Opinion
It's time we lost our 'cyber-naivety'
-
(Photo: Yuri Samoilov)
Social media, online shopping, e-voting, cross border research, and giving a voice to the young generation's hope for democracy, have all been mini revolutions set in motion by the internet and the use of data.
The advantages of the internet have been almost immeasurable, but the last 18 months have highlighted the fact that for all the promise that technology can offer, there are very real and varied threats lurking in the dark corners of the web.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
Where once individuals handed over their data with little or no consideration of the consequences, seeing the person at the next table at Starbucks putting a piece of tape across their webcam to protect themselves is becoming more and more commonplace.
That is because with the growing power of the internet, comes the growing vulnerability of our individual rights, our public infrastructure and society at large.
The internet and the darkweb provide a cloak of anonymity and a geographical obscurity that gives criminals a competitive advantage in a way that traditional criminal methods never could.
Cyber-attacks are no longer just the experimental "white hat" acts of teenagers in their bedrooms, but instead major incidents choreographed by nation states and sophisticated criminal syndicates looking to seek huge financial gain, by attacking our banking system, hospitals, government departments and airlines.
A year ago, the WannaCry ransomware attack targeted 230,000 computers in over 150 countries.
Research shows that since 2016, more than 4,000 ransomware attacks have occurred each day, which amounts to a 300 percent increase since 2015.
Over recent months, we may have lost our 'cyber-innocence', but now is the time to lose our 'cyber-naivety'.
That is why online security needs to be a key component of our future EU policy development for the Digital Single Market.
Security cannot be an afterthought or an add-on. Protecting personal data, protecting our infrastructure and advancing the use of online services cannot be developed in policy silos.
Equally, we cannot act in national silos, protecting ourselves against cybercrime is an area where crossborder cooperation is essential.
Europe is only as strong as its weakest link, and we need high standards across the board if we are to protect ourselves effectively.
Of course, there is no single-fix or silver bullet. Initiatives like a certificate for products and services demonstrating that they are "cyber secure" are well meaning, but without legal teeth or obligations to carry out rolling updates, they risk being marketing stickers rather than long-term solutions.
Privacy and security by design are important elements to make sure European consumers can have confidence in the products and services they use, but they also enable those with bad intentions to evade detection more easily.
No market opportunity without society obligation
Within the Digital Single Market, we must also examine the fact that market opportunities cannot be separated from societal obligation.
We block toys made with lead-based paint at the European border, but allow internet services that break our laws to have access to the European market.
But is banning products the right way forward?
We need to walk the fine and pragmatic line between allowing innovation to flourish, whilst doing all we can to protect the public.
This does not have to mean a journey towards over-regulation of the internet. In the same way we had to teach the public to drive responsibly, and drink responsibly, there needs to be a public education as to the dangers of the internet.
This should be established through a clear and ongoing dialogue between business, consumers, and legislators as to how to tackle the issue of cyber criminality.
Key to this is addressing the balance of power between business and the consumer. The consumer needs to realise that signing up to a website and ticking the box without reading the (albeit far too long) terms and conditions is insufficient to protect yourself.
Our current generation of children will grow up being comfortable with the concepts of encryption, online consent and coding, but we need to broaden that level of understanding to every corner and age group of society.
Educating the public on how to protect themselves online can have as positive an impact as costly and complicated regulation.
At the same time, businesses need to apply EU data protection and cybercrime legislation in the spirit as well as the letter of the law.
Online security cannot be seen as a secondary priority or as something to circumnavigate in order to cut costs. There needs to be an understanding by business, that investing in consumer protection will reap its own rewards, especially in a climate where consumer trust and loyalty is a highly prized commodity.
It is undeniable that the digital revolution offers many practical and everyday opportunities, from smart meters to intelligent traffic management to remote medicine.
As we start integrating digital into our lives and reaping its far-reaching benefits we must always remain focused on all possible drawbacks. Every router, every laptop and mobile phone is potentially exposed to the threat of cyber criminality.
You wouldn't leave a box of your most prized possessions and private information in an unlocked box in the middle of the street, so why are so many people casual about their online information?
Only when society begins to realise that its virtual security is as big a priority as its physical security, will it start to be able to effectively protect itself from Cybercrime.
It is a journey we need to go on together, and a journey that needs to begin right now.
Anneleen Van Bossuyt is chair of European Parliament's internal market committee and an MEP with the European Conservatives and Reformists group
Disclaimer
The views expressed in this opinion piece are the author's, not those of EUobserver.