I’ve often been asked questions like, “How long should we keep doing this awareness stuff?” and, “At what point will technology make security awareness obsolete?” And extension of those questions would be, when do we need to stop saying things like #BeCyberSmart. My answer: “Never.” Quickly followed with, “Here’s why…”
Let me give you that explanation now. You don’t have to agree with everything I say. But I think it’s great to consider questions like these within a broad context to help ensure that we don’t unintentionally have blinders on. Here are three of the reasons I usually give:
Technology vendors have been promising to “solve the human issue” for decades:
The first thing I usually mention is that security technology vendors have been promising to “solve the human issue” for decades. If you’ve ever strolled through the vendor area of a large security conference (remember those?), you’ll know what I mean. Slews of vendors will say that their product will (or soon will) have the power to eliminate the risk associated with human error. The human either won’t be able to make the error; or the technology will catch such errors and automatically protect the organization.
Those are great claims, and maybe even a great vision for a far distant future, but I honestly don’t believe it’s realistic. Think of the number of variables that each piece of technology has to solve for to deal with every human error that could possibly happen when interacting with that technology. Now also think about the number of possible ways a motivated attacker may also try to manipulate or misuse that particular piece of technology. There are too many to account for; and we humans, including the developers and system engineers, tend to get tunnel vision when developing systems. We simply don’t have the ability to conceive of all the possible uses, abuses, manipulations, and other issues which may occur. I mean, think for a minute how difficult it would be for a tech vendor to not allow conditions where a cybercriminal might trick someone into giving out a personal detail, or making an unsafe online transaction, or making an unsafe choice in the physical world (like meeting with an unsafe person)?
Our digital ecosystem is growing rapidly and exponentially
A second reason is that our digital ecosystem is growing rapidly and exponentially. As a result, no designer or vendor can possibly anticipate the ways that people may try to integrate their systems into broader digital environments. System 1 may be harmless on its own, but new issues, dangers, and potential for misuse could arise when a new system, System 2, is introduced. That’s why badging systems, money printing, and other systems keep having to get more sophisticated.
Badging and currency was much easier before digital imaging and printing came…. But with new technologies came new threats. The game changed, it evolved. And the human response had to evolve as well. I believe this will continue to be the case infinitely. Tech and humanity will continue to progress, and each step of progress will have unintended consequences and create new vulnerabilities. Humans will need to learn how to #BeCyberSmart in each of these new circumstances. … and I bet any Science Fiction author would agree with me. ☺
Our digital ecosystems and physical ecosystems are increasingly interconnected and interdependent
My third and last (for this blog) reason is that our digital ecosystems and our physical ecosystems are becoming increasingly interconnected and interdependent. The advancements offer humanity great new opportunities, but also open up many yet unknown risks. From household and business-focused IoT devices, to autonomous vehicles, smart cities, health-related systems, environmentally focused technologies, agriculture tech, and more, we see that being “online” isn’t just for people. But here’s the thing… every single one of these devices will ultimately impact a human. Everything in our society—every bit of tech, consumer goods, agriculture, communications equipment, transportation equipment, and more, ultimately exists to help humans thrive. And humans can – and will – always find ways to maliciously or negligently misuse all that is around us.
I understand that the harsh reality of *always* having to take responsibility for human decision making can be daunting. But, remember, the thing that makes us great as a species is our ability to make decisions and to help each other. That’s why we form societies. That’s why cultures arise. And that’s how progress happens. We improve when we help each other know and do more than we ever could separately.
Have a great Cybersecurity Awareness Month. #BeCyberSmart and help someone else do the same.