European Cyber Security Month (ECSM) kicked off in Brussels earlier this month with experts calling for increased cooperation, innovation, information-sharing and a need to grow trust and confidence in the Internet among all individuals and organizations.
This year marks the 10th anniversary of the European Union Agency for Network and Information Security (ENISA), and the third official cyber security month in Europe. Government officials, policymakers, industry experts, academics and members of civil society assembled in the European capital for a full day of keynote addresses and panel discussions on topics ranging from cybersecurity as an economic enabler to the challenges of securing future technologies.
I had the privilege of participating in the last panel of the day entitled, “Involving the Citizen,” and was joined by fellow panelists Jonathan Murray, director of Digital Europe; Sofie Vandoninck, representing the EU Kids Online project; Wendy Vermoesen, Belgium Code Week’s ambassador, and Claire Vishik, director of trust and security technology and policy at Intel. Our session was moderated by Francois Thill, ECSM coordinator and a member of the ENISA Management Board from Luxembourg.
Our panel discussed creative and effective ways for inspiring citizens to become more proactive about cyber security and safeguarding their own digital health. These included public awareness-raising efforts and formal and informal educational campaigns, as well as online competitions and inventive ways to appeal to the youngest of the world’s digital citizens. On the flip side, we talked about the challenges associated with driving for behavioral change among consumers, including sentiments ranging from passivity to invincibility, coupled with a constant inclination to be social and share (oftentimes) valuable personal information. I specifically mentioned four challenges: the fact that our efforts don’t stop at awareness-raising, time, the ability to measure our effectiveness, and the need to be sensitive to the overall tone, tenor and simplicity of our messages.
Indeed, awareness-raising is only the first step along a four-part continuum I call, “A-A, B-B.” After raising Awareness, we then need to focus on changing people’s Attitudes toward a given topic or online activity. Then, we hope they will shift their Beliefs in an effort to prevent issues before they arise, and ultimately change their Behavior for the better. Secondly, time is not on our side. When we think of other successful consumer campaigns, whether it be preventing wildfires or encouraging people to wear seat belts in cars, new behaviors don’t take hold overnight and they don’t happen at Internet speed. Furthermore, investments in public awareness-raising or consumer education efforts are difficult to measure because it is impossible to state definitely that a particular campaign drove people to change a particular online habit. Finally, people need to be inspired to change their practices, and we need to make it simple and easily understandable to do so. Fear cannot be the primary motivator, so we have to be attuned to the tone of the advice and guidance we are giving.
To help crystallize some of these points, Yori Kamphuis from Coblue Cybersecurity floated the idea of using the term “tech-knowledge-y” to emphasize the need to inform and educate users about the workings of the devices and services that dominate many aspects of their daily lives. Consumers need to understand what they are doing online and the kind of risks they are potentially being exposed to, he added.
ENISA was established for the purpose of “contributing to the goals of ensuring a high level of network and information security in the European Union and developing a culture of network and information security for the benefit of citizens, consumers, enterprises and public administration.” ENISA’s primary activity is to “provide input on its various tasks by exercising its technical capability to study and analyze complex issues on network and information security.”
National Cyber Security Awareness Month (NCSAM) is also underway in the U.S., Canada, Latin America and other locales, as countries and organizations band together to help keep individuals and families safer and more secure online. Several of these geographies have adapted the U.S.’s signature campaign for cyber security awareness-raising: STOP. THINK. CONNECT. (STC). That simple, three-part message is designed to encourage consumers to pause and consider their actions before making valuable and rewarding connections in the digital world.
For more information about Microsoft’s participation in STC and to learn how you can get involved this NCSAM, visit our website; “like” us on Facebook; follow us on Twitter, and look for my “point of view” following the #MSFTCOSO hashtag.