I pity our government for having to try to improve national cybersecurity in a nation of "she'll be right" citizens.
This week news of a new report into Australia's cybersecurity surfaced saying that we weren't keeping up with the online threat. One of the things it suggested to combat this was to change our security culture.
I can understand the need for this.
It seems that despite constant warnings to be suspicious and aware, people are still choosing passwords such as "password" and not necessarily only for the sites that don't matter, but also to access their company networks. They're still presenting account numbers to phishers, whose emails claim to be from banks. They're still not putting passwords on their Wi-Fi connection. They're still turning off firewalls and not updating antivirus. They're still not reading pop-ups before clicking OK.
Just like when you're thinking about putting on sunscreen, but decide it's too much effort (it's only an hour right?), Australians are often loathe to think and act on the dangers that the internet has brought.
And when weak passwords might mean entry for an undesirable into a government or company network, this is a serious issue. Ditto when a lack of antivirus leads to a computer becoming part of a botnet which supports denial-of-service attacks.
There are actions that governments and industry can take to make citizens pull their socks up, such as the iCode, which sees internet service providers notify users whose machines are infected, but ultimately, for the nation to become secure, we all need to be a bit more savvy.
This is a tough ask.
Given our government's history, it could well turn to an advertising barrage to try and make us aware of our security faux pas. Remember the government's decision to spend $16 million on awareness for the National Broadband Network?
Most of the advertisements will probably be set at such an excruciatingly low level of assumed knowledge that security professionals will watch the television with their hands half over their eyes for fear of accidentally seeing one. They'll probably ridicule the government's efforts mercilessly among workmates.
But what needs to be remembered is that the government will be trying to raise strength of the weakest link. There will be a lot of people who will appreciate the basic advice laid out.
If security is about making your car the least attractive to steal by looking harder to break into than those around it, we are trying to increase the awareness of our citizens to the point where cyber criminals would rather tackle another nation.
I'll let you decide who that might be.