Kathy Gibson is with Kaspersky Lab in Cape Town – There is confusion about where the responsibility for cybersecurity awareness lies.
Professor Basie Von Solms, research professor at the University of Johannesburg, believes it is a corporate governance issue.
“In many companies, they force employees to be cybersecurity aware, but at the top echelons, they have no idea what’s going on,” he points out.
“If we don’t understand that the responsibility starts at the top and goes all the way down, the lines are blurred.”
Prof Von Solms says using connected devices and services can be likened to driving a car. “In most countries you have to understand the rules of the road, as well as how to drive the vehicle. But how often are people allowed to drive out on to the superhighway of the Internet without knowing the rules?
“Cybersecurity awareness, protecting yourself in cyberspace, is not the responsibility of the IT department. But the buck stops at the top because it is a corporate governance issue.”
Bran Erdogan, founder of Secure Computing in Turkey, agrees that individuals need to take responsibility for their own safety.
“Cybersecurity is already impacting personal life and it will impact much more,” he says. “So education should start with people themselves – not necessarily from government.”
Ramy AlDamati, enterprise security expert for Middle East, Turkey and Africa at Kaspersky Lab, reinforces this message. “It is everyone’s responsibility. If you are connected to the Internet, you are part of the equation.”
There are other parties that are in the equation, he adds. Any person or organisation that is connected to the Internet needs to be involved.
AlDamati believes cybersecurity awareness needs to become a culture, perhaps starting with learning in schools.
“It needs to be similar to our awareness of drugs – it needs to be part of the culture, and it is everyone’s responsibility.”
Having said that, there is not enough awareness in the Middle East, Turkey and Africa region, he adds.
This can be seen from the number of attacks taking place and more awareness needs to be built.
AlDamati thinks security companies could get involved with governments and educators to build programmes.
More co-operation is needed between government, banks and other organisations to ensure that users are aware of the threats, and how to avoid them.
“We have to realise that with the growth of artificial intelligence (AI) and autonomous systems, the problem is just going to get worse.’’
Prof Von Solms points out that South Africa was listed as the second most vulnerable country in terms of mobile banking crime. “This indicates that government and companies are providing citizens with access to systems, but not to education about the threats.”
The increasing access to online services and applications is driving new threats, says Erdogan.
“I get requests every day from my 10-year-old son to input my details into games or apps so he can receive credits or games,” he relates. “Who knows who is getting access to that information.”
To achieve optimum levels of security right now is simply not possible, he adds. “To improve it, we should start with primary schools, teaching children, teachers and parents not to share information.
“As a parent, I am the first line of defence for my children, but we also need to teach them to protect themselves.”
This raises the issue of how older users like parents or teachers may be out of touch when it comes to security.
“But that’s no excuse,” says Prof Von Solms. “You would never drop your child in the middle of a dangerous city, but you let them go online with no defence.
“Every parent teaches their children not to talk to strangers in the physical world, but let them do so online. Young people want to connect, but they don’t realise the risks.
“We’ll never solve the problem,” Prof Von Solms adds. “But there are two sides of the coin: if we improve our cybersecurity awareness, there will be less cybercrime.
“So it is of strategic importance for any government to ensure people are aware. We need to develop a culture of cybersecurity.”
The responsibility starts with government to increase the awareness in public sector and education, he says. But when it comes to children, parents have to take some responsibility.
But often parents are simply unable to do to, says Erdogan. He cites the example of his own child’s school which asked for a wealth of information about children and parents on an unsecured system.
“Cybersecurity is not just about the corporate world: it is about life,” he says.
AlDamati recommends making children part of the solution. “I always encourage my children to research the threats before they do anything. This raises their awareness and they share it with their friends. By letting them touch and feel it, they become more aware.”
Child hacker Reuben Paul doesn’t believe there is a high level of awareness among his peers. “Kids are quick to post stuff, but they don’t really pay attention to the security,” he says.
“At school we have a lot of lessons about technology, but not about security awareness,” Paul says. “But it’s definitely something kids need to learn about, to be aware of.
“We are growing up in a world where everything is connected and, if we are not able to learn awareness of the risks now, we are not going to be able to learn it in the future.”
He adds that parents could help to simplify security by teaching children on a level they understand.
“Also, spend time with your kids,” says Paul “ If you do that they will not be alone on the Internet and vulnerable to cyberattacks and bullying.”
It’s important to realise that we will never make everyone 100% cybersecure, Prof Von Solms says.
“The people on the other side – the cybercriminals – are always going to be one step ahead. The main thing is to teach children and employees to be self-defensive. When you drive on the road you think ahead and we need to do this when it comes to security too. In this way, you will be more able to look after yourselves.
“We must learn to protect and improve ourselves: we must learn to think defensively, about what can happen in cyberspace.”
Security by obscurity needs to be part of everyone’s security stance, Erdogan believes. “If you give people your pet’s name, they will use it against you. Don’t share that you are going on vacation with the world – there could be someone who will use that information against you.”