There seems to be an Awareness Day for almost everything now. Some – like Lost Sock Memorial Day – are clearly tongue-in-cheek. Others are for worthy causes, such as Earth Day and World Mental Health Day, which draw attention to genuine issues and help to increase public consciousness. The April-May period is a particularly busy season for cybersecurity Awareness Days. We had World Cloud Security Day on 3rd April and 9th April was Identity Management Day; whilst 2nd May is World Password Day and 12th May is International Anti-Ransomware Day.
Don’t get me wrong, I see the vital importance of passwords, identity management and cloud security. But take World Password Day as an example. Started in 2013 by a well-known tech vendor, it aims to draw attention to the need for strong passwords to protect individuals and companies. And yet, research shows that today – more than a decade since the first World Password Day – millions of people globally still use things like ‘123456’, or their name, as their password. This begs the question, has World Password Day really made a difference, or is it just a day for marketeers?
Perhaps I’m being a bit harsh, and I have nothing against marketeers, but every day of the year seems to be trying to build awareness around an issue of some kind. The majority become meaningless, lost in a vast ocean of consumer apathy and fatigue. Sadly, this also means the impact of the worthy causes has been diluted.
For the cybersecurity profession in particular, I am sure that engagement around events like Identity Management Day would be low in most organisations – if they observe them at all. Speak to the average person on the street and they probably wouldn’t know the day exists, or care particularly about it. Any cybersecurity practitioner worth their salt would hopefully also agree that teaching their colleagues about the importance of security must be continuous, and any attempt to drum up support or interest about issues shouldn’t be based around an Awareness Day.
The cybersecurity profession can’t rely on novelty to spread its message. We have to find a way to cut through to colleagues. But in an industry that is innately jargon-filled and perceived to be technical, this can be a challenge. Making cybersecurity seem accessible and achievable – rather than irritating or threatening – will be vital to the success of our profession. This is why communication has become such a vital skill for cybersecurity professionals.
There are many ways in which CIISec can help professionals to develop effective communication. We have our skills and development frameworks that outline industry-wide standards. We also offer a path to becoming a chartered cybersecurity professional, equipping you to communicate effectively through continued learning and development. Our events, such as CIISec Live, offer an opportunity for professionals to come together to discuss a path forward for the industry. And we have a guide to inclusive language developed in partnership with ISC2.
We can’t fight cybercrime alone, and by framing cybersecurity issues in language the everyday person will understand, you can drive engagement much more effectively than promoting an Awareness Day.
