Cybersecurity trickle down isn't working and George Washington would've known it.

In the 18th Century, the British Army was the best - countless battles and numerous victories. Their effect was absolute and unmatchable - or so it seemed. Ole' Gorgeous George W knew that having any chance at success against the Lobsterbacks would mean not fighting them on traditional terms - two national armies warring head to head? Yea, that wouldn't work.

Washington not only recognized the crucial tactical advantages of militias using guerrilla tactics against the Brits, but he also appreciated that the love of the nation and its defense must start at the local level. This began with Americans' willingness to defend their properties and families on their own and with neighbors. From the bottom up, this spirit created militias and a solid, steadfast, and victorious Army; the same that maintained it's self-defending spirit to become the best Army of the world. One of Britain's downfalls was that their Soldiers were fighting as a large behemoth, without the local reach the American's enjoyed.

I've begun to view cybersecurity and digital protection in similar manners. Before I get into that, some background:

Cybersecurity is a strategy, framework, and industry invented to protect the big guys: governments,
businesses, etc. And it made sense - these were the first victims of cyber attacks and had the most to lose. The rest of us might've accidentally download some spyware, but our personal information wasn't nearly as at risk back then - mainly because it wasn't as available and no bad guys really saw value in it. The Internet started out much more like a park, with free and open access, with the intent to share information and without little concern for security or privacy.

The good thing was that these companies and governments got better at cybersecurity - they hardened their defenses. The bad thing? Hackers decided it was more economical to attack a higher number of unprotected little guys for less money and with less of a chance of getting caught.

The problem with all of this was that we started at the top - we started with the large national army of cybersecurity, just like the Brits. But a large national army can't defend every individual citizen or their small businesses. Us citizens, if we rely on someone else for protection, are defenseless.

Enter what I call digital protection or a concept of cyber self-defense. At the end of the day, governments and businesses just can't and won't enable all the protective measures to keep you safe online. There are things that only you can do to protect yourself, your identity, family, or small business. Things like keeping track of long passwords, setting up data backup, enabling two-factor authentication, locking your credit information.

And I'll be the first to tell you that the tools that are out there are confusing and the explanations of cybersecurity concepts can be way too complex. But they don't have to be...

There's hope! I'm not comparing myself and ENABLD to George "I cross the Delaware on a sneak attack on
Christmas" Washington, but what I'm saying is that it's time to arm the populace (digitally). It's time to teach self-defense classes and teach the citizenry and small business owners, who have the least to spend and the most to lose, the tools they need to understand and use to stay safe. This is security from the ground up.

And by working our way up, the small, but critical gaps that the large government organizations and big businesses have that always lead to the big breaches and our personal info getting stolen - like the employee with reused password - will start to shrink, thanks to a more informed citizenry.

An American Cyber Self-Defense League? Hmm, sounds like we'll need some cool uniforms or capes...


Popular posts from this blog

Cybersecurity CEOs: find your "big why" or get out of the way

What Facebook Must Do To Regain Our Trust

Zuckerberg moved too fast, and it broke