Expert Insights
Not a day goes by without news of a security incident, whether it be an information leak, unauthorized access, or malware. Recent cases have also emerged of ransomware, which holds information for ransom and demands money. In February of this year, the operations of a Los Angeles hospital were disrupted by ransomware that infected its PCs. Apparently the hospital ended up paying the ransom to resolve the incident. When we hear stories like this, engineers like me always wonder whether we cannot solve this problem, but I have come to the conclusion that it is not something we can overcome using technology alone. This is because, through the analysis of various different incidents, I have found that it is people who are the weakest link. In other words, unless people change, incidents like this will continue.
In this case, in what way should people change? One thing that I believe to be crucial is an awareness that nobody is unaffected by Internet security. It is important that people understand that security matters to them and that it is not enough simply to establish a security department at the organization, appoint a chief information officer (CIO), and delegate responsibility to someone else. I do not believe it is necessary to understand how systems are implemented or how complex incidents were perpetrated. On the other hand, just understanding that your routine behaviors have security implications is, I believe, enough to change matters significantly. If everyone is paying attention, they should be able to notice when something is out of the ordinary. Provided that someone notices, it can then be left to the specialists to assess the situation and determine what has happened.
This means that action is needed to raise everyone’s awareness. I think of this as education. While the training of specialists is essential, what we also need to do nowadays is to provide ongoing education for everyone else. Improving Internet security equates to improving the quality of the Internet that we use as part of the social infrastructure. While technology development and the establishment of public policy are necessary for achieving this, I also believe that providing education in parallel with such work will create a high-quality Internet.
Japan will host major international sports events in 2020. By that time, I believe the Internet will have become an even more important part of the social infrastructure. For Japan to take the lead in improving the quality of the Internet at this time, we should be working on initiatives in the three areas of technology, policy, and education.
Hideki Sunahara, Ph.D.
Professor of Media Design/Advanced Research Center, Keio University Graduate School Director of Cyber Security Research Center