ISA’s Clinton Suggests Cybersecurity Awareness Month is Out-Dated

October 24, 2017

(WASHINGTON, D.C.) – In a speech at the National Press Club tomorrow, Internet Security Alliance (ISA) President Larry Clinton will suggest that we have achieved the goals of cybersecurity awareness month and now need to focus on a broader understanding of the problem. Clinton will suggest that the over-emphasis on simple awareness has led to focus on rudimentary operational policies, such as cyber hygiene and information sharing, that are not adequate to address the sophistication and complexity of the modern cyber threat.


“The implicit assumption of the awareness model is that if people were only more aware and acted sensibly, we wouldn’t have a cybersecurity problem. This has led to a false narrative that our main problem is that we have lazy, stupid, greedy people managing our cybersecurity, and so we are always able to find some simple practice or patch that wasn’t deployed and was compromised,” Clinton will say.


“This entire narrative belies a fundamental misunderstanding of the real problems we face, and how bad things truly are. We surely do have some lazy and stupid people in the system, but that is not our main problem. Our main problem is that we have an inherently insecure system – becoming technically weaker – protecting data of immense value. If you are the Chinese Intelligence service, how long are you going to pound on OPM to get the data on all our security personnel? If you are a nation-state affiliated criminal, how long are you going to pound away at Equifax to get financial data of that value?” Clinton asks.


Clinton’s remarks will open a joint event ISA is sponsoring with the Cyber-Security Council of Germany (CSCG) at the National Press Club in Washington, DC, from 8:30am to 11:30am, Wednesday, October 25.


“As we come to the close of cybersecurity awareness month, lets designate November as Cybersecurity Action month – and since the problem is so urgent, let’s start October 25,” suggests Clinton.


During the half day conference, ISA and CSCG will outline a series of programs and partnerships, folding in the work of corporate boards, the audit community, and the governments of both the US and Germany focused on a broader agenda than the traditional focus on programs like increased information sharing and promoting of basic security practices.


“Today’s program kicks of a series of events that will be unfolding here and in Europe over the next several months that build on a broader, more sophisticated understanding of the cybersecurity problem, and produces pragmatic tools to assist in addressing the issues beyond mere awareness and operational interventions, and instead works on comprehensive understanding and comprehensive, collaborative international efforts in order to build a strategic and economically based approach to cybersecurity,” Clinton said.



About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook for the National Association of Corporate Directors. For more information about ISA, please visit or 703-907-7090.PRESS RELEASE_102417_Cybersecurity Awareness Month Out Dated

| ISA’s Clinton Suggests Cybersecurity Awareness Month is Out-Dated