How do you make cyber security sexy?
The NetSafe Cyber Security Initiative has six weeks left to run and we’re now focused on reviewing our activities during the one year trial programme with the aim of securing funding for next year.
New Zealand’s first Cyber Security Awareness Week was the main focus for the programme and the wide range of media stories around the week (more than 50 in print, online and on radio and TV) was encouraging. We launched a new security website for consumers and small businesses, recruited a whole host of large New Zealand organisations as event partners, trialled a badge for Cubs and Brownies and built a free Android app amongst other things.
Research we recently commissioned from UMR has shown that 6% of New Zealanders remembered the campaign a couple of months later – that’s around 260,000 people extrapolated out, not bad for a first year trial. Has it made an impact on the country’s cyber security levels? We’d like to hope so.
Getting more people involved
Computer security, it has to be said though, is for many people a decidedly boring subject and something they rate about as important as the annual trip to the dentist.
Even in a corporate setting where IT – up until the rise of BYOD and cloud services - has been a relatively simple and centrally controlled affair, security awareness has often been a mix of carrot and stick to educate and prevent users from doing wrong. And despite this, a recent Sophos survey suggested only 4% of IT staff polled trusted their users.
So how do we get more people to sit up and take notice?
Humour and simplicity are key it would seem to getting people engaged on topics. Of the 10 ‘stories’ in the email update, two received the most clicks – a comical video on the history of spam and phishing told by a pair of glove puppets and a website designed to immediately detect what version of Java you’re running and offer advice on updating (one click is all that is required).
We can throw in sci-fi like terminology such as botnet herders charging out access to their infected networks by the quarter hour (just like lawyers) but that overuse of jargon can turn people off altogether.
Sex, it seems, as marketers and advertising types have long known, is what sells. Martin’s recent blog on ‘selfies’ and the world of sexting is now one of our most trafficked stories on this site, due mainly to an increasingly alarming array of search engine queries from porn hunger internet users.
And this recent ‘information security test’ in Taiwan is another good example of how basic human nature and a quest for flesh can entice people and leave them open to attack:
Two weeks ago, all 6,179 New Taipei City Government employees received an e-mail titled “Justin Lee’s sex videos, download it, quick.” However, the 996 city government workers who opened the e-mail on their office computers found no video attachments, but rather received a notice from their superior asking them to attend a two-hour information security class.
I can’t imagine how much fun malware writers have been having with the latest revelations over topless royal photos. Just look at the data from McAfee’s latest report on how celebrities are used to lure cybercrime victims:
Searches for the latest Emma Watson pictures and free downloads have more than a 12 percent chance to land on a malicious site that has tested positive for spyware, adware, spam, phishing, viruses or other malicious stuff
Does that mean we have to make cyber security sexy to compete with the bad guys?
I for one won’t be dressing up in costumes any time soon it has to be said. And I hate to think of the groans that would be made around a ’50 shades of cyber security’ type book.
So for now we’re focusing on simple, practical advice and what could be easier than an opportunity to come meet up face to face and get your home or small business computer health checked for only $10? Book a session now and I promise to keep the advice clean and family friendly.