“How many of you have setup the 2-step verification process for your email?” – asked Scott Carpenter to the room of participants at the Data for Good Exchange 2016 conference at Bloomberg. Less than a half of the attendees raised their hands.
Carpenter, the Managing Director of Jigsaw at Google, was not surprised, “Because we are so lazy, we need to make the [Internet] protection as simple as possible, so that you don’t notice it.” Mr. Carpenter recognized one of the “flaws” of human nature when it comes to technology – when it’s not simple, it will not work.
However, do we really need to debate whether cyber-security is simple enough? Cyber-security and online protection are among the topics that most consider “boring” unless they are true data-geeks, or have recently watched the new movie Snowden.
With all of the negative connotations, does miss cyber-security have any chance at all to excite your mind? “She” definitely would if your company or personal web-assets became the target of a cyber-attack.
According to the panel of “Eliminating Cyber Threat Whack-a-Mole: Developing a Risk Based Approach,” it is best to take preventative measures to protect your cyber-presence, as early as possible. Similar to when you get vaccinated at a very young age, you should vaccinate your business from any “online pests” at a very young stage.
Yurie Ito, the Founder and Executive Director of the CyberGreen Institute, described some of the most current issues with cyber-security:
- Sometimes we unknowingly do things online that can lead to consequences, harmful to our online security. Let’s take email: one out every 50 emails sent on Google contain phishing attacks’ and 60% of all web attacks take place via email.
- Cyber-security is not about protecting us, but also about preventing us from becoming a part of the attacking infrastructure. Ito brings up a simple example, “You wash your hands to protect yourself from flu, but you wash them also to protect your family and your colleagues.”
- Installing a robust protection system can cost tens of thousands of dollars, thus most early stage companies do not install cyber-security systems from the get-go.
- Security results in “signals without meaning”: the robust installed cyber-security systems are creating too much noise for the employees and IT teams in the companies.
Here are several snippets of advice on approaching the afore-mentioned risks:
- If you are “phish-curious,” you can read the full definition and how to recognize the phishing emails here, and how to report them here.
- Before your business grows larger, install an affordable basic security and anti-virus software Make sure to keep it up to date with the most recent version!
- Most modern systems can be customized to generate less noise
While we are busy browsing the Internet, the National Cyber Security Alliance, the CyberGreen Institute, and other organizations out there are working on tackling the afore-mentioned issues. In the meantime, we are the front-line in protecting our online health. “The FBI simply cannot handle all the volume,” says Cyrus R. Vance Jr., District Attorney of New York, when commenting on the number of requests the organization receives.
It is also difficult to create metrics for accessing cyber-security.
Jacob Olcott, the VP of Business Development at BitSight Technologies, mentioned that in the past, companies accessed cyber-security of one another via a questionnaire (just imagine filling this out: “Is your company’s cyber-security infrastructure good?” Choices “Yes,” “No”, “Maybe”). Thanks to the emergence of big data, there is a step-by-step shift to a more data-driven quantitative approach to measuring cyber-security of organizations.
“It’s time to think seriously about our health online, because that’s where all of us live,” said Scott Carpenter.