UK needs IT security public information campaign - experts
It's time government splashed out on a TV advertising campaign promoting basic computer hygiene, say Kaspersky roundtable participants
Should the government run a public information campaign on IT security?
That was just one question raised at a Kaspersky Lab-commissioned roundtable yesterday that sought to draw attention to the fact that human error has often been at the root of even the most high-profile cybersecurity attacks of recent times.
With many smaller companies not having security policies in place and even fewer properly educating their workforce, there is also an opportunity for the channel to help raise awareness, panellists agreed.
But the problem starts with a lack of basic awareness among consumers, meaning the government must up its game, argued David Emm, senior researcher at Kaspersky.
"Whatever the nature of the threat, all too often the weakest link is human," he said.
"You look at the RSA hack and the Syrian Ministry of Foreign Affairs and many, many others. Sure, they're really sophisticated, but the starting point in many cases is the human - an email with an attachment saying 'click on this'."
Emm said he did not like the word "user" because it IS only ever used in one other context - taking drugs.
"Actually, they are your human assets in the company and developing that security mindset - like we do with kids when we bring them up to stay safe in the real world - is really important," he added.
The government has run public information campaigns on everything from wearing seat belts and the perils of level crossings to horse awareness and Emm argued that IT security should be added to that list.
"The government has made it clear that it is very keen to engage with business to raise awareness of the changing threats and potential danger to, not just critical infrastructure, but any business. I would like to see them go further and have a campaign," he said.
When pressed on the message the government should portray in such a campaign, Emm said it should focus on basic computer hygiene.
"I think it is a simple message - have you thought about the fact that when you're sitting in a café on a public Wi-Fi hotspot and looking at Facebook, somebody could be reading that password?"
Bob Tarzey, service director at analyst Quocirca (pictured), said it is also incumbent on businesses to educate their staff to ensure they are more savvy about their personal data. Resellers can help here, he said.
"In comes training, but also technology that firstly warns them when they are about to do something that may not be sensible, and also technology that goes beyond username and passwords and introduces a level of strong authentication. There is an opportunity for resellers within smaller businesses that do not have those capabilities to put those programmes in place."