Making people less trusting of the internet has to be one of the first steps towards combatting cybercrime, it has been warned.
According to business security consultant Roger Smith, internet users must undergo a fundamental change in their perception in order to improve cyber security.
Smith, a security trainer whose company, R & I ICT Consulting Services is based in Canberra, Australia, is one of the contributors to Security 3.0, a book exploring the future of the global security industry. In his chapter, Cyber security: everyone’s responsibility, Smith says:
“In normal day to day existence, we make normal emotional decisions, when meeting people, based on our five senses (sight, sound, touch, smell and taste (I try not to lick people when I meet them)). These senses give us a perception of the people we meet, an understanding if something is a little "off", or an understanding that I can trust them. On the Internet we only use one and that seems to be enough for most people. I like the look of you therefore you must be OK! Maybe I am strange but for me to trust you, it will take a lot more than what you look like.”
Smith adds: “It does make me wonder how stupid we are. The problem is, it is not stupidity. This is a fundamental change in human physiology. The other four senses are no longer used so we have to rely on other factors to increase my level of trust in you and who you are.
“In business this is done through marketing and more importantly reputation. Social media, when used correctly for business, has the capability of increasing your trust level in both me and my product. This is why we see large businesses and politicians use social media to increase the trust level of their community. Sometimes it works, others times it doesn't.
“The problem is that the bad guys also use these types of tactics to increase your trust in them. From blatant lies to false advertising they are out to get you. The criminals even use Google Ad words and search engine optimisation (SEO) to target potential victims. Looking for the newest game, song or film to download or looking for the newest celebrity screw-up, I will bet you that the top 10 search results both natural and paid for will deliver not only a version of what you are looking for but malware, spyware or a worm.”
Smith argued that, in order to be effective, individuals must begin to take responsibility for their security.
“The buck has to stop somewhere,” he said. “If everyone who connected to the Internet had the attitude that "MY protection is MY problem" we would be in a totally different world and I wouldn't have much to write about.
“We can use technology to help with the solution, we can use management to keep track and resolve the problems and we can make sure that we are as adaptable as we can be but it still comes down to the fact that everyone needs to say that it is MY problem. If it is MY problem then I am also the solution.”
Smith described cyber security as a ‘whole of business attitude’. “It is a holistic attitude towards protecting everyone and everything within the business. It needs to be driven from all areas of the business, managed and controlled by the top but implemented and embraced at the bottom.
“I have a simple saying - Cyber security is MY problem. Not just because I work in the area but because it should be the catch phrase of everyone who is using the Internet. If everyone looked at cyber security like that then we really do have a chance of controlling the problem.”
In order to beat the cyber criminals Roger Smith outlined six easy to follow steps that people should follow.
He said: “In the area of training there are 6 facets that can be used by everyone that will flow into their workplace. Some of them can and are controlled and enforced by computer policies, others are not. They are all important.
• Use complicated passwords for every password. It doesn't matter what the web site is or the reason for the password, if you use a complicated password then a brute force attack will fail.
• Use unique passwords across different areas of your personal and business life. There is a place in the cybercrime area for people who use the same password on every site. These people are just basically fodder for the cybercrime machine. If I use the same username and password on a site and it is compromised then the first thing that the bad guys do is test other sites with that combination, it is an automatic and automated process.
• Patch everything including operating systems and applications. If the computer tells you it has an update - apply it. If an application has a patch, apply it. Applications are a bigger danger as they go across multi platforms.
• Use an anti-virus program on anything that will take one. Anti-virus software is now available for most platforms. From Mac to Microsoft to android. Most look for viruses, they are also looking for malware and spyware. The more people who use an operating system or application the more chance there is that something bad has been written for it. Yes apple and IOS is a target.
• Be paranoid. Everyone is out to get you on the internet - from 12 year old script kiddies to full blown bad guys and the threat are increasing. In addition to that even the automated systems are out to get you. It is going to happen to you (99.9% chance of being a victim of cybercrime in the next 10 years) so make sure that you do a regular backup.
• Always use common sense.
o If it looks like a scam - it is
o If they want money - it's a scam
o If they want to give you something for free - it's a scam
o If it seems too good to be true - it's a scam.
o If it’s free - it is a scam, in most cases it is also infected with malware, spyware or ransom ware.
“Get these areas correct and there is a flow on effect. You, as a user, are more secure on the Internet which means that who you work for is more secure.”