With more and more daily activities taking place in cyberspace, the need for cyber security is increasingly more important.
But experts at a recent Daily Transcript roundtable said reaching a point of acceptable security requires a culture change in our society that might not be so easy to achieve.
"Changing behavior is not easy, but it is possible," said Darin Andersen, chief operating officer for ESET.
Roundtable participants said that because cyberspace is relatively new, well-intentioned people do not fully understand the threats and harm caused by an unsecured cyberspace. The roundtable was sponsored by ESET.
On an individual level, an unprotected system can provide access to adversaries seeking personal information.
On a national level, unprotected systems give the enemy an opportunity to compromise our national defense.
Neither option is desirable. But people don't always know how to stay safe.
Statistically speaking, three of the 17 people at the table are not properly protected, Andersen said.
Efforts in the community led by roundtable participants' organizations aim to help educate people about the need to be secure in cyberspace.
Liz Fraumann, director of cyber security awareness and education for ESET, pointed to the Securing Our eCity initiative that her company sponsors.
And Shirley Adams, president of the Armed Forces Communications and Electronics Association (AFCEA) who works at General Dynamics Information Technology pointed to an upcoming AFCEA symposium that will educate professionals about issues focused on cyber security.
Wenda Alvarez, president and CEO of the San Diego Police Foundation, said her group conducts classes geared toward parents to teach them how to parent in a cyber world -- a different, yet equally important form of cyber security. They also teach children about how to keep themselves safe online.
"The biggest thing is that in general, kids won't tell when there's a problem ... (because) they're afraid of being disconnected from their cyber world," she said. "Parents don't know how to set boundaries because they didn't have any models."
"Everyone is out there for the first time in a new generation."
But education alone cannot drive the culture change and promote the security roundtable participants said was necessary in our cyber world.
"I think we need to break this up in terms of there are different segments depending on who the adversary is," said Stefan Savage, professor at the University of California, San Diego. "If we're talking pedophiles, there is a huge role education can play.
"If we're talking about people who are going to try to steal your financial credentials or infect your machine with malware, in that case, people are motivated to get onto machines, and they spend a lot of time evading the technology."
He said millions of dollars are poured into operations to find ways around software and other security measures. Therefore, while education and technology efforts are important, they will not prevent everything.
There is an acceptable amount of risk, roundtable participants agreed
Daniel Green, chief systems engineer for data at the Space and Naval Warfare Systems Command (SPAWAR) headquarters, said the goal must be to reach a balance with trusted information sharing.
"Information sharing grows our businesses," he said. "Trust ensures we have acceptable risk. At the national level, we're dealing with risk."
"We find the risk of not sharing is much greater than the possibility of leakage."
Some suggested regulation and prosecution are important aspects to increasing cybersecurity.
Sandi Lehan, homeland security first responder coordinator for SPAWAR Systems Center (SSC) Pacific, said the punishment and deterrence must be enough to keep honest people honest.
"As good as the education is, I think we also (need) to add the steel fist inside the velvet glove that says if you do this, we will come get you and we will stop it," said Phil Ducoffe, senior vice president for Wells Fargo Insurance.
But David Titus, managing director for strategic initiatives at the San Diego Regional Economic Development Corp., said even something as seemingly basic as implementing regulations and laws in cyberspace requires a culture change.
"We talk about prosecution and tightening things up, that's an enormous change," he said. "I don't' know what other tool of commerce has its own freedom foundation. The Internet has its own freedom foundation."
The Internet has perpetuated a culture of freedom in which, Titus said, people think it is acceptable to steal music and retailers have been told they do not have to collect tax.
Other problems could exist with regulation as well.
Regulation could encourage a large group to follow the rules. But they might not understand why the rules exist and how to evolve as needs change.
"It's the same with leadership and anything else you 'regulate,' " Adams said. "If you dictate to personnel what you can and can't do, you will have people who follow the rules of the environment they're put into.
"If you change culture through education and personal growth, it transitions people from having to do it, to wanting to do it, and you get much larger and much broader results in a positive way."
* Darin Andersen, Chief Operating Officer, ESET
* Liz Fraumann, Director, Cyber Security Awareness & Education, ESET
* Sandi Lehan, 1st Responder Coordinator, SPAWAR Systems Center Pacific Homeland Security
* Shirley Adams, Chair of the Board for NDIA/President of AFCEA San Diego, General Dynamics Information Technology
* Eric Frost, Associate Professor; Department of Geological Sciences, San Diego State Univeristy
* Wenda Alvarez, President & CEO, SDPD Foundation
* Alan Watkins, IT Operations & Security Manager, City of San Diego
* Naresh Lachmandas, CIO/Director IT, City of San Diego
* Daniel Green, Chief Systems Engineer for Data, SPAWAR Headquarters
* Sheryl Bilbrey, President & CEO, Better Business Bureau
* Maria Fischer, Wireless Eng. Certf., CEO, BienTech International Sciences, Engineering and Management Solutions
* Stefan Savage, Professor, University of California, San Diego
* Phil Ducoffe, Senior Vice President, Wells Fargo Insurance Services USA Inc.,
* Kevin Carroll, Regional Director, TechAmerica
* Duane Roth, CONNECT
* David Titus, San Diego Economic Development Council