A cyber security campaign has been launched by the Department of Homeland Security. Malware is becoming a serious enough threat that the US government is taking precautions by educating end users on Internet safety. The campaign is called Stop, Think, Connect, and offers support forums and education on cyber security strategies. While Stop, Think, Connect is an excellent effort there is only so much that the end user can do to protect themselves from ever-evolving cybercriminals and it may mot be the most effective place to concentrate of resources.
Similar to a person’s health or a car’s mechanics, regardless of how much you educate people on their health or how to maintain their car, they will still need to visit the doctor or the mechanic for their expertise. Furthermore, educating people on how to protect themselves from infection doesn’t stop the viruses from developing. Cyber citizens should however be aware of and practice the basics, which most users do not. For this reason, the Stop, Think, Connect campaign will be to some degree helpful.
The Australian government has had a similar campaign that offers malware awareness month, Stay Smart Online website, and other resources. Chapter 10 of the government’s cyber strategy is devoted to “Community Awareness and Education Initiatives.” Australia was also named one of the most concerned countries about Internet security in RSA’s 2010 Global Online Consumer Security Survey. While you would hope that being aware and concerned would be enough, a recent Microsoft Intelligence report also named Australia the most at risk from the Alureon botnet. So end user awareness and malware protection do not necessarily go hand in hand.
It’s unreasonable to suggest that if users do everything by the book that cybercriminals will not continue to succeed as they have in the past. This campaign alone is not going to change the security landscape. Government involvement is key to securing our e-citizens. In all public utilities there are certain safety standards and codes in place to establish a reasonable level of safety and the Internet should be no different. There needs to be a coordinated set of standards and methodology to reduce the level of end user knowledge required to be safe, and have the experts provide functional and cost effective solutions to complement that level of user knowledge.