By Jacqueline Beauchere, Chief Online Safety Officer, Microsoft
National Cyber Security Alliance Board of Directors Vice Chair
Today, the phrase “cyber security” prompts conversations at both the kitchen table and the boardroom table. That’s noticeable progress, considering it’s been just 10 years since the National Cyber Security Alliance (NCSA) launched its first awareness month in October 2003 — a 31-day effort designed to raise public consciousness about the need for safer online habits and practices.
Since then, worms and viruses have decreased noticeably, as companies develop and release more secure products. The entire ecosystem is sharing information and collaborating in new and unique ways. Yet, the explosion of mobile and other new technologies, changes in social behaviors, and other factors have broadened the “attack surface,” thereby further complicating the overall landscape. Employees are increasingly bringing their own devices into the workplace, creating additional challenges for IT and security professionals. These trends illustrate the need to remain diligent in educating consumers and business leaders about the importance of establishing a “culture of safety.”
At the kickoff of National Cyber Security Awareness Month 2013 in Boston, I had the pleasure of moderating a panel discussion entitled, “Ten Years of Cyber Security: How Far We’ve Come and How Far We Need to Go.” The four panelists, representing both the public and private sectors, shared their views on everything from the progress we’ve made over the last decade to where technology may be taking us in the future – or where we may be taking (“wearable”) technology.
Chris Boyer, Assistant Vice President, Public Policy Group at AT&T and Chairman of the NCSA Board of Directors; Jeff Brown, Vice President & Chief Information Security Officer at Raytheon; Kevin Burns, Chief Information Security Officer for the Commonwealth of Massachusetts; and Michael Kaiser, Executive Director of NCSA, agreed cyber security has evolved and matured as a discipline over the last decade, markedly increasing its visibility.
While a few things are clear — for instance, more people know what to do to help secure their computing devices and personal data, some risky behaviors persist that may still leave individuals vulnerable. As a result, the panelists agreed more can be done on the part of all participants—individual consumers, businesses, organizations, and government.
“It’s about behavior,” said one panelist. “What are (users) clicking on? They want faster access to data, but they want their data to be secured, too. We have to educate our constituents—consumers and employees—and ensure that we are systemically doing the right thing.”
The panelists’ views are borne out in data. Last month, Microsoft released its third annual Computing Safety Index (MCSI) for the United States*. The Index, a gauge of smart consumer online behaviors, currently stands at its lowest level on record: 34 out of a possible 100.
MCSI results show individuals are reasonably comfortable turning on automatic updates, using and keeping up to date antimalware software, and not clicking on unknown links or attachments. But, when it comes to more sophisticated social and behavioral scenarios, they are somewhat at a loss. In fact, the “behavioral” tier of the 2013 MCSI earned US consumers a measly 10 points out of a possible 40.
The NCSAM panel discussion concluded with a two-part question for each panelist: both a prediction and a “wish” for cyber security over the next 10 years. Nearly the entire panel was eager for consumer awareness and education to really take hold, such that individuals are as committed to keeping themselves safer online as they are to locking their doors and wearing seatbelts. And, NCSA’s signature campaign, STOP. THINK. CONNECT., was universally identified as the preferred means of helping to make that happen.
To learn more about Microsoft’s work in online safety and security and how you can stay safer online, visit our Safety & Security Center; “like” us on Facebook and follow us on Twitter. Businesses can also access our Internet Security at Work toolkit to help create a culture of safety in the workplace.
*Microsoft compiles the MCSI for 20 countries. The worldwide average and individual data for the other 19 countries will be released in conjunction with international Safer Internet Day on February 11, 2014.