Cyber Security is a Shared Responsibility: The 10th Anniversary of National Cyber Security Awareness Month
Take a moment to think where you were ten years ago and what your computer and internet experience was like. If you can, you’ll remember the work you had cleaning up your email from the deluge of spam messages and the frequency of big virus outbreaks like “ILoveYou”; “Anna Kournikova” and “Code Red”. And when things went wrong, it always felt like your responsibility alone to clean the computer, remove the threat and fix the damage. You weren’t the only one who thought things had to change. Every October, since 2003, we recognize as National Cyber Security Awareness Month (NCSAM). NCSAM was first launched ten years ago, a joint effort by the US Department of Homeland Security and the National Cyber Security Alliance (Symantec is a founding member). We work together to increase awareness of cyber security issues and help educate people on how to enjoy the internet and being constantly connected with safety. The threats keep changing but the need for online vigilance never goes away. Ok, we need a cute puppy photo break.
Everything we do online is inter-connected. With our increased usage of social media like Facebook, and considering the volume of email we send, videos we post, photos we share, the documents we collaborate on, and the work we store in the cloud is all a shared responsibility to do so with safety. For that reason, the theme for 2013’s National Cyber Security Awareness Month is “Our Shared Responsibility.” And the key message is Stop.Think.Connect.
Ten years of the National Cyber Security Awareness! So what has changed in those ten years? We didn’t have Facebook (launched in 2004 for just select college students); there was no Twitter, no ransomware or botnets. Instead we were dealing with loads of fake emails, offering us opportunities to get rich in partnership with someone in Nigeria or to purchase low cost pharmaceuticals from Canada or Mexico. There was a lot of online identity theft (still is) in the form of credit and debit card abuse. Auction fraud and online Ponzi schemes were an issue. A few gullible people fell for the work at home scams.
According to Kevin Haley of Symantec’s Security Response group, “Ten years ago malware was big and noisy but relatively harmless to individuals. In the past ten years this has dramatically changed, with malware almost exclusively focused on crime and targeted not at computers but at the people using those computers.”
These days, we’re still in the throes of fighting hard to stop cybercrime. The scope of the problem has only grown but the methods used keep evolving. Today’s threats are more tailored, more customized to trick smaller numbers of victims perhaps but to gain access to greater sums of money than ever. We’re seeing sophisticated threats infect our social networks or takeover our computer until enormous ransoms is paid to remove the threat. Silently, many of our computers are infected with botnets, supporting click fraud schemes or sending our private data to the cybercriminals.
Fortunately in the last ten years, we’ve seen enormous and successful effort by governments across the globe, working in concert with private industry and law enforcement to criminalize these cybercriminal activities, find and prosecute the perpetrators and better educate and protect the public. Big efforts and big successes, like yesterday’s takedown of another massive international botnet are helping us turn the tide against the global scourge of cybercrime. (Symantec was a key player in that success.)
So I asked Bill Wright, Director of Symantec's Government Affairs team about how things have changed in the last ten years. Here's what he said, "Investigating and prosecuting these cybercriminals poses no less a challenge than does defending against cyber attacks. It is technically challenging, and requires a level of expertise and training that many police agencies and prosecutors are only beginning to develop. In the face of these obstacles, the amount of progress that has been made over the last ten years is impressive. Not too long ago, numerous cultural and organizational barriers prevented federal agencies from coordinating on the investigation and prosecution of international cyber criminals. Those barriers have come down, and though we have a long way to go, today we see cross-agency coordination on a regular basis."
As NSCAM events got kicked off yesterday in Boston and will continue throughout October, be sure to regularly check the National Cyber Security Alliance Facebook page, Twitter feeds (https://twitter.com/STOPTHNKCONNECT)and website to find out about online security events in your area. Let every one of your online actions be filled with awareness of the need to Stop.Think.Connect. Use strong security software on all your internet-connected devices. Set a password, even on your mobile phones and tablets. Avoid sharing passwords with anyone. Be cautious about activities on unsecured public wi-fi networks. And never friend a stranger or someone you don’t really know in social or career networks.