Infosec: Raising Awareness Is The Best Cyber Defence

(ISC)² has chosen the InfoSecurity Europe Expo to launch a new, welcome and vitally necessary initiative to raise general awareness of security issues, says Eric Doyle

The two key messages that will come through from the InfoSecurity Europe 2012 expo and the Security B-Sides conference this week will be that security needs to be rethought by many organisations and there will be a need for skilled personnel to tackle the new challenges that are appearing.

The InfoSec show is being held for three days starting on Tuesday at London’s Earls Court Exhibition Centre and Security B-Sides, a competing conference, at the Barbican, also in London.

Education3

The shortage of security staff needs to be addressed by academia if the country is to become “the safest place to do business online” – the Labour Party’s Digital Britain clarion call taken up by the Conservatives. This hope is being furthered by advisory body (ISC)², through both its latest initiative to mobilise the international professional community to help shape public policy, and its support for the UK Cyber Security Challenge (CSC).

The Advisory Board for Europe, the Middle East and Africa (EAB) is being formed by (ISC)² to boot up interest in the requirements of a co-ordinated cyber-security effort. Membership of the EAB is on a voluntary basis and is open to security professionals interested in protecting communites from cyber-crime.

One of the main aims of the initiative is to encourage academic establishments to strengthen their efforts at highlighting security requirements for current students who will become the IT workforce in future years. This awareness campaign extends down from the colleges and universities to a much-needed “goodwill” programme for schoolchildren: Safe and Secure Online, a volunteer-based programme first introduced to the United Kingdom in 2009 and then to Hong Kong, the US and Canada. This will now be rolled out across seven European countries, including France and Germany.

The importance of education became clear at the CyberSecurity Challenge Awards last March when several of the competitors who were currently studying IT courses in various universities agreed that their courses paid scant attention to security issues.

John Colley, managing director for Europe, Middle East and Africa at (ISC)², told TechWeekEurope that there is a need to create a security consciousness and that the earlier that happens in a person’s development, the better it is for creating an overall awareness that is essential for business.

This kind of initiative should be encouraged. Schools should be teaching children (and their parents) about being safe online. Like the elderly, the younger age group have a trusting nature and are ripe for exploitation. It is also the younger group, school leavers and students who are likely to see the attraction of supporting self-appointed vigilante groups like Anonymous, with scant regard to the legal implications.

With hacking groups, online mobsters and government-sponsored espionage teams populating the online world, security awareness is vital to global trade as business increasingly migrates to the cyber world. Sophisticated hacking exploits are far outnumbered by relatively simple hacking techniques using email grooming to socially engineer access to corporate and public sector networks.

Many of these intrusions can be easily stopped by raising the awareness of the tricks that are being used to fool employees into giving away vital access information to the crooks and agents who are well-practiced in subtle phishing techniques. Equally, those who will run our IT systems need to be taught the basics before they finish their initial training.

The (ISC)² EAB is to be applauded for its attempts to shake the world out of its general ignorance of everyday security issues.

Think you know security? Try our quiz!