Between adverts for baldness cures and IVF treatment on the Tube you may have spotted a more pressing message to London’s commuters: "Be Cyber Streetwise".
The campaign is one of the chief weapons in the British government’s campaign to improve the cybersecurity awareness of its citizens, which this week will prompt police to hold "cybersecurity shops" in malls across the country to dispense professional advice on the subject.
Andy Archibald, deputy director of the National Crime Agency’s cybercrime division, argues that awareness and collaboration are "vital" components of the government’s strategy, which spans several departments and has a considerable budget, if rather more opaque results.
Starting in April 2011 the British government pledged to invest £860m to tackle the threat of cybercrime through the National Cyber Security Programme (NCSP), in a campaign that is due to end in March of 2016 – and will likely lead to another, perhaps even more expensive sequel.
The budget covers technology investment and the expansion of education programmes, of which the Cyber Streetwise campaign is merely one. According to the Home Office it has reached 2 million people since January 2014. Whether it has changed the behaviour of that many remains uncertain.
Communication breakdown
Communication between the public and cyber cops has proved difficult even as cybercrime has edged its way onto the national agenda, with both sides feeling, perhaps justifiably, that they do not understand one another.
Any number of surveys will tell you that people routinely use and reuse weak passwords, with a recent survey from security vendorKroll uncovering thousands of customers at a financial services firm opting for "Arsenal1" as a means of securing their accounts.
Content from our partners
Likewise much security advice is impractical. Some experts would have Britons assign a unique and complicated password to each service they use, which numbered 26 on average in 2012, according to credit services firm Experian, a figure likely even higher today.
But despite the laxity initial assessment’s of the NSCP have proved to be positive, with the National Audit Office concluding in September of 2014 that "the government continues to make good progress in implementing the programme", despite cybercriminals becoming more sophisticated by the day.
It did however add that "the government must increase the pace of change in some areas", in particular finding that small and medium enterprises were not being well catered for. Given that smaller companies lack the technological clout to defend themselves, and even bigger firms are still suffering, much progress still needs to be made.
Need no education
The solution perhaps lies in educating the younger generations, whose technological prowess often encourages companies to invest more heavily in IT. Already this strategy has led the government to put out cybersecurity materials for GCSE and A-Levels, with similar courses set to be released to 11 to 14 year olds this year.
For those in higher education several universities have also rolled out accredited cybersecurity courses, whilst the Global Institute of Cyber, Intelligence and Security, a specialist school, opened in London Bridge in January. Both measures should help plug the tech skills gap, with better security practices likely to spread throughout companies.
Yet if all this sounds encouraging it belies a stark warning in the National Audit Office’s recap of the £860m programme, which claimed the Cabinet Office "cannot yet demonstrate a clear link between the large number of individual outputs being delivered and an overall picture of benefits achieved". Progress has been made, but how much remains to be seen.
