative ‘rich picture’ that could help to develop a more comprehensive and urgent sense of the cyber threats that need to be tackled.”
The UK Cyber Security Strategy has recently been put back to later this month, in order to attempt to create links between government and law enforcement groups.
Security expert John Knowles of DMW Information Security says: “Virtually everyone acknowledges the dangers of cybercrime, but few, if any, have a clear idea of what to do.”
There exists a need to educate from the bottom up and a strategy must be reached to protect the national infrastructure.
With crimes against individuals still on the rise, there is also an ongoing danger to corporations and government, especially from botnets.
However, it is a mammoth task to change the surfing habits of users and the gaps in the understanding of company leaders and their ICT departments.
Although awareness of the affects of cyber crime is growing, “there is still limited understanding of the nuances of the debate”.
The government recognise that they can’t change things by themselves and so there is a need for private and IT security companies to get involved too.
However, research and funding in the area of cyber security is still sadly lacking in both the public and private sector, although it is recognised that more is needed.
This can be addressed within organisations by identifying future threats and budgeting accordingly.
It is more important now than ever that corporations understand the risks and allocate funds and implement plans in order to tackle the problem.
On a societal level, greater public awareness needs to be achieved and this can be done by first of all ensuring more understandable terminology.
The problem with addressing society as a whole is that it is made up of such a diverse mix of people.
Not only does information have to be accessible to everyone, but it needs to be put across in such a way that gives it “value” to people.
“One of the key areas to address is influencing human behaviour, because humans can be the weakest link in cyber-defence,” Knowles continues.
“Our industry has thrown posters, mug mats and beseeching hope at a problem that needs, what behavioural scientists call, ‘choice engineering’.”
The difficulty in getting both companies and individuals to adopt good security practices is recognised.
As the report points out, “a more fundamental cultural change may be necessary to drive large-scale transformation in cyber security outreach and awareness.”
Whilst awareness surrounding the issues is improving in both government and organisations, this is not in any uniform manner and there still exists a basic lack of understanding and in many cases, inadequate response measures being put in place.
“Additional work is also needed on improving the culture of cyber security at the societal level, with clearer guidance on what it means to be a ‘good internet citizen’,” the report says.
“Progress towards improving this culture would serve to establish a kind of immunity to the most widespread and common threats, while also educating a broad group of users about emerging threats.”