It’s that time of year again! October marks the 13th annual National Cybersecurity Awareness Month (NCSAM), and Tyler is proud to show our support as a NCSAM Champion. The overall theme of the month – that the internet is a shared resource and securing it is our shared responsibility – is one that resonates with us. It’s a civic duty as far as we’re concerned because unprotected resources, unprotected networks, unprotected computers, and unaware people are used to attack and harm others.
Cybersecurity Awareness Month, a collaborative effort between the National Cybersecurity Alliance (NCSA) and the National Cybersecurity Division (NCSD) within the Department of Homeland Security, is just another way that we’re all being called to participate... to develop new habits when online. No individual, business, or government entity has sole responsibility for securing the internet. Everyone has a role in their part of cyberspace, including the devices and networks they use. Individual actions have a collective impact. When we use the internet safely, we make it more secure for everyone.
How did we get here?
Like many people, you may have the perception that the internet is a carefully designed, planned thing. But it’s not. It’s a wild, organic thing. This is due in part to the number of people on the web, which according to internet live stats is 3.5 billion people and climbing every second.
It’s also due to the astonishing amount of information that is generated on a minute to minute basis. In their Data Never Sleeps 4.0 infographic, Domo, a computer software company that specializes in business intelligence tools and data visualization, shows just how much that is. And the stats are mind blowing. Here’s just a sample.
Every minute of the day:
- Americans use 18,264,840 megabytes of wireless data.
- YouTube users share 400 hours of new video.
- Facebook messenger users share 216,302 photos.
- Instagram users like 2,430,555 posts.
- Siri answers 99,206 requests.
It may be hard to wrap your head around this, but it’s important that you do. As an internet user you are connected to all of it. When you’re connected to the internet, it’s not a personal experience. It’s awesome – but it’s a double edge sword – and the other side is darker than a shadow. With extremely low levels of regulatory guidance or oversight, every one of us is free to unleash our creativity, which is a wonderful thing. However, there are a lot of criminals out there who are just as creative, if not more, than the rest of us.
The Psychology of Risk Awareness
People are the weakest links when it comes to security in part because of our innate desire to please and our tendency to trust. There is also a quality of human psychology called risk awareness, which drives how we determine if an activity is risky or not. Here are five important attributes:
- Availability Heuristic: This is the part your brain that predicts danger based on experience. If it’s never happened to you before, it doesn’t feel risky. For example, if you trip over a root when hiking through the forest and sprain your ankle, your brain remembers this as a risky activity, and you will be more cautious the next time walking through the forest. If you’ve never been the target of a cyber-attack, your own heuristics have no information to warn you when you’re doing something risky.
- Optimism Bias: This is the belief that bad things only happen to others.
- Level of Control: This is our perception that a problem is so large that we have no control over what happens. “I cannot contribute to the solution, so I’m not going to bother.”
- Risk Homeostasis: Once you are in an environment for a while, you get used to the level of risk, and reach an equilibrium where you start to feel like you’re not at risk. And then you take start to take chances.
- Group/Social Norms: No one wants to be ostracized by co-workers or friends. This follow-the-crowd mentality can lead to the acceptance of bad habits.
But it’s not all doom and gloom. Awareness gives you power and protection against cybersecurity threats. Understanding the risks and learning cybersecurity best practices that will keep you safe is the first step. We all have a contribution to make.
Changing Behavior in a Changing Environment
So it comes down to developing a new habit. And it’s not the first time as a culture that we’ve had to do that. We’re actually pretty good at it. Think about seat belts. Many of us remember when cars didn’t even have them. I remember as a kid, riding in a car with my friend’s family. There were 7 other kids shoved into the car – the baby was in a car seat wedged between the two front seats, and whoever couldn’t fit in the backseat piled into the back end. Not a seatbelt in sight! Today that would be considered child abuse!
Now I don’t even think about it. It’s my normal habit. The first thing I do after I start my car, is reach for the seatbelt. And my guess is most people do the same thing.
It took more than 30 years for our culture to accept wearing seatbelts as the “norm,” and it took oversight and regulations to get there. The first regulation dealing with seatbelts went into effect on January 1, 1968, and required that all vehicles have seat belts. Today, most states have laws that require all occupants to wear seat belts (the only exclusion is New Hampshire, which only requires those 18 years and younger buckle up).
A lot of people are alive today because we recognized the risk that not wearing seatbelts posed, and we answered by implementing a control. Then through regulations and awareness campaigns, like the Crash Test Dummies Public Service Announcements, we built a habit. And that’s what we’re doing here – recognizing the risk that being online poses and answering with a control. While the control is somewhat technological, it’s mostly about our level of awareness and the habits we build to stay safe online.
Celebrate this Cybersecurity Awareness Month by increasing your awareness and make staying safe online your new habit. Learn more at StaySafeOnline.org.
Need Some Cybersecurity Expertise on Your Team?
Tyler's Cybersecurity Partnership Program gives you access to our cybersecurity advisors. You receive oversight, guidance, and counsel toward meeting compliance objectives and improving the security posture throughout your organization.