Cyber Security needs to become a priority
One of the bonuses for us at Panda Security of organizing the Security Blogger Summit is that we get the chance to interact a lot with the panelist during their stay in Madrid. Having lunch at Botin has become a tradition. Botin is acknowledged as the oldest restaurant in the world as it was founded in 1725. Being a technology company, taking our panelist to such a place makes a nice contrast.
On Thursday we had a very interesting lunch with some of the panelists, including Brian Krebs, Joseph Menn, Kurt Wismer, Marc Cortes, Yago Jesus, Javier Sanz. As always, food was great. In addition we had time to discuss various hot topics on security.
I was most surprised about a statement by Joseph: some of the largest cybercrime gangs out there are protected by some of the largest governments in the world. He has recently published a book which is very interesting to read on the topic. Most at lunch agreed with the statement and with the fact that neither governments nor police organizations or judges do much against cybercrime and that it is not really at the top of the agenda. When I asked why, they all responded that the reason is basically that Governments don’t really understand how big the problem is and neither police or judges have the tools, jurisdiction or desire to make it a priority given that they don’t understand much about the problem. As they later said in the Summit, for cyber security to become a priority for Governments “someone would have to die so that it becomes a social problem” … as Joseph said, we are not far away from that anyway.
I have been saying for a long time that the cost of doing nothing is far larger than taking action and I normally use the analogy with tobacco. At a given point in time, governments worldwide realized that, in addition to killing large portions of their population, tobacco had a big economic impact: absenteeism, cost to the National Health Systems, etc. Only then they took action. It took them years … Lets learn from our mistakes.
Technology is an integral part of our lives already and it will only grow in importance. Ignoring cyber security is a recipe for disaster. It is not just asking people to use a security solution, it is making them aware of the threats and have privacy in mind when using today’s tools and social media services, it is protecting critical infrastructure, it is legislating, chasing and punishing those that benefit from cybercrime, it is teaching kids at school how to use technology safely and responsively, etc.
Users are not only not aware of the dangers, but living under the perception that the digital world is secure, and as we know, that is not the case. Let me finish with a real life example: before giving a training at a public school on cyber security a friend asked for the names of those in the class he was going to speak. For one week, and using only social media sites, he “investigated” all in the class. The day he spoke in front of the class, he began telling the kids where they had spent their weekend, the home addresses and telephone numbers, and many other many personal details about most of them. The kids were shocked and wondered how he had found all the information. Now that he had caught their attention, my friend went on to explain that one should be wary of who invites you as a friend in a social site and simple things like how to establish adequate privacy settings on social sites like Facebook or Tuenti … which was the only mean he had used to get all that information.
If we can’t find any other good enough reason, at least we need to bring cyber security to the front page of the newspapers … for the sake of our kids. They are at risk and they don’t even know it.
![[Post to Twitter]](http://www.pandainsight.com/en/wp-content/plugins/tweet-this/icons/tt-twitter.png){kind=icon}
