As human beings, due to our evolutionary background, we struggle to perceive the dangers of the digital world. We have always been accustomed to assessing risk based on our physical environment, evaluating the context (location, people, etc.). For example, walking through a dark, deserted alley at night, we would likely feel a sense of heightened alertness combined with anxiety. These emotions are essential in triggering a flight response in case of a threat.

This sense of vigilance is generally absent when using computers and smartphones. Often, this is because we use such devices in safe locations, such as our homes, offices, or crowded waiting rooms. No one would typically use a social network in a potentially dangerous situation if the danger were perceived as such.

However, we fail to fully grasp that if the Internet connects us to the world, the world is also connected to us, with all its consequences. This results in a misperception of danger when using digital tools.

Personal Digital Protection

We are used to thinking that certain individuals (politicians, industrial leaders) require physical protection through armed guards and armored vehicles. However, we rarely consider the necessity of protecting these individuals from a digital perspective. This is not merely a matter of understanding a specific technology but rather adopting a security-oriented mindset.

Consider two well-known cases: Boris Johnson (former British Prime Minister) and Ank Bijleveld (former Dutch Minister of Defense). Both inadvertently exposed access credentials to confidential meetings. Many colleagues commented harshly on these incidents, but the problem is more complex than it seems: we need to educate people on understanding a world that, until recently, posed no significant threats. We must build awareness to mitigate potential damage. I say “mitigate” because damage has already occurred, and, even if we start today, many more incidents will happen before we reach a sufficient number of informed individuals capable of minimizing these risks.

We must focus on:

• C-Level executives, politicians, and key personnel in national and corporate environments who are potential targets for attacks against critical infrastructure.
• Adults, both as individuals and employees, who are susceptible to digital attacks, scams, and phishing, potentially becoming entry points for corporate breaches.
• Children and teenagers, who are often given technological tools without adequate education on digital threats and self-protection.

A Case Study

Several months ago, I came across a job listing from an international company (which will remain anonymous) looking for a CISO. The position was interesting, and before considering it seriously, I wanted to assess the company’s security awareness. I conducted an OSINT (Open Source Intelligence) analysis to identify potential vulnerabilities.

For those unfamiliar with OSINT, it refers to the practice of gathering publicly available data. It is comparable to research conducted in a public library.

No hacking or intrusion was performed, yet due to the careless handling of information, I made some surprising discoveries. Specifically, I found personal details of the CEO, including their private email, personal phone number, and home address.

These details were accessible via the company’s website, embedded in corporate documents from previous years, likely submitted for certification purposes and never removed. Search engines then indexed this information, making it publicly searchable, just like a library catalog.

Threat Modeling

Ein Beispiel: Wenn ich meine private Telefonnummer auf einer Konferenz weitergebe, muss ich mir bewusst sein, dass diese möglicherweise weit verbreitet wird. Folglich sollte ich damit rechnen, unerwartete WhatsApp-Nachrichten von unbekannten Personen zu erhalten, und angemessen darauf reagieren.

Im oben beschriebenen Fall führt die Preisgabe privater Kontaktdaten dazu, dass eine Person anfälliger für digitale Angriffe (z. B. per E-Mail oder Telefon) sowie physische Bedrohungen (z. B. durch die Offenlegung der Wohnadresse) wird, was das Risiko von Stalking erhöht. Aufgrund einer hohen beruflichen Stellung kann die betroffene Person zudem ins Visier der Wirtschaftsspionage geraten, wodurch finanzielle Daten, Geschäftsgeheimnisse oder geistiges Eigentum gefährdet werden könnten.

Conclusion

While this article may seem alarmist, denying reality does not make it disappear. The issue is real and widespread across all sectors (corporate, personal, and youth). We must first acknowledge that we all face digital security challenges and learn how to manage them effectively.

The tools exist; we need to learn how to use them correctly. The best way to do so is by applying time-tested principles: we must train ourselves to recognize and mitigate digital threats, just as we did with traditional security threats before the Internet became widely accessible.

Parents of today’s middle-aged adults often advised against talking to strangers. We need to translate that mindset into the digital world, where we are all cons