Print

Introduction

For several years security team numbers in organisations have grown along with budgets and the tools available for protecting large enterprises. Yet there have been an ever increasing and largest number of data breaches over the same period every year. This contrasts greatly to the home environment, where there has been little to no new skills or knowledge development to protect the home, no increase in security spend and very little innovation in tools available to protect home users.

With such a vast difference in the two environments, what can we assume about the home environment on the basis that security professionals already believing that there are two types of businesses, there are "those that know that they have been breached and those that don't." That thinking would most definitely mean that most home environments are already breached!

If this is the case why isn't something being done about it and why is it not happening quickly enough and why don't security professionals know about it?

 

Why Security2Live?

 

Humans have become more technology lead than ever before!

The world has changed, everything is becoming digital and is marketed as being ""Smart"", yet with every ""Smart"" device the attack surface of an individual, their family, friends, and homes grow at a faster rate than any other time in history.

Despite the attack surface of individuals growing at unprecedented rates, individual skill levels to deal with the risk have in theory stayed the same but in practical terms have been reduced in proportion to the attack surface. If the two things continue to diverge from one another without any direct action to change this, the chances are that in a few years individuals will not be able to use technology without a successful attack on them through one or more of the devices or technologies they use. We believe that direct action needs to be taken and that it should be action that everyone get involved with both in terms of improving their digital safety skills and in facilitating the skills.

Here is a non-exhaustive list of the reasons we believe that action needs to be taken now.

 

What is Security2Live?

Security2Live is a joint initiative with three Founding Partners working with Virtually Informed to work with leaders around the world "to raise the skill level in the Digital Safety Skills of ordinary people so that they are less of an easy target for criminals and service suppliers wanting to take and use personal data for their benefits regardless of the "individual".

 

What does Security2Live wants to achieve?

The Founding Partners have created their Founding Principles to state their thinking on what they would like to achieve on Digital Safety Skills, which are available here. Very simply, Security2Live wants to ‘raise the bar of security education of all people so that criminals will not be able to utilise the low level attacks they have successfully used for years. We want to raise the bar on a yearly basis, and along the way to create a barometer of the general level of skills in each country. This level can be used by enterprises to guide the skill level they want to achieve.

 

What we want to help people to be able to do?

Security2Live wants to firstly, achieve a raise in the Digital Safety Skill level of individuals and secondly, to encourage and assists them to have conversations and share their learning with others; because we believe that real change won't come from enterprise awareness training courses but people having conversations with other people their know using the language and words that are most familiar to them and their peers.

 

Why Security2Live?

We are doing this because:

 

How will Security2Live achieve its aims

Security2Live will achieve it aims by:

 

What we will provide?

Security2Live will provide a collection of selected, fit for purpose re-usable resources for use by anyone who wants to raise their Digital Safety Skills by learning about security and privacy, and to be able to help others to do the same.

A range of resources for individuals, families and friends to have more intelligent discussions about security and privacy risks with others, and to take actions to protect themselves from those risks.

The resources we provide may also be used by employers to promote good practices by their employees in their home environments.

We are working on the principle that "a rising tide raises all ships" and that raising the current low bar which exists for people has facilitated the success of criminal activity can only be raised by a conscious effort by everyone in society.

We also hope to provide online and live training webinars and events with expert speakers and lots of useful free tips, tricks and tools.

 

Getting involved

There are many ways that everyone can get involved, it depends on who you are and what your interest is, including the following:

We will be updating the above information to make it easy for individuals, organisations and employers to participate soon. If there are other ways that you would like to help us, please use the Contact Us page to get in touch with us and we will get back to you.

We will soon be publishing a list of activities provided by our supporters.

Help us to provide resources to improve digital safety skills here

Or,

Help us in other ways to support to make a difference here.

 

What Security2Live will Provide 

The Security2Live Initiative will provide resources to raise the skill level of end users by providing resources that enable two key objectives:

Inform the reader on the topic (the width and breath of coverage), why it is a challenge, what are the risks, how the risks can be dealt with by changing behaviours, how the risks can be dealt with by technology solutions and finally how to respond if there has been a compromise.

