Technology and a policy of having isolated networks have been relied on heavily to ensure cyber security. Little has been said about the role of the individual in this matter.
The attitude of users is one of the most significant obstacles to achieving fully secure systems.
Users prefer to purchase or utilise more software features that assist their work, but place little value on security features. In fact, these security features may cause a degree of inconvenience, resulting in users avoiding them.
We should not define the objective of cyber security as building an impenetrable safe box to prevent malicious intrusions and security breaches.
Such an objective would require nearly infinite amounts of resources, which could result in a loss of productivity or in immense inconvenience.
We can learn from real-world parallels.
We have security mechanisms like window grilles, doors and locks to keep our homes secure.
But it is my firm belief that the low crime rate in Singapore is mainly due to the efficacy of our police force and the strong deterrence from punitive laws and measures, rather than the strength of the locks.
Likewise, the behaviour of would-be cyber criminals can be kept in check with deterrence measures such as security features and punishment.
Education can also play an important role in correcting users’ behaviour.
Users should be educated about cyber security and taught basic cyber hygiene habits, such as clearing cookies.
They should also be made aware of the thought processes that accompany decisions which cause them to fall prey to cybercrime, such as phishing.
Hopefully, they can be encouraged to adopt more focused and rule-governed decision-making when it comes to visiting websites and opening attachments.