Cybersecurity is an issue that has an increased importance in today’s digital age, especially for governments and corporations. Greater attention is being paid to this issue by both mainstream and social media. Every year, the U.S. government designates October as National Cyber Security Awareness Month. In a recent interview with Sam Phillips, chief information security officer at Samsung Business, he spoke about why such an initiative is needed and what it has achieved so far.
What has National Cyber Security Awareness Month achieved? Are there any key milestones?
Sam Phillips: The National Cyber Security Awareness Month has certainly done an excellent job of raising awareness of cybersecurity, both in terms of the need for it and what it entails. Many organizations signed up as sponsors and are helping with things like education in schools, so children are more aware of what they should and shouldn’t do in order to keep themselves safe while online. One of the key advantages of the program is that it involves one month of focused activity and education, rather than a constant barrage of information that people tend to ignore.
This initiative began because there was no good educational process for the internet age, and people did not understand the security issues involved. One of the first main milestones was the Stay Safe Online initiative, which provides a wealth of information regarding data security.
How has the initiative morphed over time?
SP: The focus on internet safety has not changed, but recent developments require that focus to evolve to cover emerging technologies. One of the most disruptive technological breakthroughs has been the evolution of mobile devices, which have now become self-contained computing platforms.
With new technologies, the same requirements for basic security hold true, but the context under which guidance must be provided has expanded. People need to know how to use their smart devices in a secure manner. Some of the basic tenets of computer security are the same — don’t download apps from untrusted sources or click on links you are not sure about, and use both browser-based and email encryption — but there are some new security risks that are introduced with mobile use, such as the dangers of unsecure Wi-Fi connections.
Another key focus was social media and connected communities. Why is this important?
SP: Here, the emphasis should be placed on trust. People need to be wary of who they connect with online, ensuring that they really do know who that person is. They need to be careful about how much information they give out and what they say in online forums, so that they cannot be compromised. They should never log on to untrusted networks, and they should be educated regarding the need to guard their own privacy and security, ensuring that privacy settings are enabled across all their devices.
The National Cyber Security Awareness Month also has a week focusing on hyperconnectivity, where an increasing number of devices and objects will be connected to each other. Understanding the potential risks and how to implement security are important pieces of the equation. The connected home, for example, could introduce many risks. Hackers can break into connected devices such as refrigerators and could turn them off, causing food to spoil, which could pose a health risk. Or, hackers could alter heating or air-conditioning settings, which could be especially dangerous in extreme weather. People need to understand what they need to do to implement the security features that come with the connected products they bring into their homes.
The final focus area is on the shortage of security professionals. How can we combat this?
SP: At this point, the best way that I see organizations combating this is by setting up security internships for general IT personnel, such as pairing a network engineer with a security practitioner so that they receive on-the-job training. This is an area where many organizations are finding success.
For the longer term, security education should begin in school with elementary and junior-high students. But the emphasis needs to be placed on making sure that such education is seen as fun, so that children become interested in security. Government agencies are sponsoring programs in universities to raise awareness, including competitive events such as “hackathons” that offer prizes to students. These events teach students how insecure common devices are and how they can secure them. This is a good start, but more corporations need to get involved if such initiatives are going to become widespread, giving everyone the chance to learn.
Overall, National Cyber Security Awareness Month has had many successes in driving awareness — but more could still be done. More organizations need to become involved to drive greater uptake to ensure that a culture of security is instilled in everyone and in everything that they do.