The biggest risk to cybersecurity? The user. Security experts do what they can. Why that isn’t enough, “123456” isn’t a good password and what you need to be aware of were topics that Katja Dörlemann, Awareness Specialist at SWITCH, talked about in her enlightening Lunch & Learn on 30 August 2021.
1
We do not know, but think we do.
Plus, we do not care…
Many studies show that we are not aware of the basic processes of cybersecurity, but think we are. At the same time, we do not even follow the security rules we know.
We underestimate the risks and overestimate our skills.
2
Security awareness requires interdisciplinary skills
Security awareness measures need to educate and train IT users as well as awaken their interest in cybersecurity. This requires competencies in several areas, such as IT, security, but even more in education and communications.
Interdisciplinary skills are essential.
3
Most cybersecurity experts lack expertise and time to plan and implement security awareness activities
Most professionals who are responsible for security awareness have a background in IT-related fields. They lack a big part of expertise needed to succeed.
In addition, most of them can only dedicate about 10% of their time to plan and implement security awareness programs – even though the human factor is described as one of the biggest risks.
Lack of expertise and no time to implement are part of the problem.
4
Cybersecurity processes need to become less complex and more usable
Measures and processes to improve cybersecurity must keep up pace with current developments in cybercrime. User-friendliness is usually not taken into account. As a result, we have to deal with confusing terms (e.g., 2FA, MFA), inconvenient authentication procedures and other obstacles.
In order to increase cybersecurity, we have to make it more user-friendly.
5
Cybersecurity needs more interdisciplinarity and diversity
Cybersecurity is a topic which touches almost every aspect of our private and professional lives. Cybersecurity experts influence and define our ways of dealing with the Internet, IT and digital information. However, these experts present only a small part of our society.
We need more interdisciplinarity and diversity to be successful in cybersecurity in the long run.
Recording
Slides
Link to Password Manager
How can you easily and comfortably use strong, unique passwords on all the websites you use? The solution is a password manager.
The password manager store your login information for any website you use and helps you log into them automatically. They encrypt your password database with a master password and that is the only password you will have to remember.
Check out the password manager list provided by the Data Protection Office of the Canton of Zurich.