Cybersecurity is relevant to everyone. In face of competing demands, there is a need to ensure that no one, especially underprivileged communities, would be left out of cybersecurity discussions.
By: Heng LEE, Government Affairs and Public Policy Manager, Asia-Pacific and Japan, Kaspersky
2024 marks twenty years of progress made in the implementation of the outcomes of the World Summit on the Information Society (WSIS), which took place in two phases — Geneva in 2003 and Tunis in 2005. The Summit had set the framework for global digital cooperation with a vision to build people-centric, inclusive, and development-oriented information and knowledge societies.
In commemoration of this milestone, the United Nations’ International Telecommunication Union (ITU) had organised the WSIS+20 Forum High-Level Event 2024, to take stock of the achievements and key trends, challenges and opportunities since the Summit. In particular, this is in support of Sustainable Development Goal (SDG) 4, to “ensure inclusive and equitable quality education and promote lifelong learning opportunities for all”.
Much of Kaspersky’s work sees synergies with this goal. In this article, we will highlight some cybersecurity initiatives in support of ensuring inclusivity and equity. This would be particularly pertinent for underprivileged communities, who are often left out of cybersecurity discussions.
Emphasizing that cybersecurity relevant to everyone
Not too long ago, cybersecurity seemed to be an advanced field which only experts need to be concerned about. But it is rapidly becoming relevant to everyone – if you have a digital device of any kind, you are at risk of a cybersecurity incident.
One example from Kaspersky’s research will serve to show how pervasive cyber threats have become. Recently, our researchers found a vulnerability in a popular model of smart pet-feeders which dispenses pet food at regular intervals and has cameras to check on the pet. What this means is that the pet feeder could be easily hacked, to allow an attacker to gain access to the device, and use the pet feeder as a spy camera for your home. It is a frightening thought, for something that seems as innocuous as a pet feeder.
In another example from Singapore, a lady was buying a drink from a stall when she came across a QR code, inviting her to take a survey for a free drink. She scanned the QR code with her phone, but nothing came on. What she had not realised was that the QR code had led to a link that downloaded a malware onto her phone, and in the middle of the night, the attacker had obtained her passwords, gotten into her bank account, and stolen SGD 20,000. She missed the bank’s notices because they came when she was asleep, and the attackers likely designed for it to be that way.
No one is really safe anymore, and cybersecurity awareness must be present at all levels.
Making cybersecurity education widespread and relatable
This leads to the topic of cybersecurity education, which must be made widespread and relatable.
Given the ubiquity of digital devices, cybersecurity awareness has to be developed from a young age, preferably as part of formal education. This entails literature to inculcate good cyber hygiene habits, and to ensure that basic cybersecurity terms enter the mainstream lexicon. In a book launched by Kaspersky in 2024, called “Cybersecurity Alphabet”, the content covers A to Z – but here, A is for Authentication, B is for Backup, C is for Captcha, and D is for Digital Footprint. These are terms which even adults may not know, and it is a profound reflection of the world we live in and how quickly changes are happening.
Such education efforts need to continued at a professional level, even in companies and industries seemingly unrelated to cybersecurity. This could be a challenge because the manpower resources to do so may not always be available, especially in countries which see a shortfall in cybersecurity-trained personnel. To level up the competencies of the workforce, companies could consider using digital self-learning and gamified assessment tools, which can be quickly made available virtually. Prominent companies which have done so include Volkswagen Group Retail Spain, which exemplifies how digital self-learning can be put to good effect.
Ensuring that emerging countries are protected
There is a pressing need for residents in emerging countries to be protected, even as they become connected. It would be dangerous for any country to think that it is not a valuable target.
The UN-led multilateral system plays an important role in ensuring this. Besides facilitating knowledge transfer and aid from developed countries, countries would also be able to benefit from initiatives which are targeted at member states in a similar stage of development. One prominent example is the ITU’s “Enhancing Cybersecurity in Least Developed Countries” project, aimed at supporting these countries in strengthening their cybersecurity capabilities to better respond to cyberthreats to ensure enhanced protection of their national infrastructure, including the critical information infrastructure.
The public sector alone cannot do this, and the industry should also contribute towards these efforts. In light of this, Kaspersky has worked on foundational capacity building projects, in emerging countries in Asia-Pacific and Africa. These projects involve expert training, and road-mapping exercises for Security Operations Centres. It is hoped that these contributions would help protect Internet users, and maximize socio-economic benefits in line with the objectives of the WSIS.
Empowering women in cybersecurity
Finally, it is important to recognize that pervasive gender biases continue to discourage women from pursuing cybersecurity studies and careers, thereby limiting the talent pool. It is a pragmatic matter to have people on cybersecurity teams with a diverse gender mix, because cybercriminals don’t gender discriminate, and threat actors also have various backgrounds and experiences.
To this end, Kaspersky created an Empower Women campaign in Kaspersky, with its own microsite that is frequently updated with podcasts, and news articles that celebrate the achievements of its women employees. We hope that these initiatives will provide women with the success stories and role models that they need to take the leap of faith into the industry, when they see the expanded possibilities and become inspired of their own futures in cybersecurity.
Connecting the Unconnected: a collaborative effort
The cause of connecting the unconnected is a long-term endeavour, illustrated by the twenty years of work done since the initial WSIS. Ensuring inclusivity and equity in formulating cybersecurity initiatives will become increasingly important, as the world becomes more connected. A concerted effort by the public and private sectors is imperative to maximize the reach of cybersecurity – across age, geography, economics, industry, and gender, to ensure that the solutions created would be sustainable.
