Where Australia Is Still Going Wrong With Cyber-Security

Cybercrime – are we failing in our education requirements?

Last weekend I was working, changing over a client to a new server with cloud components and unusually, everything went smoothly. What I was surprised about though, was the conversation I had with the General Manager.

I think I have been pretty persistent with the message that I convey on cybercrime and cyber security. Simplistically put, cybercrime bad, cyber security good and paranoia is your best friend. After the conversation I am obviously not doing it correctly.

The question that he asked was “Why do we have to have so many passwords?” He then proceeded to tell me that he had one password, a simple word that he used on everything. This is a General Manager of a multi-million dollar company!

To me this is my failure. It is also a failure on the cyber security community. If this can happen we are definitely doing something incorrect. We are doing something wrong. When you are immersed in the industry you forget that the problem is not the technology. It is the user, the innocent, uneducated, immature, ill-informed and sometimes the ignorant user that we have to help.

We have to change the digital users understanding and this preconceived idea that the digital world is safe, secure and friendly. We have to change it quickly.

Where Australia Is Still Going Wrong With Cyber-SecurityWe educate our children not to go into dark alleys or put themselves in dangerous situations in the real world. But, we allow them to use a tool that is more dangerous than anything else in the real world. They have very little training in the use of this tool and no understanding of why they need protection.

Never mind Porn and other politically incorrect websites, these can be filtered out by the most basic of firewalls. There are so many other legitimate ways for cyber criminals to gain a foot hold on your computer or smart device that they actually leave these sites alone. Porn is a huge industry in its own right and they invest significantly in protecting their IP and their users.

I relate the digital world to WMD’s. The only difference is that WMD’s will kill you and that hasn’t been possible in the digital world. Not yet anyway. In the digital world everything else and anything else can happen to you, to a level where you might as well be dead.

You can lose all of your money, your identity, your personality, you can even go into debt. There are even documented cases where young people have applied for loans that they had no knowledge of and then been pursued by the banks to recover the money.

We allow our children to have conversations with people they have never met, or would never meet in the real world. We allow them to build trust with people in the digital world that they have no other relationship with, apart from they are there on their screen.

Yes I preach paranoia. There is a very good reason for that. In the digital world everyone that you do not know personally, and even some of the ones you do know are after you. The “what’s in it for me” crowd are the rulers of the digital world. The cyber criminals even use automated systems to attack us, so in fact we are being pursued by the system itself!

From my previous conversation, are we doing something wrong?

That is a definite and resounding yes; we are doing it all wrong. We have to work harder to change their attitudes. We have to change this attitude so that everyone understands how to protect their most precious assets – their digital persona, their personal information and most importantly their money.

We have to move the digital users from” protecting me is someone else’s problem” to “protecting me is my problem”. To do that I will then think we are changing the attitude of the digital user. If we do that we will also end up with a more protected digital world.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.