A new year presents new opportunities and of course new challenges. One that remains is the struggle to raise cyber security awareness and change people's attitudes towards it. In this blog we cover some of the things that make raising awareness a challenge and what we can do to improve it.
Awareness takes time
It took decades to change attitudes towards drink driving and cyber security awareness needs a similar effort to change people’s perceptions. The industry has come a long way but there’s still plenty of work to be done.
In the 1970s, drink driving was a major problem in the UK. A 1979 report from the Department of Transport found that over 50% of male drivers and 66% of young male drivers admitted to driving under the influence on a weekly basis. These figures are shocking today, but thanks to sustained awareness campaigns, the number of road deaths caused by drink driving significantly declined. From 1967 to 2020, the number of deaths due to drink driving decreased from 1,640 to 220, despite the sharp increase in the number of cars on the road.
This is a significant achievement and demonstrates the power of consistent and effective campaigns to change societal norms and behaviours. It is important for similar campaigns to be conducted in the realm of cyber security to help raise the importance of effective cyber hygiene and how to protect ourselves online and prevent cyber- crime from becoming an even bigger problem and threat.
Cyber Awareness, is it working?
Cyber security experts, the government and organisations have been working hard to raise awareness about the importance of cyber security for years, but it’s proven to be a slow process with mixed results.
Cyber- crime has grown and evolved along with technological advancements, and the need for cyber awareness is more pressing than ever. Some may argue that cyber security awareness is already engrained into our culture, as most organisations now require employees to do some form of cyber security training when they first join or are required to do refresher courses. However, the facts don’t lie: the cost of cyber- crime rises every year as do the number of successful attacks. According to IBM’s Cost of a Data Breach 2022 report the average costs have reached record highs and 2023 will no doubt be worse.
Despite this, many continue to use weak and easily guessable passwords, indicating that the message is still struggling to get through to the public. The most used password for example remains 123456, and its stayed at the top spot for over a decade.
With the pace of technology change and the scale of cyber- crime growing by the day, waiting decades for the message to sink in isn’t an option for businesses.
Organisations need to ensure their employees are aware of the dangers, stay vigilant and be proactive in protecting themselves and their business. It’s important that cyber security experts continue to raise awareness about these issues and providing practical guidance how people can protect themselves online.
It’s easy to drive the fear
Changing attitudes towards cyber security can be a challenging task, especially when certain elements of the cyber security industry and the media have contributed to the perception of it being a complex and mysterious field. The constant warnings of impending doom can perpetuate a sense of fear and resignation, leading people and organisations to believe that they are helpless to protect themselves.
This narrative is not only unhelpful, but it is also not accurate. While it is important to be aware of the potential risks and take appropriate precautions, organisations and individuals do have the power to protect themselves and their online activities by utilising security tools and MSSPs. With the proliferation of technology and the increasing reliance on the internet for information, more and more people are questioning the narratives presented to them and seeking out alternative sources of information.
The media often plays a role in shaping public perception and understanding of cyber -crime. Rather than presenting it as a common and everyday occurrence, cybercrime is often portrayed as mysterious and exotic, confined to specialist tech pages or publications.
The media also contributes to the fear surrounding cyber-crime by depicting hackers as shadowy figures with masks and surrounded by complex code, which only serves to distance the average person from the reality of cyber threats further.
Cyber-crime is treated differently in the media because fear sells, and sensationalising a topic can generate click and ad revenue. This approach ultimately does more harm than good by perpetuating misconceptions and misunderstandings about cyber security. For example, hackers are often portrayed as mastermind criminals who operate out of dark bunkers and wear hoodies or masks.
In reality, most hackers are just regular people who may be looking to cause mischief or exploit vulnerabilities for personal gain. Not all hackers are bad – some use their skills to expose and fix vulnerabilities in order to improve cyber security.
It’s important for the media to present accurate and balanced reporting on cyber threats in order to educate the public and promote a better understanding of how to reduce the risks.
It’s key for businesses and individuals to protect themselves online by using basic security measures and keeping devices and software up to date with the latest patches. These basic measures make it less likely that a hacker will target you, as they typically prey on easier or high-value targets.
As Patrick Wragg, Cyber Threat Response Manager at Integrity 360 explains, “In most cases an attack is unlikely to be specifically targeted against you; you will just be one of many emails on a list an attackers has bought or stolen. Basic protections will keep you safely near the centre of the herd as opposed to being picked off by predators on the perimeter.”
It’s easy to instil fear about cyber threats, but it’s important essential to also provide practical solutions and education to help people stay safe online.
By presenting cyber security in a more accessible and empowering way, it is possible to help people understand the importance of protecting themselves online and give them the tools and knowledge they need to do so. This can help to build a more resilient and secure online community for everyone and isn’t that what we all want?