It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.

When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it becomes much harder for cyber criminals to successfully launch attacks. Achieving this goal starts with taking precautions to reduce personal risk through securing devices and data. However, each of us also needs to recognize and report all potential cyber threats we run across.

A global culture of cybersecurity is only possible when corporate organizations, nonprofits and universities all work to spread the message and include outreach in their mission. Here are four ways to take cybersecurity into the community to help create a global culture of cybersecurity:

1. Launch a mentorship initiative

A key element of a global culture of cybersecurity is making sure the industry has a pipeline of diverse and skilled professionals. Because cybersecurity offers non-traditional career pathways, including badging and certifications, job seekers often struggle to determine the best route. When cybersecurity professionals provide support to those who are interested in joining our ranks, we can remove barriers to new cybersecurity professionals entering the field.

For example, the nonprofit Women in Cybersecurity offers a formal nine-month mentorship program that helps members strengthen their skills in areas such as influence, negotiation, leadership, work/life harmony and communication. In 2021, the program matched 1,115 mentees from entry-level to senior level with experienced mentors to help them navigate their journey.

Organizations launching mentorship programs should start by determining their target audiences, such as underserved communities, university students or entry-level professionals. Next, they should determine the framework for the program, including creating a curriculum for mentors, determining how to recruit mentors and matching mentors with mentees. After launching the initiative, it’s important to monitor the program and make changes based on feedback provided by participants.

2. Focus on the next generation

Reaching out to students, especially those in high school and middle school, is a great way to help fill the professional pipeline by targeting young people who are making future career decisions. At the same time, members of this demographic are heavy users of technology and can help spread the education they receive to their families and peers. Iowa State University’s Center for Cybersecurity Innovation & Outreach (CyIO) offers several programs for high schoolers. Since 2007, CyIO has sponsored Innovate-IT clubs, which focus on either game design or cyber defense, at Iowa high schools. The Iowa Cyber Hub also hosts the Youth Cyber Summit every October, which provides activities such as a Capture the Flag challenge, interactive security demos, discussions about career pathways and panel discussions regarding cybersecurity careers.

Organizations looking to nurture the next generation should start by determining their key message and goals, such as educating or encouraging kids to become cybersecurity professionals. Next, decide how to get the message across to the right audience, such as clubs or events. Then, partner with schools or nonprofits that focus on kids to create the programming and get the word out.

3. Look for ways to add humor and fun

Instead of presenting lectures and offering dry information, look for fun ways to get your message out to the community. Balancing humor with information encourages people to pay attention and, most importantly, remember your message. Start with the core message you want to communicate, and then identify your specific target audience. Next, brainstorm ways that will appeal to your audience so you can get your message across while captivating their attention. Be sure to test out your idea with several people in your target audience before going live to make sure you are hitting the mark.

Videos are a great method of reaching people in a lighthearted way. In honor of Cybersecurity Month, Iowa State University created a catchy video called Cyber House Rock!, which encourages people to “encrypt your data, make passwords strong, to keep away all the malware, spam and email scams.” BuzzFeed’s Internet Privacy Prank uses the “show, not tell” approach to help people see how easy it is for cyber criminals to find their information.

Events are also a great way to add humor and fun. Princeton’s cybersecurity team got decked out for its “War Games” showing with an 80s dress-up night. After the show was over, attendees talked about what had changed in terms of information security since the movie was released in 1983. At other events, the team adds fun by bringing a Wheel of Fortune so people can spin it to win prizes while learning about cybersecurity.

4. Create an ambassador program to help friends and families

While mentorships help future and current professionals, Iowa State helps fill a big educational void. The Cybersecurity Ambassador Program, offered through the Iowa Cyber Hub, empowers Iowans by reaching out to businesses, communities, schools, friends and families. The Ambassadors provide the knowledge and tools to help others safely navigate the internet, such as avoiding scams, bullying and privacy breaches.

