The industry has a dynamic role to play in the new cyber security strategy. Professionals must actively defend against, investigate, and shut down cybercrime. However, as experts, they are also called to increase situational awareness and provide accessible information for the community. In an industry filled with high-level, jargon-rich subject matter, how can the experts simplify the importance of staying safe in the digital world?
Australia’s new cyber security strategy
The main purpose of Australia’s cyber security strategy 2020 is to protect our digital economy. In the face of increased state-sponsored threat and cybercrime, national sovereignty is also a great concern.
Governments are called to protect Australian data, combat cyber crime on the dark web and protect critical infrastructure. Businesses must grow a skilled workforce and take steps to block malicious activity. The community is called to:
‘Access and apply guidance and information on cybersecurity… report cybercrime [and] access help and support when needed.’ 
However, this is easier said than done. It is a challenge to get the community to care about security and apply good practices in their daily life. This is due to a variety of reasons:
Cyber security is not acknowledged enough in the mainstream
In our digital society, cyber security is not given enough limelight. It is easy to make claims about the importance of a subject when you are operating within the midst of it, when it is the very substance of your work.
However, for a lot of Australians, cyber security isn’t something they really see or do every day. It is typically recognised in the mainstream when something catastrophic happens, like a death due to ransomware attack, or major attacks on the government.
Cyber security can be intimidating
On that note, since cyber security is only highlighted when something negative happens, it often connotes danger and devastation. The way that it’s discussed makes it seem like an uncomfortable, unapproachable subject.
Moreover, people do not see immediate effects when their information has been compromised because the nature of a lot of attacks is clandestine by design. Not being able to feel a tangible, instant impact of something so threatening means that cyber security is labelled as ‘the unknown.’
Cyber security is like a foreign language to some
Pretending cyber security issues don’t exist is no longer an option
Security measures are often pushed to the wayside in exchange for comfort – because who really cares about something when they don’t fully understand it?
But cyber security is a necessary part of our lives, it is a concern that transcends the online world.
It is even more of a universal responsibility with current work from home behaviours. In every action we do during working and non-working time, we are producing masses of data. Data that criminals want, data that they can use to exploit people’s lives.
Being safe online is compulsory.
So what is the industry’s real role here?
If industry experts take anything away from the new strategy, perhaps let it be this:
We need to change the way we speak about cyber security.
Security professionals need to cater their approach to those that are not considered ‘well-versed’ in security. These are the most vulnerable people in our community. If we are all supposed to be ‘on top’ of cyber security, shouldn’t we all have some basic understanding of it?
What do we mean when we say we need to change the way we speak?
1. First, start with contextualising your conversations
As we mentioned in a recent blog post, it is essential that professionals (particularly people like project managers and penetration testers) have the ability to delineate security endeavours and issues in easily digestible ways. Always keep in mind who you are speaking to – keeping it accessible means keeping it a priority.
2. Demystify that cyber security experts are infallible
3. Champion proactivity and awareness
To be conscious of security issues around you, you don’t have to be a technical genius, but you do have to be adequately prepared. As the old adage goes: ‘an ounce of prevention is better than a pound of cure.’
4. Speak about cyber security in terms of reward, rather than guilt.
We need to shift the tone of security away from a terrifying, massive undertaking. Speak about security successes more, recognise that is a great asset for productivity and innovation.
5. Dismantle the heavy, jargon-rich way in which we speak about information security
Empower people to get a grasp on cyber security by simplifying it! Using terms that are wholly removed from a non-expert’s vernacular can be damaging to the overall cause of security and raising awareness.