Guest Post by Greg Young<\/p>\n
Cybersecurity is often about connecting dots, and sometimes the rationale for those connections isn\u2019t immediately obvious. I can remember when folks argued that privacy was not related to security, but those dots are clearly connected today. So why are we talking about connecting the dots between cybersecurity and media literacy? Being \u2018literate\u2019 means having the ability to both read and write.\u00a0So \u2018media literacy for cybersecurity\u2019 is a two-way street, meaning that being media literate involves understanding both the consumption and contribution of news and information related to cybersecurity.<\/p>\n
This type of media literacy involves asking questions like \u201cIs this fake news?\u201d, \u201cIs this email a hoax or scam?\u201d or \u201cIs this a real article about an attack or is it just a repeated myth?\u201d In the past weeks, there has been controversy concerning the validity of a story about computer hardware being tampered with via the supply chain.\u00a0 If the story is true, this is a significant call to action. But the concerns over the accuracy of the story have kept most organizations from acting. \u00a0Just today, during a group call, we were discussing a publicized attack and the first question we asked was \u201cDo we know if this is even real?\u201d<\/p>\n
Cybersecurity is interesting because the news items can be so compelling. It\u2019s the nature of an industry based on knowing about attacks to digital systems and information and defending against them. \u00a0With so many sources of news and media, it\u2019s important to understand if a story related to cybersecurity is sponsored by a vendor. If it is, it\u2019s crucial to determine how the content is moderated or edited, or if it\u2019s a full-blown advertisement. I\u2019m cautious of \u201ctop product\u201d lists unless there is a clear methodology and it isn\u2019t just an ad masquerading as an article (sometimes known as an advertorial). \u00a0I was just speaking with a colleague this week about the assertion that a large security vendor made years back at an RSA Conference that \u201cin four years there will only be four security companies.\u201d \u00a0This opinion (clearly a bad one) was misguidedly treated as fact.<\/p>\n
Another media issue to be aware of is when a state or lobby organization backs news or articles and it is positioned as neutral reporting. Recognize when there is an axe to grind, and when that position is truly being assessed and reported on without bias. Attribution is a tricky issue in the world of cybersecurity and can often conceal someone\u2019s true intentions. It\u2019s important to ask ourselves what someone else could benefit from angling the news this way.<\/p>\n
The good news is that the cybersecurity mediascape has matured and there are many \u2018known\u2019 reporters and writers who do their due diligence to understand the facts and report on them without bias. We encourage the public to get to know who these voices and sources are, and to trust and follow them closely. As in many other areas of journalism, reporters can change publications quite often, so it\u2019s important that we all understand the difference between a source publication and the reporters behind it. It\u2019s like following a sports team versus the athletes themselves.<\/p>\n
Being media literate in the world of cybersecurity means knowing the credible journalists covering the stories about this industry. They are the ones who are very concerned about separating fact from opinion, disclosing any conflicts or biases, and helping readers and viewers understand what is being directed to them. They uncover the truth and say no to fear, uncertainty and doubt.<\/p>\n
During Media Literacy Week, take a moment to ponder the importance of the media in this industry, and be a bit more involved in how you assess and access the news and information created because of it.<\/p>\n
About GregYoung<\/em><\/span><\/p>\n Greg\u2019s focus is on enterprise class security. Greg is keen on sharing the reality of security in larger organizations, and how business can be done securely in those environments. As a Research Vice President with Gartner for 13 years Greg advised thousands of companies and governments on how to better secure themselves, evaluated and advised hundreds of security vendors, and has seen those same technologies successfully used, abused, put on a shelf, or pushed into a deep hole and never to be spoken of again. At Gartner he led research for network security, threat trends, data center security, cloud netsec and microsegmentation. He authored more than 20 Magic Quadrants for firewall, IPS, WAF, and UTM, and was Conference Chair for 4 Security Summits. He headed several large security consulting practices, was CISO for the Department of Communications, and was Chief Security Architect for a security product company. He was a commissioned officer in the military police and counter-intelligence branch working as a Certifier\/Accreditor at the national authority, and received the Confederation Medal from the Governor General of Canada for his work with smart card security. Greg was named in the \u201c12 Most Powerful Security Companies\u201d and as one of \u201c100 Most Powerful Voices In Worldwide Security\u201d. Greg too often mentions he was an extra in 2 episodes of Airwolf. Favorite Quote: \u201cKnowledge is of no value unless you put it into practice\u201d \u2013 Anton Chekov Chat with Greg on Twitter via @OrangeKlaxon and on LinkedIn<\/p>\n","protected":false},"excerpt":{"rendered":" Media Literacy in the world of cybersecurity is interesting, challenging, but very important because the news can be so compelling. It\u2019s the nature of this industry to know about attacks to digital systems and information and defend against them quickly. \u00a0With so many sources of news and media, it\u2019s important to know which ones are credible and which ones are not.<\/p>\n","protected":false},"author":2,"featured_media":1389,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[3,4],"tags":[97,47,6,5,48,10,23,55],"class_list":["post-1387","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-for-parents","category-for-teachers","tag-cybersecurity","tag-digital-literacy","tag-education","tag-internet-safety","tag-media-literacy","tag-online-safety","tag-privacy","tag-security","wpautop"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts\/1387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/comments?post=1387"}],"version-history":[{"count":0,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/posts\/1387\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/media\/1389"}],"wp:attachment":[{"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/media?parent=1387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/categories?post=1387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.trendmicro.com\/internet-safety\/wp-json\/wp\/v2\/tags?post=1387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}