As we enter 2018, it’s a great time to take a close look at the words and ideas we’ve relied on in the past, and reconfigure—or at least reconsider—the language we use to describe the world we live in.
I’d like to present one term for your consideration: “cyber security.”
Doesn’t it sound a little dated? A little Web 1.0? Neither part of the term—“cyber” or “security”—makes a whole lot of sense. In our interconnected society, “cyber” hardly means anything anymore (not that it meant much to begin with), while “security” still carries suggestions of antivirus software from the 90s. It sounds like something only a “tech wizard” would understand, rather than a core competency anyone who uses the internet needs to learn.
Cyber security is not an arcane subject. It’s a daily—and frequently, mundane—part of our lives. You wouldn’t call an unlocked door or an alleyway at night a “analog security” threat. And maybe we shouldn’t call suspicious attachments or bogus Bitcoin transfers cybersecurity threats. It’s another way in which old-fashioned ideas about computers are fueling misunderstandings and exacerbating dangerous behaviors online.
We need to start centering the human component of cyber security. But don’t take it from me. Here’s what a recent Harvard Business Review article had to say (emphasis added):
In 2014, IBM reported that, “over 95% of all [security] incidents investigated recognize ‘human error’ as a contributing factor.” In fact, the recent string of malware attacks with cyberpunk appellations such as “WannaCry,” “Petya,” and “Mirai,” as well as the apparent state-sponsored attacks on Equifax and the American electoral system, all started because of poor decisions and actions from end users. If it wasn’t an engineer inadvertently building a vulnerability into a piece of software, it was an end user clicking on a bad link, falling for a phishing attack, using a weak password, or neglecting to install a security update in a timely manner. Attackers didn’t need to break down a wall of ones and zeros, or sabotage a piece of sophisticated hardware; instead they simply needed to take advantage of predictably poor user behavior.
Attackers want you to think of cyber security as something too complex for the average person to understand—that’s how they win. It’s a lot easier to trick someone into clicking on a link if they don’t expect to get tricked. It’s for this reason that the article’s author, Alex Blau, offers cybersecurity suggestions such as the following:
Compare employees to their peers. People have a tendency to look toward other people, especially those who are similar to them, to learn how to act. This phenomenon, called social proof, can have powerful effects on people’s behavior, and is especially influential when the desirable behavior is ambiguous—such as with cyber hygiene.
Blau offers many other thoughts about “why people set bad passwords, neglect to install updates, click on malicious links, and fall for phishing emails,” and what organizations can do to practice better cyber hygiene (How’s that for an alternative term?). Click here to read “Better Cybersecurity Starts with Fixing Your Employees’ Bad Habits.”
As we’ve written before, the best defense against the constantly evolving threat of cyber criminals is a cyber security initiative as part of your workforce compliance program. Learn more here.