The Cyber Week conference is in full swing in Tel Aviv, and if there is one thing I’ve noticed so far, it is this: Everyone in the cybersecurity industry is adept at explaining complex topics in complicated ways.
That’s great when the room is full of cyber experts, but in speaking with startup after startup this week, I’m not getting a warm and fuzzy feeling that these vendors can explain what they do to a “regular” consumer (if there is such a thing).
Of course, there are good reasons for keeping cybersecurity complicated. Many agencies, consultants, and vendors have a vested interest in presenting an “experts only” environment because there’s a lot of money in preventing, protecting, and picking up the pieces after an incident.
Keep it dark to stay in the black, right?
But while that approach will make a minority of people a lot of money, it isn’t going to bridge the chasm between the aggressors and the victims. For that, we need high-level, plain advice that can explain cybersecurity to your grandparents in a way so that not only will they get it, but they’ll protect themselves.
Today, Ilan Dray, Vice President Creative at Cybereason, a cybersecurity analytics company that specializes in detection and response, has announced Cyber for People. A portal that helps explain to a general audience exactly what cybersecurity is, Cyber for People tells you what to look for, how to protect yourself, and how much you are at risk of attack. The idea is simple: educate and protect.
And it is much needed.
Chatting with the Ministry of Foreign Affairs’ press delegation this week, we all shared stories where smart, capable colleagues or friends fell victim to some of the most rudimentary hacks, attacks, and ransom demands.
One cofounder of a major technology company was subject to a “free airline tickets” scam that phished personal details from the individual and installed keyboard tracking malware on their device. The giveaway? The non-Roman “l” at the start of Lufthansa in the address bar that makes it look similar to the real site.
“I like to think of myself as tech savvy, and representing cyber companies for a living, I’m hyper aware of the very real cybersecurity threats that are out there,” vice president at PR firm GK Rachel Glaser told me. “And yet, I almost fell for a Netflix phishing scam last year. The landing page just looked so damn real! Not to mention it made its way past my spam filters. No alarm bells were set off at all in my mind. The only thing that prevented me from entering my details and potentially signing over my identity to some shadowy character was the habit I’ve gotten into of checking the email addresses of senders.”
These stories are common. There are an estimated 81 million fake Facebook accounts alone, according to the most recent research, and I regularly receive friend requests from clearly fake accounts. While the intentions of these accounts vary, many of them are set up to trap a user into sharing compromising photos, which results in blackmail, or to requests gift cards and money from the victim.
“Most of the time, people talking about cybersecurity are talking very technical to the technical person — it’s very boring,” Ilan Dray, vice president of creative at Cybereason and founder at Cyber for People, told me. “Or they’re trying to scare you. But nobody I saw on the speaking circuit was focused on action, or trying to educate the consumer.
“I don’t want to just be dealing with the future of cybersecurity, and the next wave of potential threats and attacks,” Dray said. “I think it makes a great statement if we bring cyber to the people. In Israel, everybody knows that when you see a bag in the street, you call the police, and they will perform a controlled explosion on it. We don’t have that level of understanding or response for cybersecurity threats, and that’s what I’d like to achieve.”
There’s a long way to go in bringing the absolutely complex world of cybersecurity to the masses, but with new initiatives like Cyber for People, there is some hope that consumers will be more informed, not just about the threats and what could happen, but what to do to protect themselves, and how to react when something does go wrong.