Closing the gap on cyber education

In today’s world, security is no longer only about soldiers with guns standing at reinforced doors, it is much more than that – security is passwords, knowing which attachments to download, which sites to visit and which buttons not to click. Cybersecurity is no longer the exclusive purview of IT professionals, as it requires each of us to participate. In fact, cybersecurity impacts us every single day, and if our nation doesn’t have access to regular and effective cybersecurity education, we’re putting our personal and economic security at risk.

After the massive security breach at the Office of Personnel Management (OPM) this year, the director of the U.S. National Counterintelligence and Security Center announced a new phishing awareness campaign urging people not to click “bad” links.

{mosads}“Forty-seven percent of adult Americans have been the victim of a breach in the last three years,” said NCSC Director Bill Evanina when announcing his new cyber awareness campaign, entitled “Know the Risk, Raise your Shield.”

While this effort, and others like “Stop.Think.Connect.” led by the National Cyber Security Alliance, are commendable steps in the right direction for ensuring a safer and more secure experience online, we’re still falling short of what’s needed to actually help protect consumers and businesses. Due to a lack of cyber education in schools (K-12), today’s workforce isn’t appropriately prepared for the daily onslaught of cyberattacks they face both at home and on the job. To help equip tomorrow’s professionals with these necessary skills, we need to start cyber education about “good computer hygiene” and safe behavior early and often.

Cyber security education must begin at home as soon as our children start tapping apps or icons on tablets, smartphones and other devices. Just as we teach our kids not to accept candy from strangers before their first Halloween adventure, we need to teach them about cyber security before they begin adventuring online.

The good news is that many students in elementary school are already learning about technology – how it works and enhances our lives; however, they aren’t always educated about the security risks associated with this technology. This lack of proper cybersecurity education is an ongoing concern and has perplexed policy makers for several years. It’s critical that our nation’s schools develop real and effective curricula that integrates cybersecurity into the fabric of everything our children do online.

In addition to traditional in classroom instruction, students at all levels can participate in cyber competitions, which are a fun, easy and interactive way to learn about cybersecurity in scenario-based situations. In addition to reinforcing why cybersecurity is critical for protecting our “digital lives,” these competitions also help to foster an interest in IT security careers.

Another approach for teaching students about IT security includes working with organizations that encourage them to become more familiar with science, technology, engineering and math (STEM) career opportunities at a young age. For example, we recently partnered with LifeJourney to engage middle school and high school students online to provide insights about cybersecurity careers from Kaspersky Lab mentors. These sessions provide students of various ages with insights into what a career in cybersecurity offers, how to get involved, and why cybersecurity is such an important issue to learn about today.

While cybersecurity education for young people is crucial, we can’t forget the importance of educating the workforce, an important step that is often not executed properly or completely overlooked. As a frequently targeted group, employees should have a strong understanding of corporate security risks and how they each play a key role in helping to keep a company’s network safe from a cyberattack. A regular cybersecurity training program for the workforce can help ensure employees are knowledgeable on IT security best practices, and there are several training programs and frameworks available for companies to explore from both the government and private sector.

Cyber education needs to be a priority at home, in schools and in the workplace. There isn’t a simple, easy fix given that effective cybersecurity education must adapt and change throughout an individual’s lifetime to address the challenges of the evolving threat landscape. Much the same can be said, too, about our leaders in government. The cyber threats changes so fast – and carry such out-sized potential harm – that policymakers also must be vigilant to stay informed and educated about the trends in this space.

As a nation, we have the tools needed to turn the tide and significantly improve the state of cybersecurity, and education is the key to bringing our collective knowledge to a level that provides adequate protection. By working together to develop effective curriculum and ongoing workforce training, policymakers, educators and industry will better equip Americans to combat the cybersecurity threats we face both today and tomorrow.   

Doggett is managing director at Kaspersky Lab.