Inform the reader on how they can share the information and what they have learnt, on a one to one, small groups and larger community groups.

These objectives will be achieved by providing a range of resources, including:

 

The Founding Principles of Security2Live

Every week the media and analysts release details of data breaches and data breach reports telling the world that people are the problem. Whether it is passwords, or phishing, the security industry is pointing the finger at those who don't know how to deal with the issues. We believe that the responsibility lays clearly with those who have pushed compliance based awareness exercises for many years.

These founding principles were produced to help guide the Security2Live Founding Partners to work on a better approach that will bring about real changes for those who really matter – the people.

1  Everyone has the right to basic Digital Safety Skills, resources and support

Existing efforts to assist people have focused on raising security threat awareness to urge users towards more secure behaviour. Security2Live is a fundamentally different initiative aimed at providing people with the digital safety skills and tools needed to respond to threats with the knowledge that simple acts can be effective.

Digital safety skills must be accessible to everyone regardless of employment status and current skill level. The skill level required by people to protect their security and privacy may change from one year to the next not only due to cyber criminals having to target a more skilled population, but also because commonly used technologies change. Raising digital safety skills must not be seen as a once or twice a year effort, it is a continuous journey that may require less effort over time. This initiative will promote digital safety skills throughout the year as well as leveraging selected awareness events.

Access to these skills should start when people are given access to digital technologies. Access must extend to support, particularly for people who either haven't or are unable to benefit from these skills and resources. To this end we believe everyone should have access to at least one person they can speak to for digital safety related help and support.

2  Raising digital safety skills is a collective responsibility

Every organisation or person who wants to join us in raising digital safety skills will be welcomed to do so. Current efforts have been seen to be the domain of a few organisation working individually and have not provided strategic leadership in raising skill levels. No single commercial organisation should claim to have a monopoly on this.

The Initiative will create and nurture several participation and support activities for individuals and organisations to get involved - to ensure that it is inclusive. Security2Live is not setting out to compete with existing activities, it aims to bring them together to achieve more strategic and effective results.

3  Digital Safety Skills should impact cyber crime across the world

Digital safety skills have mainly been delivered by IT Departments where the focus has been on compliance rather than personal outcome. We believe people need the digital safety skills that have a direct impact on reducing opportunities for them to be directly impacted by cyber crime. This initiative aims to raise the digital safety skill levels and force significant increases in the cost of carrying out attacks by criminals to the point of making such attacks unfeasible – rather than allowing them to use the same low level attacks that have worked for years.

Just as cyber crime is an international issue, protecting individuals from cyber crime must also be considered an international issue and protection responses may require an international dimension.

4 People's non-work life should be the focus of their digital safety skills

Most people spend more time using technology and devices at home and while they are out and about than they do at work. Many people only consider digital safety skills relevant once they have been compromised or suffered a loss; which in today's world is more likely to happen outside of the work environment. Yet the only education people get is within a work environment where the focus is on compliance.

With Smart Homes and other smart environments a reality, people need to learn how to secure their homes, devices, apps and other digital and physical assets from both physical and cyber attacks. This can best be done where the focus of digital safety skills is on them and their needs for digital living, and the skills learnt are transferred back to the work environment. We base our thinking on the saying that "A rising tide raises all ships", unlike most awareness initiatives which have attempted to raise individual ships not the tide.

5 The digital safety skills offered should enable learners to share their learning with others

The key digital safety skills to focus on are:

Our approach for the first three skill groups is to provide support and educate on effective human risk protection. The knock on effects of ordinary people raising their digital safety skills should impact security and privacy in the work place, but also empower people to be in control of the technology and services they use, access and own.

Our approach for the remaining three skill groups is to create a network of champions and supporter across the world. The knock on effects of these skills and related activities is to increase the total network of people in the world who are able to respond quickly when things go wrong.

