A year ago, I presented Securing the World of Avatar at SyScan Singapore. It's a lightning talk about a brief thought I had when I was travelling to work — why people do not act securely in cyberspace.
My conclusion: the rapid march of technology into every facet of our life has formed a whole new world — the cyber world — which many people are unfamiliar with. Anyone with a computing device (desktops, laptops, mobile phones, etc.) and Internet connection is able to connect to the cyber world, entering a non-physical world of pure emotion and intellect.
Many people perceive the cyber world as something similar to the physical world, but virtual. There's the electronic mail systems, Internet banking systems, online stores, etc. Yet, the cyber world is not at all a virtual presence of the physical world. Fundamentally, it has different elements, entities and protocols. Despite these differences, users seem to struggle in identifying threats in the cyber world.
We are taught and guided by parents and guardians when we were born into this world. Introduced to objects of the world, learning what is good or bad, not following strangers who offer candies, not to walk in dark alleys at night, etc. In contrast, users are not educated when they begin their journey into the cyber world.
My presentation concluded by highlighting the importance of user education and I introduced a new educational methodology. In the physical world, we only learn how to identify certain potential danger after we have experienced them. Bringing in the concept from the physical world, we could add more edge to our educational methodology by allowing users to gain experience from simulated exercises.
Fast forward to a few months ago when I was introduced to a book "Place: a short introduction", The book, written by Tim Cresswell, talks about the fundamental concept of 'place' in the context of human geography. He started the book by defining what is 'place' and stating how it can be used to suggest a geographical location, privacy and belonging, sense of position in a social hierarchy, or ordering of things. Despite the simplicity of the word, it carries many different meanings due to its use in everyday speech.
What made me ponder most was the section when Cresswell introduced the differentiation between 'space' and 'place.'
What begins as undifferentiated space becomes place as we get to know it better and endow it with value. [...] The ideas 'space' and 'place' require each other for definition. From the security and stability of place we are aware of the openness, freedom, and threat of space, and vice versa. Furthermore, if we think of space as that which allows movement, then place is pause; each pause in movement makes it possible for location to be transformed into place.
— Tuan Yi-Fu, Space and Place: The Perspective of Experience (1977)
What then differentiates place from space in the cyber world? How do users feel 'in place' in cyberspace? In the physical world, people can easily feel 'out of place' when they feel insecure in some space, one which they have been educated, by their guardians or through their experiences, to be known as dangerous. In contrast, in the cyber world, how much knowledge do users have to transform cyberspace into a ‘place’? Moreover, cybercriminals have been concealing malicious Web sites to look as legitimate as possible to put users 'in place' to increase the likelihood of victimising them. What confuses me, even more, is the idea that users seem able to coexist in both the physical and cyber world, and that the emotion of being 'in place' in the physical world affects their judgement of the space in the cyber world.
I personally do not have a proposed solution to any of the questions raised. However, it is always interesting to examine cybersecurity from a multi-disciplinary perspective.
Emil Tan, Skipper & Co-Founder, Div0.