Enough is enough
And, no, I’m not talking about a song made famous by Barbra Streisand and Donna Summer 🙂
What does the word “community” mean to you ? I’d describe it is a place where everyone from all walks of life, regardless of ability and / or experience, can collectively communicate and share ideas, experiences, challenges, and so much more. According to the Cambridge Dictionary:
…..all the people who live in a particular area, or a group of people who are considered as a unit because of their shared interests or background…..
This sums it up perfectly – particularly the emphasis on “considered as a unit because of their shared interests of background”. Or does it ?
Sadly, the persistent scenario I seem to encounter myself (and I’m fairly sure that this is the general consensus across the board) is one where we are constantly sold a so-called “silver bullet” or a box filled with “blinky lights” that is touted to fix all of our problems, and keep us safe indefinitely from the ever increasing daily threats that the web (light, deep, and dark) seems to introduce on an hourly basis.
Back in “the day” (I’m revealing my age here), I would have said daily – the problem with that statement is that we’ve moved on both from the technology perspective, and the element of risk that always accompanies it. Gone are the days where you could place an unpatched PC with no firewall on the internet, and it would take a nefarious individual around a week to spot it. Today’s equivalent is more like hours – if not minutes.
The same applies to threat vectors. And not just “viruses” – you’d be unpleasantly surprised by just how many people think Viruses are Malware and vice-versa. 10-15 years ago, they were the main concern – Malware wasn’t even the worldwide threat it is today until May 2000, when Loveletter was the first high-profile profit-motivated campaign, followed on by “variants” such as the Anna Kournikova Worm, Nimda (“Admin” backwards) to today’s “modern” iterations – which, by definition, also possess modern capabilities in terms of damage potential / payload, and threat detection evasion techniques. Then, there’s the constant emphasis on phishing and social engineering attacks that are today’s mainstay in terms of convincing the user to click on a link, open an attachment, or even part with information via other medium such as SMS / fake voicemail scams. The point to all of this really boils down to one thing.
If you want people to get more involved in technology, and information security, then make it relevant to them.
Humans, despite numerous intensive training programs, seem to forget all about that same training when it comes to clicking links in malicious emails. Even something as simple as questioning the origins of that Facebook email that went to their business email address (although they don’t use their business email for that platform) – seems to elude them, and they still click the link. The clue here is awareness. Are we going far enough to educate people properly, with content that is meaningful and meets the real need, or are we taking a “foie-gras” approach of force-feeding information to satisfy an audit or regulatory requirement – in essence, a “tick in the box”. In addition, do we really follow up with those who consistently fail the same phishing test campaigns, or do we just let them carry on without addressing the issue ?
Awareness is only a small percentage of this journey. What is needed is discussion – the more fluid, the better. The problem is simplistic in the sense that its clear we are not doing enough to assist others without feeling the need to profit immensely from it. There is no single platform I have encountered during my research that is actually founded and run by Information Technology and Security professionals – nor is there one that actually wants to make a difference – in other words, create a full and active community where people aren’t afraid to ask questions without being accused of not researching something sufficiently, or to be morally degraded by a negative response from someone else who considers themselves a technology “god”. StackOverflow and Reddit are both notorious for this approach, and if people don’t feel as though they can ask questions, then what hope do we have in terms of ever reducing the human threat ?
The answer is much more complex – its difficult to actually convince people that they really need something like this. How do you convince people that they need to actively get involved in discussions concerning their own privacy, information security, protection from established and emerging threats, and identity theft ? There isn’t one single answer to any of these – none that would work in the real world anyway. However, I firmly believe that if a platform existed where you ask questions, join in discussions, express concerns, share experiences, and ultimately, share knowledge, we could arguably change the paradigm – slowly, I admit, but surely with momentum once people realise the benefits.
You may ask why I’m doing this. It’s not for profit, and never will be. It’s not to elevate or promote myself in any way – by definition, I’m a very private person, and like to keep it that way. I don’t have a Facebook or Instagram account either 🙂
I’m doing this because it needs to be done. Every day, we see another breach in the news that probably could have been avoided with relevant awareness and effective controls. Every day, we see articles in the news where people have been duped out of their life savings. Every day, the battleground gets larger, but the pool of knowledge (or those willing to share it) is shrinking. Why ?
The remit is clear. We need to do more in order to achieve more. I’ve created this platform as a way of filling this self-made void and reducing the inevitably expanding level of threat and risk. Hosted and run by an information technology and security expert, there is a wealth of knowledge waiting to be tapped into. Forewarned is forearmed, as they say. Is this a “call to arms” ? Yes, it is exactly that.
It’s a dangerous world out there full of silent “assassins” (none of them with hoodies, either) ready to steal your data, finances, and your identity.
Less repercussion, more discussion.