Step 6 of President Obama’s Cybersecurity plan is a great idea and it states:
Step 6 – Initiate a national public awareness and education campaign to promote cybersecurity.
Lessons Learned from national public awareness and education campaigns show that they can work very well with “simple and straightforward” issues such as drunk driving, seat-belts or forest fires. For example, most of us have heard of “over the limit, under arrest” or “click-it or ticket” or “only you can prevent forest fires”. But cybersecurity is not “simple and straightforward”.
Lessons Learned, experts and reports unanimously agree that cybersecurity related attacks are becoming more and more sophisticated and the threats are constantly changing, which makes it difficult for traditional awareness and education campaigns to keep up. Drunk driving, seat belts and forest fires are static, simple and straightforward.
National public awareness and education campaigns utilize “many types of megaphones” including TV, radio, web sites and newspapers. However, Lessons Learned also show that “megaphones” are not effective education tools and “megaphone management” is not effective in managing people’s behaviors or managing sensitive and confidential information.
Because good guys are already one or more steps behind the bad guys, blasting out a national campaign regarding cybersecurity will only put people and organizations more at risk and further behind with information that is two, three and four steps behind the bad guys. To make matters worse, bad guys will see the national public awareness campaign and be able to adjust their attacks much faster than the campaign can keep up and even faster than the masses can keep up.
For President Obama’s Step 6 to be effective, innovative and visionary approaches will be necessary to ensure better results in dealing with more sophisticated, more complex and constantly changing cybersecurity threats.
Initiating a national public awareness and education campaign sounds good and could be a great first step to bring attention to cybersecurity, however implementing and managing customized knowledge at the individual level will require innovative tools and proven solutions like Awareity delivers.
Lessons Learned are not always bad experiences….Awareity’s successful Lessons Learned with cybersecurity awareness and education as well as compliance, legal due diligence and regulatory requirements provide an excellent model for better knowledge, better decisions and better results.