In the U.S. and in many places around the world, Cybersecurity Month is marked during October. This takers the form of events and publicity designed to provide a new perspective on an old – but still very important – subject.
According to Richard Caralli, Senior Cybersecurity Advisor, Axio, too many firms putt off their cybersecurity remediation activities. The same also applies to most individuals. Therefore, anything that seeks to increase awareness is important.
In outlining the importance of the various events celebrated during the month, Caralli observes: “For 20 years, Cybersecurity Awareness Month has been raising awareness about the importance of cybersecurity, but creating a cyber-aware culture is only getting worse.”
However, he also notes that too few people are taking their responsibilities seriously: “Technology users are on the front line for cybersecurity, but this responsibility is not taken seriously either because it’s a lower priority (average consumers place preference on product features over security), or they don’t fundamentally understand it (cybersecurity technologies at the consumer level are not entirely intuitive).”
This is perhaps because people are not aware of the complexity. As an example, Caralli cites: “There are approximately 12 million lines of code on a typical smartphone operating system, and on those devices, thousands of configurable settings that affect security and privacy. If an organization issues a device like an iPhone, they can centrally ensure the security and privacy settings fall in line with organizational policy. But, in an increasingly bring-your-own-device world, and especially for retail consumers, all bets are off.”
We are also paying the price for operability, as Caralli finds: “With configurability being a key desirable feature of applications, users unfortunately put little effort into ensuring they are protected from not only attackers, but also from legitimate attempts to use their data in ways that may over-expose them. It isn’t sufficient to fall in line with the standard security recommendations anymore—such as implementing MFA. Users must initiate their own security and privacy review of the software and devices they use, instead of focusing only on configuring features and applications that are important to them.”
Everyone with lax security is a potential target. Caralli warns: “Until fixed, consumers will continue to be a rich target—and attackers know it. To create a more cyber-aware culture, users should review all default settings on new software and devices and make changes as appropriate. And while not an easy task, several guides being produced—Consumer Reports, for example, publishes a Guide to Digital Security and Privacy—can help users configure important settings, or at least give them the option to decide on the balance between functionality and security/privacy.”