Focusing on helping residents and students as well as businesses, organizations can use these types of programs to provide education that is often overlooked. Launching an ambassador program is similar to the process of creating a mentorship program, but organizations need to focus on how to reach people who are most in need, such as retired adults and teenagers. Ambassador programs can also offer events to the community on specific topics, like keeping your data private and what to do if your computer is attacked by ransomware.

While it’s easy for organizations to focus on reducing their own vulnerabilities, the digital world is safer when everyone is educated and engaged about cybersecurity. By actively working to achieve this culture, organizations, nonprofits and universities can make big strides to make the internet and technology safer for all.

The post 4 ways to bring cybersecurity into your community appeared first on Security Intelligence.

The rising influence of artificial intelligence (AI) has many organizations scrambling to address the new cybersecurity and data privacy concerns created by the technology, especially as AI is used in cloud systems. Apple addresses AI’s security and privacy issues head-on with its Private Cloud Compute (PCC) system.

Apple seems to have solved the problem of offering cloud services without undermining user privacy or adding additional layers of insecurity. It had to do so, as Apple needed to create a cloud infrastructure on which to run generative AI (genAI) models that need more processing power than its devices could supply while also protecting user privacy, stated a ComputerWorld article.

Apple is opening the PCC system to security researchers to “learn more about PCC and perform their own independent verification of our claims,” the company announced. In addition, Apple is also expanding its Apple Security Bounty.

What does this mean for AI security going forward? Security Intelligence spoke with Ruben Boonen, CNE Capability Development Lead at IBM, to learn what researchers think about PCC and Apple’s approach.

SI: ComputerWorld reported this story, saying that Apple hopes that “the energy of the entire infosec community will combine to help build a moat to protect the future of AI.” What do you think of this move?

Boonen: I read the ComputerWorld article and reviewed Apple’s own statements about their private cloud. I think what Apple has done here is good. I think it goes beyond what other cloud providers do because Apple is providing an insight into some of the internal components they use and are basically telling the security community, you can have a look at this and see if it is secure or not.

Also good from the perspective that AI is constantly getting bigger as an industry. Bringing generative AI components into regular consumer devices and getting people to trust their data with AI services is a really good step.

SI: What do you see as the pros of Apple’s approach to securing AI in the cloud?

Boonen: Other cloud providers do provide high-security guarantees for data that’s stored on their cloud. Many businesses, including IBM, trust their corporate data to these cloud providers. But a lot of times, the processes to secure data aren’t visible to their customers; they don’t explain exactly what they do. The biggest difference here is that Apple is providing this transparent environment for users to test that plane.

SI: What are some of the downsides?

Boonen: Currently, the most capable AI models are very big, and that makes them very useful. But when we want AI on consumer devices, there’s a tendency for vendors to ship small models that can’t answer all questions, so it relies on the larger models in the cloud. That comes with additional risk. But I think it is inevitable that the whole industry will be moving to that cloud model for AI. Apple is implementing this now because they want to give consumers trust to the AI process.

SI: Apple’s system doesn’t play well with other systems and products. How will Apple’s efforts to secure AI in the cloud benefit other systems?

Boonen: They are providing a design template that other providers like Microsoft, Google and Amazon can then replicate. I think it is mostly effective as an example for other providers to say maybe we should implement something similar and provide similar testing capabilities for our customers. So I don’t think this directly impacts other providers except to push them to be more transparent in their processes.

It’s also important to mention Apple’s Bug Bounty as they invite researchers in to look at their system. Apple has a history of not doing very well with security, and there have been cases in the past where they’ve refused to pay out bounties for issues found by the security community. So I’m not sure they’re doing this entirely out of the interest of attracting researchers, but also in part of convincing their customers that they are doing things securely.

That being said, having read their design documentation, which is extensive, I think they’re doing a pretty good job in addressing security around AI in the cloud.

The post Cybersecurity awareness: Apple’s cloud-based AI security system appeared first on Security Intelligence.