This Fall 2020 issue brings us around to another National Cyber Security Awareness Month (NCSAM). The Cybersecurity and Infrastructure Security Agency (CISA) describes NCSAM’s goal as raising “awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online.” That’s a lofty and laudable goal. Unfortunately, it probably doesn’t contribute much to an improved national cybersecurity posture. There are two reasons for this.
As a nation, we celebrate the primacy and protection of the individual. Americans are individualistic and culturally resistant to anything they perceive as a centralized mandate. Put another way, the only certain way to get Americans to embrace an idea is to get them to believe that it was their idea in the first place.
Unfortunately, the messaging behind NCSAM seems to have missed that aspect of the American psyche. The theme behind this year’s NCSAM is Do Your Part. #BeCyberSmart. This theme is intended to encourage people to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
We have had a year defined by conflicting narratives about pandemic preparedness and response, competing narratives of social justice, violence in our streets, and shattered faith in our most fundamental institutions. At a time when our electronics and the internet seem to be the only thing holding families, businesses, and the fabric of the nation together, one more mandate seems to come off as little more than “One More Thing.” Americans simply don’t have the bandwidth to process, much less respond to it. Yet, it seems that cybersecurity is a constant harangue of shoulds, musts, and ought-tos. Mandates to the left of us, imprecations to the right, volly’d and thunder’d indeed. However, this year, they’re lost in the noise.
To both the cyber pundits and the cybersecurity industry, we beg to offer a pair of alternative paradigms.
First, with respect to reaching Americans, in case you’d not noticed, the United States has the most effective advertising industry on the planet. Everyone reading this who’s never responded to a carefully crafted ad that’s popped up on your screen or in your email, please shout out. Go ahead. We’ll wait. Yeah. Exactly. Now, imagine if some small part of that vast engine was enlisted in the battle to change perspectives on cybersecurity. Ideally, cybersecurity would become as natural as putting on a seatbelt when we get into our cars, shopping on Amazon, or searching on Google.
With regard to the cybersecurity industry, we’d like to humbly suggest that you’ll get more mileage (and a vastly improved balance sheet) by providing products that enable Americans to go about their business in a way that is faster, more efficient, and easier, and where security is baked into the fabric. Stop telling us what we should, ought, and must do, and bake the security in so we don’t have to think about it. You’re the experts. Give us products that support our lives and stop expecting us to become security ninjas. For Pete’s sake, if police took that approach, we’d all be wearing body armor and carrying Glocks.
In summation, we’d like to suggest that instead of imploring us to be aware, perhaps it might be more effective to help us become secure in spite of ourselves. Oh, and make us think it’s our idea in the first place.
Happy National Cyber Security Awareness Month.
Keep up the good fight – and build it right!