What Is A Whole-Of-Society Approach To Cybersecurity?
Share this on:
When talking about society’s biggest risks, several things come to mind. A new world war, a nuclear catastrophe, or a pandemic. These risks are justified, but most forget one massive threat – cyberattacks.
Hackers are constantly under attack by individuals, businesses, and governments trying to steal information and money or simply do harm.
If your company gets hit with a ransomware attack, there are two options. You can pay the price and get the information back. Or, you don’t pay, and they ruin your business and reputation and sell that data on the dark web.
However, hackers often leave a back door to come again and steal your money when you recover from the losses. Businesses are stuck, and the costs of a data breach are increasing yearly.
What’s the solution?
The solution is a whole-of-society approach. Bringing together everyone from individuals, organizations, companies, and governments to fight cybercrime. It might seem like a utopia for society to agree on one thing altogether, but it’s already working in the United Kingdom.
In 2022, more than 7 million websites and emails were reported as suspicious. That comes out to 20,000 a day. It’s amazing what people can do when they work together.
The NCSC removed a quarter-million malicious links to protect their citizens and businesses from cyberattacks.
That should be the case in every country. Massive corporations have the finances to employ large cybersecurity teams, establish protocols, and build impenetrable cyber fortresses. But what about the small businesses?
Small businesses are the lifeblood of every economy and national prosperity. In the UK, they constitute 99 percent of the ecosystem. They don’t have resources and experts at their disposal to guard against cybercrime. But they have cooperation and help from the government.
The NCSC gave them access to check emails securely and perform vulnerability scans. When these services are available for free, people use them.
Are there any challenges to a whole-of-society approach to cybersecurity?
We can all agree that hackers are bad, and companies and organizations need cybersecurity help. That’s great. But where do we go from there? The answer lies in a complicated web of state and local organizations, institutions, and systems.
The benefits of a whole-of-society approach to cybersecurity are outstanding. The UK example shows that it’s a net positive for a country. But it takes a lot of work.
State offices struggle with IT risk. How can you evaluate their cyber hygiene when modern threats are constantly lurking?
Plus, loads of local institutions are intertwined with state systems. All it takes is for a hacker to breach the weakest link, and the entire system falls like a stack of dominoes.
A whole-of-society approach needs to start at the local level. Of course, the first thing is training. You can’t fight against a threat if you don’t know what you’re up against. Then, there comes the distribution of tools. Whether it’s email security checkers, malicious link scanners, antivirus programs, or VPNs, the government can distribute funding to every participant, and they can use it to fight against hackers.
Creating a uniform solution will take years. But it’s better than nothing. The information age is upon us, and individuals, companies, organizations, and governments must adapt. Every generation has its challenges, and cybersecurity is ours to bear.
How to implement cybersecurity best practices?
At the end of the day, everything boils down to the individual. You and the people around you need to know the best cybersecurity practices and practice them continuously. Expand them to your business; everyone will be on the road for a whole-of-society approach.
To ensure a good start in your family, business, or organization, you must make cybersecurity easy and fun. No one likes boring presentations, so you need to make the coaching relatable.
Instead of discussing the business, change the approach and go down to the personal level. Our personal devices are the gateway to everything. We all have phones, laptops, and computers. Show how a video of a hacker gaining control of a phone and watch faces get glued to the presentation. When they see how easy it is to fall for a scam or get hacked on public Wi-Fi, teammates will want to know more.
After you grab their attention:
Encourage them to secure their devices and care for them better.
Make VPNs and antivirus programs mandatory, and train for human error.
If you have corporate devices, install remote management tools to restrict downloads and scan the web.
Next comes training for phishing attacks. That’s a journey that never ends because scammers change their approaches. Everything started with the Nigerian Prince scam, where people would get a message from a supposed “prince” and be promised gold in exchange for money for transporting it. Hackers create phishing emails that look identical to legitimate companies urging you to click on links. They pretend to be someone else on dating apps to steal money or catfish other users. Scammers even create fake job posts to infiltrate specific companies by targeting their employees.
Regarding training, you should pay the most attention to remote workers. They should adhere to a specific security policy because public and home networks have unique risks.
Cybercrime is currently the largest threat to individuals, companies, and governments. It’s much more likely that you’ll get hacked than mugged. For example, installing a single unprotected IoT device in your house can invite more than 12000 hacking attempts.
For that reason, a whole-of-society approach is crucial when it comes to cybersecurity. Knowledge and resources need to be readily available from the individual to the corporate and federal levels. With that, there’s a chance to fight off hackers for good.
Disclaimer: The author is completely responsible for the content of this article. The opinions expressed are their own and do not represent IEEE’s position nor that of the Computer Society nor its Leadership.