Canadians know far more about how to use digital technologies than about how to protect themselves and others from vulnerabilities created by those technologies. To counter the growing range of cyber threats, this gap in knowledge and awareness needs to be closed, says a Conference Board of Canada report, It’s All About You: Building Capacity in Cyber Security.
The report, which is available as a free download (PDF) from the Conference Board of Canada’s e-library (free account registration required), was produced with the support of the Centre for National Security. The Centre provides a trusted forum for public and private sector organizations to engage with each other on the critical issues affecting Canada’s national security today and in the future.“As individuals, we fail to make good cyber-risk decisions because we lack a thorough understanding of how we are vulnerable and what could happen as a result. We therefore do not participate effectively in what should be a “whole-of-nation effort” to counter threats to people, organizations and the country,” said John Neily, Director, National Security and Public Safety.
The report finds that knowledge and awareness gap exists at three levels:
- Scope – Cyber threats exist at the national, organizational and individual levels. Most users pay attention only to threats that affect them directly, such as spam and viruses. But governments and businesses must contend with threats to digital infrastructure stemming from intentional sabotage, human error, accidents, and natural events. They also must deal with the risks of online crime, espionage and (military or ideological) conflict.
- Technology – When the internet was designed, security was not one of the priorities. Digital technology makes it too easy for cyber-criminals, cyber-spies, and cyber-activists to harm businesses and challenge the power of governments.
- People – Individuals represent the greatest vulnerability to digital security, but they also are indispensible in making cyberspace more secure. People must become more aware of threats and their potential consequences. However, it has been difficult to date to motivate the average user to take cyber threats seriously.
Leaders in both the private sector and government – both of which have made major investments in digital infrastructure —need to deepen their knowledge of the potential threats, so they can improve the effectiveness of cyber security policies, programs, and technologies. In addition, enhancing the digital skills and literacy of Canadian users and improving the guidance parents, teachers, and peers give to young people concerning the use of digital technologies should be a priority.