It took 50 years to change attitudes to drink driving. Will changing attitudes to cybersecurity take just as long?
Look back to the 1970s when drink driving in the UK was a significant issue. In 1979 a report released by the Department of Transport showed that over 50% of male drivers and over 66% of young male drivers admitted to driving under the influence on a weekly basis. Today, those figures are shocking, and that’s because of a consistent and effective campaign to change societal norms.
Thanks to a sustained awareness campaign, road deaths as a result of drink driving declined from 1,640 in 1967 to 200 in 2017. This is a tremendous achievement as there are more cars than ever on our roads.
The government is working hard to try and raise awareness of cybersecurity and its importance, but as with drink driving, smoking and all manner of other campaigns it may take a long time before we see results.
As technological advancement races ever onwards, cybercrime is set to grow as criminals take advantage of new exploits. Cybercrime is now such an issue that the World Economic Forum has listed cybercrime as among the top three most likely risks the world will face in 2018. Making it into the top three just shows how much risks associated with new technologies have sharply increased over recent years as has the importance of cybersecurity. With the threats constantly evolving can we wait decades for the message to get through?
The challenge to change people’s attitudes towards cybersecurity is a big one. It hasn’t helped that for many years some areas of the cybersecurity industry have made out that it is a dark art full of mysticism. And it doesn’t help that the media and even some parts of the government continue to feed that narrative.
The recent comments from the Secretary of Defence Gavin Williamson claiming that Russia (today’s bogeyman) is plotting to kill ‘thousands and thousands of people’ through means including cyber-attacks is scaremongering at its very worst. Constant headlines that the nation will be hit by a massive cyberattack also play into the scare people to death narrative that just isn’t working. To many people such headlines just make them resigned to the inevitable, after all, what’s the point in trying to protect yourself when the government and media are constantly telling us that we’re all doomed.
The Brexit vote may be done and dusted, but it seems as though our politicians and those in charge of the media haven’t learnt one fundamental lesson: Fear doesn’t get people to do the things you want them to do anymore. Project Fear backfired spectacularly in June 2016, and the same thing happened in the USA a few months later with the race for the White House and the shock election of Donald Trump. People are tired of being told that they should be afraid. They want to control their lives and not be told what to think. As technology has advanced and more and more people use the internet to attain their information from other sources aside from the mainstream media, they no longer believe the narratives that are being so obviously laid out before them.
Dr Ian Levy, the chief technical director at the National Cyber Security Centre (NCSC), is probably the most famous outspoken critic of the cybersecurity sector as he’s publicly criticised some areas for trying to scare people into buying their goods and services.
At the Enigma conference held in February last year, he stated that; “We are allowing massively incentivised companies to define the public perception of the problem. If you call it an advanced persistent threat, you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you – buy my magic amulet and you’ll be fine. It’s medieval witchcraft; it’s genuinely medieval witchcraft.”
Another reason why many people no doubt feel disconnected from cybersecurity is the way in which it is reported in the media.
Rather than being treated as everyday news like other types of crime are; stories relating to cybercrime are often confined to specialist tech pages or publications. Rather than treating cybercrime as a normal daily occurrence (which sadly, it now is), the media continue to depict it as something strange and mystical.
Just look at how hackers are depicted in the media. They are shown as masked men sat in the shadows surrounded by Matrix-like code flying down a screen. These images only add to the fear. Fear sells, and with internet journalism, it gets the clicks and the ad revenue.
These depictions aren’t the reality. Most hackers operate from their bedrooms rather than in some dark bunker, and they’re more likely to be sat in their underpants surrounded by energy drinks and junk food than in hoodies and sinister masks. Using images such as these is detrimental as it makes the average person believe that hackers are master criminals hell-bent on ruining your life. Again, in reality, they’re most likely just looking to cause a bit of mischief and just like other criminals (like thieves) they are seeking out soft targets to steal from or exploit. Also, bear in mind that not all hackers are bad. Some use their talents for good by exposing vulnerabilities and then alerting the relevant people to fix them.
The chances are high that if you have some basic security software installed and kept your machine up to date with the latest patches a hacker will pass you by as they seek out easier prey. The same rules do apply online as well as offline.
Make yourself an easy target, and you will become a victim. Put in place countermeasures and you’ll most likely be ignored.
Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com/cyberscore and if you want to give yourself the very best protection against cyber security threats try our CyberScore™ software for free now.