Technology has been a savior during the pandemic, enabling tens of millions of people to work, study, and shop from the safety and comfort of their own homes. Unfortunately, it has left the door open for bad actors.
Cyberbullying on social media and popular chat rooms has increased by 70 percent since the outbreak of COVID-19. Ransomware attacks jumped 20 percent globally in the first half of 2020 and more than doubled in the US, disrupting businesses, government agencies, and hospitals struggling to care for coronavirus patients. Spain has experienced a 70 percent surge in phishing attacks, many trying to trick seniors with false information about the virus.
Law enforcement, information technology specialists, and software tools can blunt many of these threats, but they are woefully outgunned. What we need to do is mobilize an army – all of us.
People are the first line of defense because most cyber incidents stem from human error. That requires education efforts that start early in primary school, when most kids are already online; continue through university and on into workforce training, to keep skills up to date; and help seniors protect themselves.
In this issue of Ready or Not, we look at how governments, businesses, and institutions around the world are making cyber education a lifelong goal.
With economic and social activity moving online faster than ever, universal cyber literacy will be as important for the prosperity and security of nations in the 21st century as the ability to read and write was in the 20th. This lesson can’t start too early. Consider that nearly half of American children aged three and four use the internet at home, and that one in four youths in the United States will experience identity theft or fraud before turning 18.
Singapore’s educational system starts cyber wellness instruction in the first year of primary school and integrates it across multiple subjects rather than treating it as a standalone topic. The United Kingdom’s National Cyber Security Centre teaches children as young as 11 how to avoid common passwords, what information is collected every time they use social media, and how to track down “patient zero” when a cyberattack hits.
Such programs explain why the two countries perform so well in our new Cyber Risk Literacy and Education Index. It ranks 50 geographies, including the European Union, on the cyber savviness of their populations, and on government policies and business practices that promote safe online habits. Singapore and the UK rank second and third overall, behind Switzerland, and come in first and second on educational policy, one of the index’s five drivers.
The Top 15 Countries for Cyber Literacy
Education can’t stop on graduation day if we are to be safe. The need is simply too great. The global shortage of cybersecurity professionals is estimated at 4.1 million, far greater than the 2.8 million people currently working in the field.
Israel shows how a coordinated approach can develop a nation’s cyber expertise and turn it into a booming business. The government declared a goal of becoming a global power in cybersecurity in 2011. Thanks to mandatory military service, the Israel Defense Forces serves as an incubator of cyber skills. And a vibrant startup culture has fostered an industry of more than 400 cybersecurity companies that attracted 15 percent of global venture capital funding to the sector last year. That helps explain why Israel ranked first in our index’s labor market driver.
The US has a talent shortage despite its massive tech sector. To fill the gap, workforce development specialist iQ4 in 2015 forged a Cybersecurity Workforce Alliance with major financial institutions and the City University of New York to provide cyber instruction and virtual internships. Nearly 3,000 students have taken the program and graduated, and roughly a quarter of them are now working in cybersecurity.
“There’s no technology that captures lifelong learning,” says Frank Cicio, chief executive of iQ4. “We built a skills management platform. Think about it as a supply chain for human capital.” The alliance now boasts over 2,700 members from industry, academia, and government, and aims to provide internships to more than 10,000 US students through 2022. It also is launching a similar cybersecurity program in Singapore.
The job of cyber safety can’t be left just to the professionals, though. Simple employee negligence, such as forgetting to lock a laptop or allowing someone to steal credentials, accounted for more than two billion of the five billion records stolen in 2018. Over half of UK employees lack the basic digital skills needed for work, including knowing how to avoid suspicious links and pop-ups.
Companies can reduce these risks by developing a cyber-resilient culture. That requires a long-term commitment and measurable goals, such as the percentage of staff participating in one or more cyber awareness campaigns a year, staff performance on phishing drills, and the percentage of workers who install security patches only at the point of “forced install."
Israel Leads in Innovation-driven Demand for Skills in the Labor Market
The need for cyber education also extends well beyond the working years. Online crime targeting US adults over 60 has surged, costing $650 million in 2018. More than one in five Australian seniors surveyed said they had been targeted by internet scams touting bogus relationships and investment schemes.
Australia’s eSafety Commissioner tailors advice to older internet users on how to avoid scams, use secure passwords, and download and save vital documents. Ireland is developing a public awareness campaign on avoiding cyber risks targeted at seniors.
Cybersecurity is a huge challenge but also an opportunity. We all have a stake in the game. By working together, governments, business, and individuals can make our digital world safer.
Trevor Pawl
Michigan's first Chief Mobility Officer