Fraud Management & Cybercrime , Governance & Risk Management , Leadership & Executive Communication
Why Today's Security Rhetoric Is Harmful and Must Change
Expunge Fear, Uncertainty and Doubt From Security Discussions, Says Victoria BainesIn her latest book, "Rhetoric of InSecurity: The Language of Danger, Fear and Safety in National and International Contexts," academic Victoria Baines questions the imagery and rhetoric we use to communicate safety and security issues and their impact on the workforce.
See Also: Preparing for New Cybersecurity Reporting Requirements
Baines, a former law enforcement intelligence analyst, sees similarities between the language, rhetorical techniques and imagery that governments, vendors and criminals use to persuade us do something, such as amplifying threats or "talking about cyber as being catastrophic, devastating, or some kind of existential crisis. We're scaring the hell out of people, but we're not necessarily giving them the tools and the information that they need to protect themselves," she says.
Baines suggests we should learn from the way public health messaging engages people, and ask, "What three things do individual citizens and small businesses need to do to protect themselves and all the people that they do business with?" She emphasizes the need to "empower people and make them feel more capable, because they're clearly capable of protecting themselves and others when it comes to a disease."
In a video interview with Information Security Media Group, Baines discusses:
- The rhetorical techniques that governments, vendors and criminals all use to make an impact;
- Why cybersecurity is rife with "fear, uncertainty and doubt" and how we can change the rhetoric of the whole industry;
- Why we should look to public health messaging and humor to empower the workforce.
Previously, Baines was the trust and safety manager for Europe, the Middle East and Africa at Facebook, and before that she was responsible for threat analysis and industry outreach at Europol's European Cybercrime Centre's strategy and prevention team. Prior to that, she was principal analyst at the U.K. Child Exploitation and Online Protection Center, a command of the National Crime Agency, where she was responsible for the U.K.’s threat assessment of online child abuse.