There are some signs that information security issues are entering the world news agenda. Bilderberg, the world’s most famous conference on policy and world affairs, has just released the topics on the agenda for this year’s edition. The first two on the list: Artificial Intelligence and Cybersecurity. Also at the beginning of this year, the Prime Minister took a handful of British companies on a trade delegation to Washington.
My company Titania’s CEO, Ian Whiting who took part, recognised the implications of this trip for the industry:
“The cyber security industry is expanding at a very fast pace currently and it is coming to represent a strong segment in British international trade. Our invitation to these meetings indicates that state leaders are aware of this booming industry and they are keen to provide their support”.
While it is refreshing to see policy-makers turning cyber defence into a priority, the mainstream audience has little understanding, and even less concern with these issues. The information security community needs to strike the right balance between story-telling and fact-checking. Not an easy task; sometimes the industry gets it wrong, other times the media does.
In a recent conversation with a friend I made it known, with the pride of meeting a celebrity, that I had recently attended Infosecurity Europe and I found myself at the John McAfee keynote speech. I waited for the ensuing questions; all I had back was a blank stare. As I explained a little more about the tech millionaire, my friend recollected having read some outlandish story about the entrepreneur’s saga. Still, the conversation was limited to my relaying of the speech and we quickly moved on.
Having worked in this industry for over two years, it has become obvious to me how cybersecurity seeps into every aspect of life. Whether it is defence, finance, work, healthcare, infrastructure, energy or communication, everything relies on the security of the systems that invisibly operate these sectors. This got me thinking, why didn’t my friend know anything of one of the biggest characters in the information security industry and why does the information security message still not reach non-technical people?
On the rare occasion that information security makes the daily news bulletins it will be about a hacker who was able to make a plane fly sideways or something equally sensationalist. However when vendors or researches describe the risks that we all run every day, with every online transaction or use of public Wi-Fi we connect too, the industry is accused of being driven by FUD (fear, uncertainty and doubt) and scaremongering. But, if vendors and researchers do not raise these problems, commercial interest aside, how will the general public ever become aware of the risks they face?
Additionally if it does not bring unashamedly shocking, colourful soundbites, would anyone pay attention?
Can we really blame people for not wanting to know the intricacies of how their networks are operated? Can we fault them for not having the time to memorise a dictionary’s worth of acronyms and technical terminology?
Unless the industry learns to translate itself into the international language of business, the efforts to open up new markets, to lobby governments for better legislation, to build up a successful business in information security will remain an uphill struggle.
Until then, my friends will recognise McAfee’s name more for his lifestyle and less for his very realistic contributions to the world of security.