The answer, of course, depends on the details of the situation and who you ask. For many people, Edward Snowden is a hero who discovered that the National Security Agency was conducting unethical surveillance of innocent Americans. The fact that he had to steal documentation of these practices to make it available to the public is almost entirely incidental. For others, he is a criminal (this part is indisputable) and a traitor who endangered the lives of intelligence agents working for the United States and its allies by revealing classified information about covert operations. Did he behave ethically? What do you think? On a personal level, ethics refers to moral guidelines that can help us through difficult situations and help us make the best decisions. We will likely use our personal ethics to advance our careers and address many different real-life scenarios. Our personal ethics may contain common ethical guidelines that other people share, but their meaning may vary. Privacy concerns are closely linked to complex cybersecurity issues. Cybersecurity is designed to protect us from threats such as ransomware and identity theft, two forms of hacking that rely on a serious violation of a user`s privacy.

Think of all the high-profile data breaches that have taken place recently: the 70 million Target credit card transactions recorded by thieves, the 87 million Facebook user records compromised by Cambridge Analytica, the 143 million Equifax credit records stolen by strangers. Privacy is a key ethical issue when it comes to cybersecurity. Security professionals, by their professional nature, consult and process personal, private or proprietary information that must remain strictly confidential. People who work in these fields might be tempted to reveal any juicy gossip they discovered when they ran a virus scan on someone`s hard drive, but it could ruin that person`s career or personal life. Cybersecurity experts should follow what`s known as the “butler`s credo”: the butler never says it. Organizations that hold personal information about their users are ethically responsible for protecting that information from hackers. Unfortunately, for many high-profile data breaches, hacked companies were at least partly to blame. In the case of Equifax, for example, the company was first hacked through a consumer complaints web portal on its website. The attackers exploited a well-known vulnerability that Equifax should have already fixed.

However, the company`s internal processes for patch deployment were inadequate or not followed, leaving the vulnerability unpatched, leaving the door wide open for hackers to engage in theft. Although cyberethics is still an understudied area, we have tried to shed light on the ethical issues of cybersecurity. Ethics has always been important in the past, but ethics awareness is now becoming more critical. Cybersecurity experts and organizations should put in place procedures to rigorously assess their members` compliance with applicable cybersecurity ethical commitments. That`s why we hire cybersecurity experts who are the gatekeepers, protecting our systems and information from those who would abuse them. We place great trust in these professionals who can assign and revoke passwords and access rights, who can read our emails, track our web activity and scan our computers to reveal all their contents. Cybersecurity practices aim to secure computer systems and networks and protect data. These data, systems, and networks do have economic or other value in themselves, but what cybersecurity practices essentially protect is the integrity, functionality, and reliability of the organizations that depend on that data and systems. This can put patients` lives at risk, especially in services where rapid access to the network is necessary to use life-saving medicines or devices. In short, the responsibility to balance adequately resourced cybersecurity with other types of functionality is an ethical issue. This is the starting point for a series of ethical debates that we need to have. We may never come up with a solution that everyone likes, but at least we`ll ask the right questions and move in the right direction: more security and privacy for all of us.

However, each cybersecurity scenario involves different facts, products or services, and interests at stake, so there is no single approach or guide that can be used to ensure reasonably transparent cybersecurity practices. This means that in each case, sound ethical reflection on the specific scenario and associated risks, benefits, and trade-offs is required, followed by consistent ethical judgment about what is best to do given the facts and options. Cybersecurity is a form of risk management, and because these risks significantly affect other parties, there is a standard ethical obligation to disclose these risks when they are identified, so that affected parties can make informed decisions. For example, if a company discovers a critical vulnerability in its software, it must notify its customers in a timely manner. On the one hand, we seem to have little choice in this matter. Most people`s lives don`t revolve around virus signatures and threat vectors. Most of us use computers, smartphones, and networks to do other things, so we have to leave our security to the experts. However, we need to understand that cybersecurity professionals face particular ethical issues that the rest of us may never address. How can we balance the need for security with protecting our privacy? How do we determine the extent of a company`s ethical responsibility to protect our information or respect our privacy – and how do we hold it accountable? The first step we all need to take is to see privacy as a laudable end in itself. The idea that people have a right to privacy stems from the ethical idea that people have intrinsic worth and dignity. Worthy people have a right to privacy, both in person and online.

To behave or believe differently would violate our deepest ethical principles. The Swiss Cyber Institute develops its skills through exclusive training courses and events and helps its members mitigate the cyber risks associated with digitalization. We take a unique approach to cybersecurity training and build a sustainable cybersecurity culture in your organization. The lack of adequate cybersecurity measures leads to even higher costs. You may be wondering, of course, how the issue of resource allocation can be considered an ethical issue. Imagine a situation where a cyber professional working for a hospital responds to a potential threat by immediately initiating an extremely lengthy security login process where they do not first consider the primary function and interests of network users. Security is another ethical issue that may seem redundant when talking about a cybersecurity expert, but think of it this way: if we are all responsible for following proper cybersecurity procedures in our own lives, take your personal responsibility and multiply it by 100. This is the security responsibility of a cybersecurity expert.

If most users leave their computer unattended or fail to perform a scheduled update, it may not be a big problem. But for a cybersecurity expert, this could be a serious ethical mistake. You are more committed than anyone else to ensuring the security of devices, data and networks. The second ethical issue that should always influence the practice of cybersecurity is the inevitably high cost of cybersecurity. The costs are high because cybersecurity efforts require a significant number of people as well as organizational resources such as time, money, and expertise. This means that ethical issues are at the heart of cybersecurity practices, as these practices are increasingly necessary to ensure the ability of individuals and human groups to live well. In an increasingly connected society, a broader and better understanding of cybersecurity ethics is essential to promoting human prosperity.