One of the biggest challenges we face in the world of cybersecurity is not phishing attacks or ransomware or firewall disasters—but rather, our name. Coined for the industry about 30 years ago, the term cybersecurity connotes some fairly off-putting feelings. For people on the outside, it can feel forbidding, fear-based, or even downright scary—so many stories of hackers and attacks, the average person or SMB can start to feel overwhelmed just hearing it. And more importantly, it’s a name that doesn’t really live up to all the meaningful ways good digital security can offer confidence and protection to all of us, dependably and affordably. Frankly, the word—and its larger reputation—feels a little clunky and outdated.
For one, the intro adjective cyber is way, way overused. It has become the go-to description for basically anything digital, and that alone can suck the meaning right out of whatever is being discussed. If everything is cyber this and cyber that, it all starts to feel unreal, too virtual, and without real world implications. After all, it’s cyberspace, right? Well, the truth is, cybersecurity isn’t really all about creating virtual gates with digital locks behind cyber walls—it’s a mindset. An attitude. A lifestyle, if you will.
Finding The Challenge
A big part of the cybersecurity effort and the desire to promote safer digital behavior is about the formation of good habits. But what often gets in the way is how remote cyber things, whatever they may be, often feel far away from what’s tangible and real. People and businesses often don’t feel vulnerable because, according to traditional definitions, they aren’t. They are behind closed doors, among trusted people, and moving about their day in relative safety and comfort. It is this sense of distance between an end-user and the threat that often fosters complacency and a sense of, “Oh, this cyber attack stuff doesn’t apply to me.” And it is precisely this type of casual dismissal that renders many fear-based cybersecurity messages powerless, as people simply don’t feel the threat—until it’s too late, of course.
Another significant challenge we face is pure laziness. Humans, by nature, don’t really love to do things they don’t have to, which means they often put off memorizing or documenting complicated passwords in lieu of convenience. While users may feel confident that they know what to do and how to do it, they simply don’t do it, and those habits often lead to increased vulnerability.
Looking For Change In Mindset
Sure, cybersecurity is about establishing, maintaining, and promoting safe practices in the digital world, teaching end-users what they need to evolve in this new landscape. But learning how to adapt—both intellectually and emotionally—to this brave new cyber land carries with it great social significance as well. A change in mindset is really a pattern of attitudes that affect action, which means a new way of thinking about certain security measures will genuinely alter behavior. A simple phishing email is a great example, as it comes across differently to different people. Not everyone will react to it the same way, mostly because they have not established a set attitude or perspective on the matter. If they had one, that would probably make better decisions.
This doesn’t mean end-users should be abandoned in the deep end of the pool, but rather that they should be encouraged to take responsibility for using the existing systems for their own safety. No longer can the onus be on computer experts and infosec professionals, holed away in some centralized technology office somewhere, to do all the work. We need more research initiatives focused on developing an awareness in others, one that will allow them to see their own risks first-hand.
This effort is challenging for many reason, primarily because fear campaigns—which tend to be the soup du jour for cybersecurity thinkers—don’t really work. In fact, they are often counterproductive. But perhaps an even bigger problem is the constantly shifting digital landscape we all face, one that cannot be delineated and defined without accepting the inevitability of change. And to make awareness-heightening efforts more effective, it will be essential to provide increasingly usable and sensible measures for users, like that of biometric data. You know, stuff that really speaks to what people can comfortably and conveniently do, stuff that makes them feel more safe than worried.
To sum it up, the new cybersecurity mindset is one that needs to be continually revisited, always evolving to meet new challenges and threats. This is not always easy when life is busy and work is demanding. But if people saw the purpose of cybersecurity as more of a necessity than an optional burden, they might work harder to accommodate the various measures available to them. Because at the end of the day, people, businesses, organizations, and governments all need to figure out how they are uniquely served through better technological understanding and vigilance, to push away the fear and remember this sometimes troubling digital environment is theirs too.