The sex education movement began in 1986 after the Surgeon General’s Report on AIDS called for a nationwide education campaign. We were facing an epidemic and it was growing at an alarming rate. That year, the World Health Organization (WHO) reported more than 38,000 cases of AIDS. Compare that to today: 78 million people have been infected and 35 million people have died.
The worst pandemics happen as days turn into decades and symptoms go unnoticed. Bill Gates spends much of his life on this topic, and he’s right. He said, “We don’t know when the next pathogen will emerge, what it will be, how it will spread, or who will be affected, but we do know that the world is not prepared to deal with it.” Our response to AIDS, SARS, and Ebola are all examples that makes his prediction very real. His advice — get ready, it could happen tomorrow.
But what if the next pandemic begins digitally, not physically? Nobody is thinking about it that way, but turning a blind eye to cybersecurity is akin to ignoring a pandemic. With that, I want to clarify one thing: I have no intention of downplaying the significance of AIDS or making light of it in any way. Human devastation — for individuals, families, and nations — is truly the risk we take if our cyber habits stay status quo.
Meanwhile, the headlines you see about political hacking and mega breaches pose digital security as a problem for world leaders and CEOs. Yet, we are addicted to our 24/7 news feeds, downloading apps like it’s our job, and hooking up with people all over the world through social media.
We’re also turning to each other for cybersecurity advice because there isn’t an effective education program about staying safe online. But one of the most valuable lessons we’ve learned from AIDS and sex education is that awareness saves lives. The number of AIDS-related deaths is now down by almost half from its peak, and unplanned pregnancies are at their lowest levels in 30 years.
Now consider this: more than 3.2 billion people use the internet globally, according to a United Nations (UN) council. More stunning is a prediction by Gartner that estimates the number of internet-connected devices will skyrocket to 21 billion by 2020 — that’s three times the number of people on Earth. From connected toys, watches, and cameras, to smart appliances, drones, and connected cars, we are outfitting our bodies and homes with the world’s coolest technologies by the minute.
The Internet of Things (IoT) offers us incredible goodness, from smart cities to better healthcare to poverty relief. At the same time, the IoT provides hackers with an ever-expanding attack surface under the radar — just like HIV can spread undetected when safe sex habits aren’t observed. In fact, 80 percent of IoT devices aren’t even tested for security flaws. Worse, they all have simple default passwords, set by the manufacturer, for accessing the internet. We are supposed to change those passwords before use, but we don’t. It’s a huge miss and hackers know it. They’re accessing these devices and instructing them to attack, together, as one big botnet.
If that sounds like a storyline only made for Hollywood, take a look at the denial of service attack on the East Coast of the United States a few months ago. Hackers used malware, called Mirai, to take control of IoT devices. From there, they attacked domain name service company Dyn with such an influx of junk internet traffic that the company went dark. When Dyn went dark, so did their customers, like Amazon, Netflix, Spotify, Twitter, and PayPal.
Now imagine if Dyn were the world’s largest power plant or water company. The results would be devastating if millions of people lost power or water for too long. But let me ask you the most important question I have today:
If you could prevent a tragic cyberattack from happening, would you take action?
I hope so, because we can prevent this if we treat cybersecurity like the Surgeon General treats an outbreak. The first thing we need to do is initiate a global education campaign on cyber hygiene — one that is government-funded and far bigger than what we have today. We need the full support of world leaders and organizations, including the U.S. President, the Department of Defense, the UN, and the WHO. Yes, I am serious about needing the UN and the WHO. Why? Because the ultimate implication of billions of people with bad cyber hygiene is loss of life, especially if a cyberattack is the root cause of infectious disease that spreads when people cannot access food, water, or power.
The reality is almost all breaches start with the everyday person — not the hackers. If you want data behind that fact, check out this article from CIO.com, “People are (still) the biggest security risks” or “The biggest cybersecurity threats are inside your company” from Harvard Business Review. You can also test yourself with a few simple questions: When you received breach notifications from Target, LinkedIn, or Yahoo, did you change your password immediately? How about when your security software last expired — did you renew it? What about that link with a “critical update about your shipment” or an “urgent notification from your bank” — did you ignore those?
If your answers are No, No, and No, I’m not surprised. Even if you answered Yes on the last question, chances are you’ve fallen for a phishing campaign and never knew it. You think you’ll never fall prey, but even the savviest techies still click on malicious links, download fake attachments, and leave their IoT devices unprotected. That’s how hackers are getting inside our homes, businesses, and governments — it’s easier than getting an STD from unsafe sex.
As President Trump takes office and Rudy Giuliani begins work as head of Trump’s “cybersecurity commission,” I hope they shift their focus from foreign hackers and specific attacks to a more balanced strategy. One that promotes cyber education in a much bigger way. Like we teach our kids that washing their hands is a non-option, or how we’ve incorporated safe sex campaigns into schools globally, we need the same level of attention on cyber hygiene.
Imagine the attacks we could prevent if all 3.2 billion internet-using global citizens practiced safe cyber. How would hackers get inside our critical systems then? What hacks would never happen?
Remember that education is power. It’s also a basic human right.