The IT chiefs of Australian universities have endorsed Sam Kekovich’s over-the-top Aussie lamb ads as an example of best practice behaviour change campaigns that could be emulated to boldly bolster the nation’s cyber security attitude.
The Council of Australasian University Directors of Information Technology’s (CAUDIT) submission to Home Affairs’ 2020 cyber security strategy consultation listed community awareness as one of the significant hurdles in lifting Australia’s security.
CAUDIT cited a litany of public awareness campaigns that garnered international attention and embedded themselves in the Australian psyche, from its history of star-studded tourism campaigns through to anti-smoking and ‘slip slop slap’ SunSmart ads, that could be emulated to reduce the mounting costs of cyber incidents.
Sadly, Sam Kekovich might not be available for such duties between his jobs touting other local products, including IoT aged-care services.
While such ads could be used to promote basic security hygiene or encourage lifelong cyber training (to protect the less tech-savvy “low-hanging fruit” of older generations), they “should not rely on shock value to land the cyber message,” the submission stated.
“The campaign should have a simple enough message yet to a large degree persuade the targeted audience [to] understand the importance of cyber security and become more cyber aware.”
Having a more savvy general public would thus put pressure on service providers and manufacturers to treat security as a commodity and better safeguard their products and backend, CAUDIT argued - tying into another major theme from its submission.
Despite highlighting the fast-paced and volatile nature of digital security, CAUDIT’s submission calls for a ‘cyber awareness’ emblem that could be attached to reputable brands and products.
It said a “readily recognisable emblem for goods and services” would establish a “base level” of cyber protection for consumers.
“This will identify organisations and services that are cyber leaders while also raising awareness with the community and may provide competitive advantages to organisations that adopt the emblem.”
However, unlike efforts from Google to nudge communities into better security practices by promoting HTTPS over HTTP, an ‘emblem’ or stamp of approval would be difficult to enforce for a number of reasons, least of which is the fact that fraudulent actors could claim to be certified as safe or a new threat could pop up and render the emblem obsolete for a number of services.
It also skates over the fact that, in CAUDIT’s own words, “cybersecurity is best addressed as a continuum”.
There’s also the issue of who’d check the security of service providers, how thoroughly they’d check, how long the emblem would be applicable, and who would pay for all of this.
None of which was addressed by CAUDIT’s submission.
Unsurprisingly for a group of university staff, CAUDIT also calls for greater training in how to recognise and respond to incidents.
“Education is a key component of the cyber security ecosystem.
“The uptake of Information Technology related studies has also gone up by about 25 percent in the past five years.
“The conditions are right for the government to ramp up efforts to embed cyber security in education and training to produce a highly skilled cyber security workforce. The focus should be on lifelong learning, commencing through school, embedded in graduate qualifications and incentivised through ongoing professional development ensuring future generations have digital and cyber literacy in their DNA.”
It also spruiked the usefulness of micro-credentials - short courses recognised by institutions as counting towards a larger qualification or serving as a way for industry to upskill its employees in a select area with the time burden of doing a full masters degree.
CAUDIT also suggested channeling more funding towards organisations like AustCyber to support Australian companies and the security industry in working together to tackle problems.