| || ||Bjorn Rutten |
Senior Research Associate, National Security and Public Safety
Most of us use computers and smartphones with ease, and increasingly expect them to do whatever we want wherever we want. But we are surprisingly ignorant about the risks involved, endangering both ourselves and others.
Research conducted with the support of the Board’s Centre for National Security shows that we as individuals fail to make effective cyber risk decisions mainly because we don’t understand how we are vulnerable and what could happen as a result. The threats are highly technical, and so is much of the discussion. As a result, we don’t pay enough attention to the human dimension of cyber security. We need to do more to enable people to make good decisions about dealing with cyber risks both at home and at work.
Most people recognize that digital connections involve risk. We see media reports about cyber attacks on companies and governments almost daily. Security firms like Symantec and McAfee report an endless stream of new types of malicious code.
We do tend to pay attention to a threat if we are convinced that it does pose a danger to us directly. But the range of threats and their potential consequences are more serious and disruptive than most people realize. For example:
- All the applications we use are creating vast quantities of data that we don’t see, increasingly don’t control and can be exploited for purposes that we do not intend;
- Businesses are increasingly vulnerable to disruption of the digital infrastructure that enables them to use the “cloud” to create and deliver products;
- Nation states are facing cyber attacks—probably by other states—that target their ability to defend their citizens, compete in world markets and ensure human rights and freedoms.
Underlying all of these threats is a tension between the desire for safety and security and the essential freedoms that drive both democracy and economic progress.
The popular uprising in Egypt in January 2011 was partly organized with social media tools, leading the government to restrict access to the internet, but the secure instant messaging provided by Research in Motion (RIM) through its Blackberry devices was blamed by police in the United Kingdom for aiding lawbreaking rioters and looters in the rash of riots that swept British cities this summer.
RIM also came under pressure from various governments who felt that its untappable email system was a threat to their national security efforts—but for business users, the idea of granting state access to encrypted messages sparked fears of even more state-sponsored industrial espionage.
To deal with these complex threats, we have to recognize the vital roles that individuals play—in setting rules and policies, influencing cyber security programs, initiatives, and technologies, in providing risk guidance to others, and in using technology mindfully, effectively, and safely.
Find out what you should know about the risks of working and living in a digital ecosystem:
It’s All About You—Building Capacity in Cyber Security
Click here to download the free Executive Summary.
Click here to download the full report.