The growth of the Internet has been one of the most remarkable phenomena of the last century. That said, this swift development of the entire Internet economy is not without its social costs. We live in an era where nearly all sectors of society around the world are already an indispensable part of the cyber world. There are massive opportunities, and at the same time, immense fears and challenges. Information in the cyber world can be accessed globally, so the field of cyber security needs to scrutinise what is right and wrong. In this blog post, our objective is to carefully review the social costs and underlying ethical issues in cyber security that have been triggered by technological advancements.
What do we mean when we talk about ethics?
Ethics is a branch of philosophy that deals with what is deemed to be right or wrong. The study of ethics can be either on a theoretical level or on an applied level.
On a personal level, ethics pertain to the moral guidelines that can help us through difficult situations, aiding us in making the best decisions. We are likely to use our personal ethics to advance our career and manage many different real-life scenarios. Our personal ethics can contain common ethical guidelines that other individuals share, however they may vary in their level of importance.
In work-life, ethics are a set of values based on the ideals of discipline and are often formulated in formal codes. Individuals with a strong work ethic are known to be productive – they do not procrastinate and are respectful towards others. Basic work ethics within the work-life environment include attitude character, cooperation, respect, productivity, etc.
What does ethics have to do with cyber security?
Cyber security practices aim to secure computer systems and networks and keep data safe. Those data, systems, and networks indeed hold some economic or other value in themselves, but what cyber security practices essentially protect is the integrity, functionality, and reliability of organisations that rely upon such data and systems. This means that ethical issues are at the core of cyber security practices, as these practices are increasingly required to secure the ability of human individuals and groups to live well. In an increasingly networked society, a wider and better comprehension of cyber security ethics is critical for promoting human prosperity . The following are the three important ethical issues in cyber security.
1. Harms to privacy
Privacy harm is conceptualised as the negative consequence of a privacy violation. Some of the most common cyber threats to privacy include identity theft. Identity theft is the term used to refer to all sorts of crime in which someone unlawfully gains and uses another person’s personal data in some way that involves fraud, usually for financial gain. The exposure of sensitive personal information results in costly spam, phishing, or other undesirable communications. That said, it is important to understand that privacy harms do not only jeopardise those whose sensitive information is directly exposed to cyber threats. Even those who try to live disconnected from the digital cannot prevent sensitive data about them from being generated and shared by their friends or family. This situation puts an enormous amount of pressure on cyber security specialists, who are trusted with manning the critical line of defence against personal and organizational privacy harms. All in all, poor cyber security practices can be more than just ineffective, they can be unethical as well.
2. Cyber security resource allocation
The second ethical issue that should always inform cyber security practice is the unavoidably huge cost of cyber security. The cost is great because cyber security efforts take up a considerable number of individuals as well as organizational resources like time, money, and expertise. Needless to say, not having adequate cyber security measures in place imposes even greater costs. You may naturally ask how the issue of resource allocation can be seen as an ethical issue. Imagine a situation where a cyber expert who works for a hospital responds to a possible threat by immediately instituting an extremely time-consuming security login procedure, where he/she does not first consider the core function and interests of the network users. This situation can potentially endanger the patients’ lives, particularly in departments where fast network access is required to use life-saving medicines or equipment. In short, the responsibility of recognising a sound balance between well-resourced cybersecurity and other kinds of functionality is an ethical issue.
3. Transparency and disclosure
Cyber security is a form of risk management, and because those risks substantially affect other parties, there is a default ethical duty to disclose those risks when identified, therefore affected parties can make informed decisions. For instance, if a company finds out a critical vulnerability in its software, it must notify its customers or clients of that discovery in a timely manner. That said, each cyber security scenario comprises different facts, different products or services, and interests at stake, thus there is no one-size-fits-all approach or guidance that one can utilise to guarantee adequately transparent cyber security practice. This translates into the fact that what is required in each case is a solid ethical reflection on the specific scenario and the risks, benefits, and tradeoffs involved, followed by a coherent ethical judgment about what is best to do, given the facts and options.
Final thoughts on cyber security ethics
Although cyber ethics remain an under-researched field, we tried to shed light on ethical issues in cyber security. Ethics have always been important in the past, however, the awareness of ethics is becoming more critical now. Cyber security professionals and organisations should adopt procedures for rigorously evaluating the compliance of their members with the applicable ethical cyber security obligations.
Swiss Cyber Forum builds competences through training and exclusive events and helps its members to mitigate the cyber risks associated with digitalisation. We take a unique approach to cyber security training and build a sustainable culture of cyber security within your organization. What makes our trainings different? The problem with many training courses is that most of them are lecture-based trainings which are known to have limited return on investment. But we promote the real-world hands-on skills required to tackle tomorrow’s cyber threats. In that respect, we are delighted to inform you of our Cyber Security Specialist training with Swiss Federal Diploma. Upon the completion, you will be able to assess system vulnerabilities, identify weaknesses, and ensure that preventive actions are taken to address them. for more information, download the brochure.