Blog article
See all stories »

Citizens Need to be More Involved in Cybersecurity

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” Somebody is saying to take personal responsibility and start doing things securely opposed to expecting it to all be done for you. What a revelation!

Just because everyone has access to the Internet, doesn’t mean they are using it securely. If a person decides to login, they should take some basic courses or read about how to login securely. And the education doesn’t stop there. New scams pop up every day and one has to be aware of their options. I write almost every day and there is never a shortage of topics for me to discuss.

The Internet can be a dangerous neighborhood with bad people around every corner. I got an email from a colleague today who is in the security business. He asked me if the email he received from Facebook to change his password was a fake or real. This is a smart guy, who obviously never heard of the Facebook phishing scam before.

NetworkWorld reports They cite the coordinated attack that overwhelmed U.S. and South Korean government sites last July as being the type of attack that individuals can unwittingly participate in by allowing their computers to be taken over by botnets, the authors say. The awareness they call for has to go beyond simply “if you do not protect yourselves bad things will happen to you” and create a sense that cyber security is a civic duty. Most users remain unaware that not only is their computer data vulnerable, but that their insecure access to cyberspace can be exploited by others turning them into unwitting agents of coordinated cyber threats [both criminal and disruptive attacks],”they say. “Cybersecurity must become a national civic responsibility.”

Frankly, we as citizens HAVE TO do something. Richard Clarke, the president’s cybersecurity adviser, recently wrote that the Department of Homeland Security “has neither a plan nor the capability” to protect the U.S.’s cyber infrastructure. He said companies and individuals “almost uniformly believe that they should fund as much corporate cybersecurity as is necessary to maintain profitability and no more.”

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

3234

Comments: (3)

Uri Rivner
Uri Rivner - BioCatch - Tel Aviv 14 February, 2010, 10:34Be the first to give this comment the thumbs up 0 likes

I'd like to consider awareness as one line of defense out of many. Certainly a lot can be done to promote awareness, but today's attack methods - drive by download, social network infection - are so far from the good old Phishing days, where you had an actual chance of educating people about the threat, that we can only consider it as one part of the equation.

It's like expecting people not to catch Swine Flu. Yes, you can educate people about that, but you also need government-funded vaccines, antibacterial gel distributed in public toilets, tight monitoring for any violent variants, etc. This discussion is similar to the one I pointed out in "Finger pointing in commercial banking": http://www.finextra.com/community/fullblog.aspx?id=3792

Cedric Pariente
Cedric Pariente - EFFI Consultants - Paris 14 February, 2010, 14:58Be the first to give this comment the thumbs up 0 likes

I agree with Uri.

The knowledge required to be safe on the internet today is so huge and changing every day, that it's almost a full time job.

How do you want to explain someone who hardly knows how to surf what a man-in-the-browser is?

Efforts have to be made on every side, but the users' side will take time to be educated.

Security vendors have to keep that in mind when developping their solutions.

Robert Siciliano
Robert Siciliano - Safr.me - Boston 15 February, 2010, 14:17Be the first to give this comment the thumbs up 0 likes

Thanks Gents,

Great feedback. We have to at least push education in a way that wakes people up. Not everyone will havbe the capacity, but those that do will effectuate change.