no doubt that users are the main problem in the whole concept of cyber defense, as we call it weakest link. Now, Awareness and Training as security community typically has been doing is neither effective nor actually deliverable. Imagine we would want to continue law enforcement and public awareness by means of “Most Wanted” posted on a wall.
human, learned real life safety during centuries, still we are not aware of our physical environment, so how we are going to approach Cyber Awareness by means of sending daily Most Wanted type of stuff to users (bulletins, newsletters, notifications, alerts…) and expect them not to be the weakest link any more.
instead, we need to let cyberspace entities learn the safety organically just like what we did during each stage of real life, from prehistoric to today’s urban lifestyle. we need to elevate public knowledge and common senses through their primary and secondary educations, starting at kindergarten and require for PhD graduation. we also need ISPs and all types of cyber service providers to have native security measures in place.
thinking Users should be able to solely responsible for their own and our safety on the Net will never solve the human weakest link issue and it is not fair to think that this is end-users job to protect themselves from malicious hackers alone.
would you send your kids to a school were there is no protocol for safety and just relying on posters on the school walls telling users How to avoid criminals? no, because we have to rely on service providers and refining infrastructures to fit with our needs. we should start by governments. isn’t it the whole purpose of a government to govern society? so how cyber space is an exception, and all of a sudden we have this chaotic free universal society where government do not see any obligation and it is all about civilians ability to protect themselves in this world wild west?