Creating this baseline will enable us to build further cyber skills across organisations, as well as remove barriers to entry and enhance cyber as a career for any who desire it. But to achieve this, we need a framework that binds together the education system, government bodies, private organisations and professional bodies. While the Cyber Security 2020 Strategy identifies varying cyber crimes and threats under focus, it does not note the roles and strategies these players will fulfil to address these challenges.
This responsibility needs to be shared and distributed across all sectors by implementing standards and frameworks. It can include numerous simple tools: a phishing email video before a user accesses their email account; an ad on how to protect data and privacy before logging into a social media account; privacy protection messages when logging in to an online bank account; cyber bullying awareness in schools; making it easier to report cybercrime, and combining cyber security education with other degrees.
The simplest solutions and ideas will be the most effective and resonate most with individuals. Stranger danger is understood when kids go out to play, but what about the threat posed by people online? Do we need to have universal baseline cyber protection measures in place for each industry, such as banking?
Within this, we see the government’s role as being a vocal advocate and promoter for this fundamental shift in how Australians understand cyber security. Australia has a rich history of successful nation-wide public awareness campaigns. Though now decades old, “slip-slop-slap" is still so ingrained in the minds of most, that skin cancer awareness in the public consciousness is second nature. Equally “stop, look, listen, think” is instinctively repeated in our minds before we cross the road. A similar approach needs to be implemented to integrate cyber protection measures in the psyche of individuals, regardless of age.
For businesses, their role will be to explicitly acknowledge and focus on the need for cyber skills to be embedded across all industries. Right now, cyber security is where health and safety was 30 years ago: disparate, patchy and often optional. A more concerted effort will see cyber security undergo a similar evolution to be a key part of employee safety – from initial inductions when they start a role, all the way through their employment at that organisation.