The Holy Grail of cyber security is that one day it will become invisible and 100% reliable. Obviously we are some way off from that point at the moment.
A recent survey on current awareness of cyber security issues and technologies demonstrates just how far.
In March this year, the Washington based Pew Research Center surveyed more than 1000 adults on their knowledge of cybersecurity topics. The questions ranged from what is ransomware, what defines a bonet and what is a phishing attack. Many of the questions featured concepts, like ransomware, that have become household terms in recent years thanks to high profile cyber attacks. Despite this, the results were – as they say – disappointing.
On average, people only answered five out of the 13 questions correctly. Only 1 percent of respondents got every question right (you can try it on yourself and your employess at http://www.pewinternet.org/quiz/cybersecurity-knowledge/. If you get less than 10, perhaps best keep it quiet!).
The Associate Director of the Pew Research Center was withering about the results. “The survey is just a glimpse of what’s common sense when it comes to cybersecurity, and apparently, only 1 percent of Americans have it”, he said. While this was a survey of Americans there is little reason to think that the results would be much improved this side of the pond.
On the other hand, perhaps we should be more forgiving and think about the Holy Grail that we are seeking. In the promised land of cyber security our end users and the general public wouldn’t even have to consider such ABCs of security at all. Just as no-one has to know how the brakes work in a car in order to use them. They just work and perform the job of retarding the speed of the car automatically (the irony of this analogy is that it may be proven faulty with the onset of digital driverless cars, but let’s assume that those will be cyber proof too in our future).
Whilst agreeing that end users and the public could do themselves and their employees a favour by getting a grounding in some cyber security basics, ultimately the failure of cyber security is ours and that of the wider industry.
We have so far failed to create secure networks, secure business systems and secure endpoints that don’t rely on some form of user input to help keep them secure.
The end user focused security paradigm must surely end: passwords, two factor systems, the manual screening of emails all still rely on human input. This input should be reduced to zero as fully automated, intelligent security systems take their place.
One day it will be impossible to be hacked. But until that day we need to automate as much as possible and free people from the burden of security responsibility as much as possible. That day will surely come but only if we work harder as security professionals and suppliers.
With managed security services, advanced encryption and intelligent systems converging, security will be systematically removed from the burden of the end user and the organisation. Finally then, the Holy Grail of invisible, unbreachable security. We can but dream!