Cybersecurity in America won’t dramatically improve until a more comprehensive approach is taken to educate and train the average consumer about the daily cyberthreats they face at home, not just at work, a group of security experts said on Tuesday.
In preparation for Cybersecurity Awareness Month 2022 in October, the nonprofit National Cybersecurity Alliance hosted a virtual panel discussion on Tuesday with top security officials from Amazon, Google, Dell, KnowBe4 and NortonLifeLock.
The goal: to explore what organizations are doing to address cyberthreats and how to better educate consumers about what they can do to prevent cyberattacks, especially at home.
Panelists generally agree that both cybersecurity technologies and public awareness have indeed improved in recent years. Yet, cyberattacks continue to increase in both their volume and severity, requiring stepped up efforts to better educate and train people on how to recognize and avoid cyberthreats, panelists said.
“We got a lot of work to do,” said Jenny Brinkley, director, Amazon Security, during the Tuesday morning session.
Perry Carpenter, chief evangelist and strategy officer at KnowBe4, said there’s reason for optimism on the cybersecurity front due to improved technologies and communication about threats.
But he agreed a new “culture of resiliency” will require more people adopting “best practices” of cybersecurity at home, where people are increasingly connected to the internet today due to the rise in remote work.
“We need to adopt (sound) behaviors at home because we know when you understand your home environment better you will naturally start to appreciate the things that you should do in the work environment better,” Carpenter said.
In response to a question from NCA executive director Lisa Plaggemier about whether a “generational gap” requires different education approaches for different groups of people, Carpenter expressed concern that emphasizing generational approaches to security might lead to a form of “profiling.”
He said he hopes incremental progress through various initiatives, including awareness campaigns, will ultimately lead to long-term positive outcomes. “Ten years from now, we shouldn’t be asking about generational gaps. We should be starting to see where people are really receiving the same information,” he said.
But NortonLifeLock CTO Darren Shou said there are indeed generational differences when it comes to cyberthreats. He noted that surveys show people over 76 tend to like digitally communicating via email, thus making them more prone to email phishing strikes.
Kate Charlet, director for data governance at Google, said that much of raising awareness comes down to education and “being very dynamic for the audience‘s that we’re trying to reach.”
She said one Google programs involves “teaching kids how to use the internet responsibly.”
No matter where cybersecurity is taught, Amazon’s Brinkley said it’s important that down-to-earth language is used.
“Let‘s not make it scary,” she said of any future education or awareness campaigns. “Let’s figure out ways that we can kind of unpack how a lot of us have been trained over the years on how security should be leveraged.”
Google’s Charlet said “nerd speak” clearly needs to be eliminated from cybersecurity awareness and education campaigns. She noted that Google has reached out to popular social-media “influencers” to get public messages across about various initiatives.
Josh Jaffe, vice president of cybersecurity at Dell Technologies, said that no matter what course society takes to make people more aware of cyberthreats, it’s important to make consumers feel in control.
“It‘s about empowering individuals to make good decisions that bring risk down and start to bring trust up,” he said.