“As individuals, we fail to make good cyber-risk decisions because we lack a thorough understanding of how we are vulnerable and what could happen as a result. We therefore do not participate effectively in what should be a ‘whole-of-nation effort’ to counter threats to people, organizations and the country,” said John Neily, director of national security and public safety with the Conference Board of Canada.
The report finds that a cybersecurity knowledge and awareness gap exists at three levels. At the first level, there is a failure to understand the scope of the problem. Cyber threats exist at the national, organizational, and individual levels. Governments and businesses must contend with threats to digital infrastructure stemming from sabotage, human error, accidents, and natural events, as well as online crime, espionage, and possible conflict, the report stressed.
At the second level, there is a failure to understand the vulnerabilities inherent in digital technology. Digital technology makes it too easy for cybercriminals, cyberspies, and hacktivists to harm businesses and challenge the power of governments, the report noted.
At the third level, there is a lack of knowledge among people about secure cyber practices. Individuals represent the greatest vulnerability to digital security, but they also are indispensible in making cyberspace more secure. However, it has been difficult to motivate the average user to take cybersecurity seriously, the report lamented.
The report called on leaders from both the Canadian public and private sector to improve the effectiveness of cybersecurity policies, programs, and technologies. In addition, basic cybersecurity practices should be taught to children by their parents, teachers, and peers, it added.