It’s really not fair. No sooner do we generally come to terms with one cybercrime threat than another appears, attacking our lives from afar, using ever more advanced technology and connectivity to do so.
Our unspoken deal with the internet is that we allow it to invade our lives for positive reasons such as economic gain, personal growth or just convenience – or at least we feel we have to submit to its pervasive influence or lose out, big time. The problem is that, as with all morally neutral and relatively unmoderated instruments, that same deal can be abused. Through exposure to the internet’s downsides we, our families or our general lives can be hurt.
There are of course deeply technical mitigations to these threats – sometimes ahead of, although more often slightly behind, the development curve. Generally speaking, we hope to keep up, although most of don’t understand the technology involved and are content to entrust it to those who sound like they know what they are doing. But to rely purely on that technology to protect us is like relying purely on the lock on our front door to prevent a burglary at our home.
As in our private lives, so at work. Our organisations – governmental, corporate, any of them – are tempting targets and often more vulnerable than they would like to think. To minimise that vulnerability, there is a lot of investment in technical services – antivirus, firewalls, network configuration, penetration testing – in which we put our faith. But still, the attacks keep coming, and too many of them succeed.
In our private and work lives, we can’t just rely on the technology to protect us. We have to protect ourselves, and those around us.
If you look at the most prominent cyber threats, most rely on human vulnerability to achieve their objective. The National Crime Agency’s list of top threats include the sexual exploitation and abuse of children, of which a massive amount occurs online; and economic crime, where much of the gain is made by deceit of an unwitting person or exploiting vulnerability through extortion.
Even in the category of cybercrime, the human factor is a constant, whether by allowing data loss or, through poor decision-making, failing to protect systems, organisations and people against predictable and avoidable threats. There’s a good reason why the recently established UK National Centre specifies User Awareness and Training as one of the first steps to Cyber Security.
The UK based, non-profit organisation, Get Safe Online (GSOL), is part of the solution. GSOL has insight into the threats faced by all sections of the population, and by organisations, and seeks to target harden people through the same principles. For example, go on the websites of most of the UK’s police forces, and look for help with cybercrime, and it’s probably GSOL’s content you can see. Our partnerships extend into the private sector as well – where there is vulnerability, that’s where we want our messages to be.
The extra good news is that, in my view, the objectives of personal cyber security training -awareness, empowerment, and access to support when needed – can protect us in our own lives, and help us protect our organisations too. We just need to get it right once.