6 Resources should be inclusive to meet the needs of all levels of skills

The following groups of resources will be developed:

Existing resources from the digital safety skills communities are welcomed, and where relevant these will be adapted to ensure a consistent house style with appropriate acknowledgements provided.

7  Product and service vendors must play their role in reducing cyber crime

Product and service providers have been responsible for many of the issues and problems that people encounter today. We believe that suppliers should ensure their products and services are not vulnerable to known attacks and that consumers should be able to assume a certain level of security that they don't need to know the details of. Further, that any setting and configuration options provided should be "human risk protection" centric not "vendor data collection" centric. We will participate with others in the creation of standardised digital safety configuration options for relevant technologies and services.

8 Lead research into digital safety skills and human risk protection

Quality research is the way forward to change years of breaches and a growing attack surface of individual users. We will lead research into the following:

We will work on these research ideas with partners who have specialist experience in such research. Further we want to highlight and share any existing research into the above and any related areas to anyone who has an interest in this field.

We acknowledge that these founding principles may need to be extended in the future and that they are by no means a limited list. These and any future extended principles are to be agreed to by any supporting organisation to be involved or benefit from the work of Security2Live.

 

Founding Partners

Sarb Sembhi CTO and CISO is the Founder of Security2Live and identified like-minded professionals and organisations to work with him to up skill the world.

Below is an alphabetical list of the Founding Partners working together to bring the principles of the Security2Live initiative into reality. Once the basic foundations have been laid, the Founding Partners will open invitations to supporters to who agree with our Principles to radically change the future of Digital Safety Skills, to join them.

Layer8

Layer8

Layer 8 minimises the risk to businesses by developing proactive security behaviours in employees. Working with international business such as Openreach, National Grid, IG and GKN we've developed:

The success of our programmes have been achieved by putting conversation back into security awareness/training. Conversations are our catalyst for change. Working with Layer 8 will provide a framework to get people talking about security and therefore achieving change at the grassroots, where it matters. Click the logo to learn more about Layer8 Limited

OutThink

OutThinkOutThink brings world's first human risk protection platform. An innovative, disruptive solution, OutThink redefines security awareness. The OutThink cloud platform has been developed specifically to automate the identification and measurement of human risk. OutThink was purpose-built by CISOs and researchers from UCL and Royal Holloway, for security professionals who are looking to provide effective human risk protection for their organisations.

Headquartered in the City of London with development in UK, Greece and Romania, we have a global client base all of whom are served locally from offices located in Europe, Middle East and Asia Pacific. Click the logo to learn more about OutThink

Urban IQ

Urban IQUrban IQ is a management consultancy company largely working across the public sector. It has successfully managed and delivered many complex partnership projects and will provide project support for Security2Live. Urban IQ's background will also provide intelligence for Security2live to expand its provision of cyber security information and training to the public sector. Click the logo to learn more about Urban IQ

Virtually Informed

Security2Live InitiativeVirtually Informed is a media company providing online Security and Privacy courses for non-IT people. It aims to democratise personal technology skills enabling people to take back control of their digital assets and devices and become the chief technology officer and chief security office of their lives, their homes and be a willing assistance to their families and friends. This site is being hosted by Virtually Informed.

 

Supporters 

Supporters of Security2Live agree with the Founding Principles and help promote them through their networks. We have a growing number of supporters across the world actively working in fields related to people's Digital Safety Skills.

If you would like to become a support please get in touch with us using the "Contact Us" page.

 Sutcliffe & Co Supporters

"Sutcliffe & Co Insurance Brokers welcomes the launch of Security2Live which fills a much needed gap and will help educate & protect people from many cyber security risks."

Duncan Sutcliffe, Sutcliffe & Co Insurance Brokers.

 

IASME

"Security2Live is an excellent initiative and very much needed. IASME is keen to support the work of this project and we encourage everyone in the cyber security industry and community to get involved."

Emma Philpott, CEO, IASME Consortium.

 

Please note, if you have communicated your desire to become a Security2Live Supporter and do not see your details listed above, it may be because we have not yet completed our verification process for listing - please be patient with us, we will resolve this soon.