This week saw the launch of a new initiative aimed at the persistent problem of bringing security awareness and advice to the person on the street.
Named to Security2Live (and Infosecurity was told that 'live' is pronounced as in being alive, not a live concert for example), the initiative is backed by four companies: Virtually Informed, Layer8, OutThink and Urban IQ, and formed on eight founding principles:
- Everyone has the right to basic digital safety skills, resources and support
- Raising digital safety skills is a collective responsibility
- Digital Safety Skills should impact cybercrime across the world
- People’s non-work life should be the focus of their digital safety skills
- The skills taught should enable learners to share their learning with others
- Resources should be inclusive to meet the needs of all levels of skills
- Product and service vendors must play their role in reducing cybercrime
- Lead research into digital safety skills and human risk protection
Speaking to Infosecurity at the formation of the initiative in London this week, founder of Security2Live and CISO of Virtually Informed Sarb Sembhi said that the common issue with cybersecurity awareness initiatives are that they “only attract cybersecurity professionals” and that needs to be changed so that ordinary people are the attendees.
“We will work with other partners to organize events for people who don’t have a clue about digital safety skills,” he said.
Sarah Janes, director at Layer8, said that it is “about creating a new ‘normal’ in the way we all interact with technology every day of our lives” and that basic skills should be accessible to all and, in the future, businesses should expect people to come equipped with these skills.
Cybersecurity awareness programs have come and gone over the years, and their impact on a national scale is often hard to measure. The UK government campaign Cyber Streetwise was launched in 2014 to some success, while ongoing awareness campaigns like Safer Internet Day and Get Safe Online continue on an annual basis.
Security2Live will aim to launch in October, in time for the US government’s annual Cybersecurity Awareness Month, and align itself with the aforementioned awareness days with a strong focus on providing resources and training for the consumer. It said that it will “provide key digital safety skills for a digital life, with a focus on skills which may either directly reduce the likelihood of a compromise or reduce the overall attack points for an individual.”
The focus will be on communities and individuals who really want to make a difference, but don’t know where to start, and encourage everyone who wants to get involved to learn digital safety skills first, and then share them with people they know before attempting to share with people they don’t know.
Speaking at the launch of the initiative to Infosecurity, Sembhi said that it was about “promoting a set of skills that have been missing in the industry for some time” as we have been talking about the same basic issues for 20 years, and spending money on awareness schemes and expanding teams and tools. Yet, “we still have the same problem as 20 years ago.”
Janes gave the example that too many people readily give away details on themselves via social engineering schemes, and more needs to be done to aid people in preparing and defending against such tactics. She said that to date, it has only been the privileged few that usually work at large corporates with access to training and resources, and this initiative will enable everyone to have somebody to speak to.
Also behind the initiative is Flavius Plesu, co-founder and CEO at OutThink. A former CISO in financial services, Plesu said too much training is “pay and spray” and not considered with the individual in mind. He also echoed the fourth principle of “people’s non-work life should be the focus of their digital safety skills” and that advice should be practical both for in the office and at home. “If people acquire skills they can have tools and technology at hand,” he said.
One way that Security2Live intend to do this is to put an emphasis on the security of connected devices, as Plesu said that if they can “get people to see the impact on their personal lives, they will demand secure IoT” and it may make for a different purchasing decision in some cases, and in return push manufacturers to build security into devices as a competitive advantage.
The tools and resources Security2Live intend to create will include “webinars and infographics and face-to-face meetings” according to Sembhi, and will enable people “if they get caught out, they know what to do once it has happened, and to know what to look for.”
The next challenge for Security2Live is to get the recognition it requires. The press launch concluded with Infosecurity asking about government partnerships, which Sembhi acknowledged Security2Live will look to explore, and “will work with anyone and everyone and be far more accessible.” He said that the initiative is currently putting materials together to launch around October.
The concept of better awareness for the public is always going to be welcome, and it will be interesting to see how this succeeds, and what the public appetite is for it.