The need to change cybersecurity for the next generation
Healthy habits that are instilled and nurtured at an early age bring lifelong benefits; the same applies to good cybersecurity habits.
Hidden dangers, such as those on the internet, are often difficult to appreciate without some form of visualisation. Take, for example, road safety: if there was no visualisation – cars whizzing past you when you want to cross the road, then it could be challenging to teach someone road safety as a pedestrian or a driver.
The effects of suffering a cyber-incident can be devastating, especially on a personal level, and there is likely to be one consistent issue: a degradation in the mental health of the victim. Whether the issue is trolling, cyberbullying, fraud, identity theft, grooming, credential theft, or one of the many other variants of cyberthreats, there are likely to be consequences, mental health consequences that are hidden from visual identification.
For instance, many victims of romance scams are extremely embarrassed to admit they have been duped. Even just talking to friends and family could be valuable on the path to dealing with the issue and recovering. A similar feeling may apply when someone clicks a phishing link and gives away their login credentials or personal information; there is likely to be a feeling of ‘how stupid was I?!’.
Safety as a default mindset, such as road safety, comes by instilling the consequences and understanding the dangers from a very early age, using guidance that is repetitive and comes from multiple sources.
Imagine the scenario where, by default, no one clicks a link in an email without hovering over it and visually inspecting the address, or the scenario where just a password is unacceptable and stronger authentication is always sought out and turned on. To achieve this level of instinctive protection, the habit would need to be taught and continually reinforced at an early age, in the same way a parent, and a wider circle of people, teach a child to cross the road.
We have seen the introduction of technology that has truly changed the way we communicate, behave, work, etc. Importantly, we have seen technology mature with safety and security mechanisms being added, and an evolution of cybersecurity, and unfortunately, also an evolution of cyberthreats. However, this does not mean we can’t educate the next generation to have the core default instincts and skills.
To look at just one example, 90 per cent of cyber-incidents start with a phishing attack. It is also the number one issue for companies regarding cybersecurity. If any of you have been mandated to take cybersecurity awareness training, then you will know a large section of this revolves around the identification of a phishing email and how to spot fraudulent links and avoid clicking on them.
If we want to solve the number one cybersecurity issue for businesses, then we need to have a generation on its path to the workplace that have a default mechanism instilled in them that stops them from just clicking on a link or handing over their credentials. A reaction where they immediately understand the danger, have a visualisation of it, and take a safe approach.
To achieve this dream where phishing no longer exists, with no one ever being duped, would require a sea change in the use of technology at an early age, and in how we guide kids and what they are taught as a core fundamental skill.
T: 053 914 66 00
E: info@eset.ie
W: www.eset.ie