Techfestival Copenhagen: Cyber Security should be taught in schools as it is a lesson about our everyday life, expert says
Since the worldwide attack using the WannaCry ransomware, digital warfare has come into the public focus like never before. One could think that awareness of the matter has made people take precautions, but speakers at the Cyber Security and Information Warfare Summit from Techfestival said few have done so.
Cyber security experts are caught between two worlds. On one hand, they are already thinking about threats of the future. In an experiment last year by two data scientists, an AI was taught to study the behavior of Twitter users then design and implement its own phishing bait. The AI hacker was more efficient than humans, distributing more tweets and with a better conversion rate.
”The AI, named SNAP_R, sent simulated spear-phishing tweets to over 800 users at a rate of 6.75 tweets per minute, luring 275 victims. By contrast, Forbes staff writer Thomas Fox-Brewster, who participated in the experiment, was only able to pump out 1.075 tweets a minute, making just 129 attempts and luring in just 49 users”, writes George Dvorsky in his article named Hackers Have Already Started to Weaponize Artificial Intelligence.
On the other hand, security experts are engaged in the never-ending mission of informing the public about basic security measures. Their everyday experience shows it is never redundant to raise awareness, again and again, for spam emails, phishing with false login sites, spear fishing, spying, ransomware, multi vector attacks and so on. It is amazing to see how little focus one can have before s/he falls victim to a cyber attack and how easily the focus can shift to caution afterwards. The thin border between the two moments consists of several simple measures everyone can take: strong passwords, anti-virus software for all gadgets used, VPNs and protected network-attached storages.
The host of the summit was former hacker Sven Weizenegger, a former security officer of the biggest German Fintech startup who has worked for Deutsche Telekom/T-Systems for more than 13 years in different leadership positions. He is now Co-Founder and Managing Director of Perseus, a platform that connects companies with cyber security services and solutions.
From your experience, what is the most common thing people don’t get about cyber security?
A: I think that people don’t understand that everyone is responsible and accountable for cyber security. For example, all people from a company/organization are responsible for cyber security because all of them deal with confidential/sensitive information at some point. Everyone must be part of the whole strategy. Employees are, probably, the weakest links of the chain, so they have to be aware of security problems. They should think about having daily routines like how to check e-mails, how to identify phishing emails, especially because it is quite easy. This is the reason I started this venture with a focus on employees. We show them successful hacks.
What about cybersecurity at home?
That’s a tough topic because, in general, people don’t care and they don’t take care. They don’t see the security issues that are coming with the technology they use at home. So, probably, this should be part of education and then the next generation is going to take more care about security. Educating all people is quite hard I would say.
Still, what would be an efficient method of educating people about cyber security?
Show them real examples, maybe with their own data. People need a personal touch because otherwise, they say: ”Oh, it’s not me/ it can never happen to me!”. But if it happens to them, at an experimental stage, they might say: ”Oh, I should do something!”. This applies to private people, to companies, to employees. This kind of experience changes your mind completely.
So you believe in a shared responsibility.
Absolutely. It starts with the CEO, to the employees, to the private consumer. As for producers and manufacturers of technology, we should all ask for reliability. To move from adding more and more features to a product to making safety and security a value proposition.
Consumers should ask for this for their products and force managers to think differently and put more time and effort into security.
But how can consumers create this kind of pressure?
Reliability is the key, I think. One that can be insured, like we are doing with skyscrapers and elevators. If you want insurance for such a building, ok, you have to take care of the elevators, make them secure. Insurance can force management/builders/owners to make changes. And this could work with technology because it will make manufacturers accountable for their products. And then they are going to think twice: focus on the product’s features or on its security? And consumers are going to think about products, too: do I buy one cheap or one that comes with a quality certificate regarding security?
Should parents monitor their children’s online activity?
I really think that parents should use software that monitors their children’s online browsing. Children tend to click on everything. You cannot control this when they click and then there’s a porn website. What do you do? Parents cannot stay near them all the time and they shouldn’t, they should give them some space and trust.
But I think they should have a monitoring and security software control, monitor their behavior and then block content, for instance.
What basic things should parents and children know about cyber security?
That they shouldn’t open e-mails from unknown persons (as they could be phishing emails with malicious content. They should not give their credentials to other people even if they ask you. Don’t leak your passwords, don’t leak your credentials. Don’t take pictures and post online documents like plane tickets, cards, and thing like that.
How can we teach our children cyber security?
I think this should be a subject taught in school, because it became part of their daily life. We should have cyber security in curricula, like Physics, English and whatever. This will be really awesome, as it will be part of their DNA somehow, like technology already is, and regarded as normal and natural.child safety cyber risk cybersecurity digital literacy parental parental advisor