I am currently attending a slew of meetings on Cybersecurity at which experts preach to each other. On monday I am due to chair a meeting skills. On November 15th the Get Safe On-line Summit will have the most powerful line-up of speakers in years. Government is taking the issues seriously – but are the security experts ready to be taken seriously. I will use a simple example: What should you actually do when you receive an e-mail asking you to renew your anti-virus software or one telling you that your automatic update has failed because your card details have not been recognised?
I have just received an e-mail on from Dr Jones (not his real name of course) who works professionally in the area of information assurance. He could find no way of validating the e-mail telling him that his automatic update had failed so he contacted the company via one of their most senior managers in Europe to find out whether it was a scam. He was given a contact in customer service who was finally able to assure him that is was both genuine and accurate. He then tried to follow the instructions he was given. Twice he had to go back because the software did not do what it said, its behaviour was not in the least intuitively obvious and the process required keys and codes that that anyone else would have lost.
I should add that I have had similar experiences with security software from both that company and its competitors: e-mails asking me to renew licenses that had been pre-installed on systems for which I had paid an inclusive price, e-mails after my credit cards were renewed … and the rigmarole when I tried to install the BBC I-player – I had to talked through the routine for giving permission by a very helpful Indian: he was most apologetic, helpful and understanding – well aware that ordinary english-speaking human beings would not understand the instructions, even if they could find them.
“Dr Jones@” conclusion was that had he not known who to contact he would have had to give up on the automatic renewal routines.
On Monday I will suggest that “staff who can produce, maintain and support intelligible and accurate user interface and help facilities” are the most critical cybersecurity skills shortage. Later in the week I will nominate “automatic renewal routines that are fit for purpose” to one of those many surveys on “the most urgent technical challenge”.