Getting Americans to Care About Cybersecurity
A recent article on Slate ended with the statement, “There’s still no answer to the question of how to get Americans fired up about cybersecurity.” SecureState’s cybersecurity experts decided to get together and brainstorm ways to raise public awareness of cybersecurity risks. While certainly not a definite answer to the question of how to get Americans to care about security, we believe by taking a few small sets we will increase the likelihood that people will start to care about cybersecurity.
Security breaches at large companies have become major news stories. Unfortunately, these news stories can often be sensationalist and misinformed, scaring viewers with vague threats rather than providing a realistic overview of risk. The problems with this are twofold: viewers can become complacent when cyber security problems doesn’t seem like a credible threat or they could become overwhelmed and not know how to properly protect themselves. The key to solving this issue is for reporters to identify security experts who not only understand what happened in a security incident, but can translate it to the average viewer.
Accurate Representations of Hacking in the Media
As SecureState has covered before,films and TV shows often exaggerate hacking techniques and technologies to make them more “cinematic”. Unfortunately, these are often so unrealistic that it makes hacking seem like a sci-fi threat that can’t really affect them. Maybe Hollywood should look to the hacking scene in the Social Networkas a model for grounded, yet dynamic, portrayal of hacking.
Make it Personal
People will often become concerned about cyber security if an attack directly affects them or someone they know. The news media, educators, and security organizations can help make cyber-attacks personal for Americans by providing relatable guidance. For example, SecureState’s Vulnerability Linkage Theory shows in an easy to follow, step-by-step manner how choices that a person or organization makes leaves them vulnerable to attacks.
Elementary, Middle, and High Schools should include mandatory cyber security literacy in their computer courses. These lessons should be tailored to the students’ ages and devices/applications that they would probably use. For example, a lesson for a younger student can focus on communicating online safely, getting their parents’ permission to download apps, and identifying suspicious messages.
Public Awareness Campaigns
There are a number of security resources available if you know where to look. For example, the Department of Homeland Security offers toolkit materials for different audiences as part of the Stop.Think.Connect campaign and promotes security every October for National Cybersecurity Awareness Month. The National Cyber Security Alliance offers resources via StaySafeOnline. The problem is that the average American will probably only find these resources if they are actively seeking them out. Security organizations like these should identify ways to proactively reach Americans. Stop.Think.Connect actually has a number of short, informative videos that would be perfect for national TV spots, but instead are stagnating on YouTube with minimal views. Citibank put out clever identity theft commercials several years ago that Stop.Think.Connect or similar campaigns could use as inspiration for their own efforts. Another excellent example is this video from Jimmy Kimmel Live, where people are social engineered into revealing their passwords.
Simulated Phishing Attacks
This suggestion might be unfeasible, but could prove effective if conducted properly. ISPs and email services could send out a simulated phishing attack to their users that end up directing them to a webpage detailing strategies to identify and avoid phishing attacks.