• United States




Creating cyberculture

Aug 22, 20174 mins
Data and Information SecurityTechnology Industry

At what level should cybersecurity be a part of our daily lives?

When growing up, many of us probably heard warnings from our parents to be careful in certain environments—the local woods, a busy side street or at the beach.  Our parents cautioned us out of concern for our well-being, and it served a purpose. 

Their warnings were meant to raise our awareness of our surroundings, and ensure we would exercise care when appropriate. They reminded us that the safety of our environment depended upon the decisions we made. Today, we would be well-served to add one more domain to those danger areas drilled into us: the world of cyber.

Like the woods and the beach where we played when we were young, cyber offers a great amount of reward, tempered with significant risk if we’re not prepared.

How do we evolve to a cyberculture, though? How do we convince people that, for all the positive potential of technology, there is a dark side as well? How do we especially reach today’s digital natives, who have grown up largely responsible for their own security in cyberspace, and take security somewhat for granted? 

It starts with an initial decision: at what level should cyber security be a part of our daily lives? For a cyberculture, in which security is a top-of-mind concern, the answer is simple—cyber security should be as prevalent in our lives as possible. There is one security measure that comes to mind that’s prevalent anywhere we look, from shopping carts, to cars, to airplanes, regardless if we are in Kenya, Kolkata or Kentucky.

Seat belts.

Cyber security needs to become the modern-day equivalent of seat belts that can keep us protected when we are navigating down new roads at high speeds. Yes, cyber security is a ‘security’ issue—but it’s a safety issue as well, for all of us. Nations, enterprises and individuals need strong cyber security—and all these entities need it for both safety and security. Most significantly, cyber security needs to become pervasive at all of those levels, and no one level is more important than another. To create a safe, secure cyberculture, people, enterprises and nations needs to function in as complementary and synergistic a manner as possible.

Assessing capabilities and vulnerabilities

For nations and governments, cyber security must be a prime concern across the breadth of government at all levels and in all functions of government. Last month’s DefCon 2017 gave us an object lesson in protecting the entirety of governmental operations when conference attendees hacked various election equipment in a matter of hours. Assessing the capabilities—and vulnerabilities—of that equipment should be as regular an activity in government as ordering office supplies. It should be part of a cyberculture.

For individuals, the journey towards a cyberculture should begin as early as possible.  We need to make cyber security and good ‘online hygiene’ part of core curricula at the pre-university level, to imbed the concept of security online at the earliest possible levels and ensure that tomorrow’s digital (and eventually cognitive) natives don’t make cyber security an afterthought. Much like many universities already include humanities or similar courses as graduation requirements, we need to give similar importance to cyber security courses at the university level.  

And, just like we would subject potential candidates for a cyber security post to an evaluation of their abilities, maybe it’s time to start evaluating all potential hires—regardless of where they will work in the enterprise—on their abilities to assist in securing the enterprise through sound personal security habits. Likewise, the enterprise should be evaluated on a regular basis for how cyber secure its operations are, not merely from a technical standpoint, but from a cultural standpoint as well. In today’s digital economy, everything is connected; a hack of the cyber infrastructure of one enterprise imperils all with whom they work.

Creating a cyberculture in which cyber security is as pervasive and commonplace as seat belts isn’t a ‘nice goal’—it’s a necessity. We are all part of the digital economy now; our digital footprints span continents, borders and time zones. We’ve all helped to make cyberspace what it is today, contributing to its awe-inspiring power and frightening vulnerabilities.  It’s up to all of us to make cyber security what it can be, tomorrow, and to ensure that future digital natives continue to enjoy the positive potential of technology.

Buckle up… it promises to be a thrilling ride!


Matt Loeb, CGEIT, FASAE, CAE, is the CEO of ISACA, which serves 159,000 professionals with expertise in audit, assurance, security, privacy and risk. Prior to joining ISACA, Loeb was staff executive for the Institute of Electrical and Electronics Engineers (IEEE) and the executive director of the IEEE Foundation. His professional experience includes enterprise strategy, corporate development, global business operations, governance, publishing, sales, marketing, product development and acquisitions functions in a variety of for-profit and nonprofit organizations.

In 2016, Matt named a Fellow of the American Society of Association Executives (ASAE). He is one of only 251 individuals to receive this recognition since the program’s inception 30 years ago. This industry recognition is bestowed on fewer than 1 percent of those working in the nonprofit industry. He was also selected by the National Association of Corporate Directors (NACD) as one of the top 100 Directors for 2016, and honored for this recognition at NACD’s annual Directorship 100 event in New York City in November.

Matt has been on numerous corporate for-profit and non-profit Boards. He currently serves as board chair of Pittsburgh-based Clearmodel, as a director on the Board of the American Society of Association Executives and the ASAE Foundation, both of which are based in Washington, DC, and as a trustee of Excelsior College located in Albany, NY.

The opinions expressed in this blog are those of Matt Loeb and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author