Thursday, October 01, 2020

Cybersecurity Awareness Month: time to get smart about ending digital technology abuse

Graphic announcing 31 articles for Cybersecurity Awareness Month

Cybersecurity has become such an important part of modern life that many countries now dedicate an entire month—October—to increasing the levels of knowledge and awareness of cybersecurity among organizations and the general population. Here on this blog we have 31 articles about cybersecurity.

Not all of these articles will be traditional cybersecurity awareness content. Why? These days there is, already, a large amount of very good cybersecurity awareness material already out there, and even more will be published this month by companies, organizations, agencies, and experts. 

If traditional cybersecurity awareness is what you are looking for, I suggest you start with the resources on this website: Stay Safe Online. The Stay Safe Online website is run by a US-based non-profit, the National Cyber Security Alliance (NCSA). The NCSA coordinates Cyber Security Awareness Month activities in the US as well as the year-round STOP. THINK. CONNECT. online safety campaign

(Note: For much of the past decade I was closely involved in NCSA activities and served as a member of its board of directors on behalf of ESET, a founding member of STOP. THINK. CONNECT, and my employer from 2011 to 2019.)

On social media I will be pointing people to accounts like @StaySafeOnline and @Cyber to get the latest in this year's awareness month activities. These are being hash-tagged #BeCyberSmart (in previous years the hashtag #CyberAware was used).

For readers in the EU: "The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices" (see the ECSM website for more).

Cybercrime Awareness Month?

If we step back a moment and ask why the world needs more cybersecurity awareness, an obvious answer would be "because there's so much cybercrime." That is why I think attempts to raise awareness of the need for cybersecurity need to include an explanation of why there is so much cybercrime. 

So, my focus this October is on the causes of cybercrime and other forms of digital technology abuse, the most problematic of the many challenges faced by cybersecurity. (Cybersecurity challenges that are not digital technology abuse include human error and acts of nature, like earthquakes and hurricanes.)

In a law journal article published at the beginning of this year I wrote: cybercrime is a global problem that negatively impacts everyone—from commercial enterprises to government agencies, non-governmental organizations, and the public—in every nation and territory. Multiple surveys in countries with high levels of Internet adoption suggest a high degree of concern that the risk of becoming a victim of cybercrime is increasing." Here is the chart that I provided to illustrate this:

This chart combines results from Stephen Cobb, ESET Cybersecurity Barometer, USA 2018, We Live Security, 2019, and EU Special Eurobarometer 480 Report on Europeans’ attitudes towards Internet security, 2019. 

Although my law journal article—Advancing Accurate and Objective Cybercrime Metrics—is written in the text-heavy format of that publication style, it does contain a wide range of statistics and sources that may be helpful if you want to research the question of how much cybercrime there is, and how the world currently goes about measuring cybercrime.

That article built on a variety of work I did about five years ago under the general heading "Sizing Cybercrime". One of the outputs from that work is watchable on YouTube in the form of a 25 minute talk with that title, recorded in Prague in 2015. There is also a 5,000 word paper to back that up, plus 50 references. Sadly, although I have managed to trim my weight a bit since then, the crushing weight that cybercrime imposes on human endeavors has only increased since then.

Small steps can reduce a big problem

The amount of criminal activity in cyberspace, that which involves computers and other internet-connected devices, may now be greater than the amount of purely physical crime in what I like to call meatspace. Yes, there are still meatspace burglars who break into houses to steal things and may hurt you if you get in the way. But the value of stuff that gets stolen from households by means of digital intrusions is probably a greater. One relatively recent academic study concluded that cybercrime accounts for “half of all property crime, by volume and value” (Ross Anderson et al. Measuring the Changing Cost of Cybercrime, 2019).

Given all those facts, you might wonder if there is anything at all that you—as an individual —can do to make a difference, to actually reduce the size of the cybercrime problem and improve cybersecurity in the world today. I am happy to report that there is, and some of the specific things that you can do will be covered during the month. 

Some of actions you can take to improve cybersecurity might sound trivial, but there is serious research that shows they work. Consider these meatspace examples: when more people park their cars in locked garages rather than on the street, fewer cars are stolen. Putting stronger locks on your doors makes your home less likely to be invaded than one with weaker locks. 

Of course those security measures imply availability of resources which are unequally distributed in most societies. But in cyberspace, some security measures are free, like choosing a stronger password to lock people out of your online bank account (covered on day 19). For example, look at the relative amount of computer effort, measured in time, that it would take to break each of these passwords:
  • mylittlepony = 3 weeks
  • mylittlepony! = 700 years
  • My1littlepony! = 200 million years
  • I adore my little pony = 42 sextillion years
If that inspires you to get to work on improving your passwords, then this blog post has been worth it (here is where I tested those passwords, and here is a good tool for exploring password strength). 


No comments: