Travelex selects A10 Networks for major network an... » UK: A10 Networks has announced that Travelex Group, the world’s leading foreign exchange (FX) specia... Lieberman Software Privilege Management Platform... » London, UK: Lieberman Software Corporation has announced that its adaptive privilege management plat... Driving forward with Tokenization and HCE...new pa... » Driving forward with Tokenization and HCE – New Paper from the Smart Payment Association. In this pa... Research Group discovers vulnerabilities in the Ad... » Check Point has announced that its Security Research Group has discovered vulnerabilities in the Adm... Intamac chosen to develop innovative Cloud Video R... » Vigilance can report that Intamac has been selected by Swann Communications to develop an innovative... Cardinal Group basks in the glory of many accolade... » The Cardinal Group Retail Fraud Awards 2014 Vigilance can report that the Cardinal Group, celebrate... The need to understand, observe, obey and respect ... » This is an observation in the course of my security business over the years in which people love and... Emergency services show attracts record number of ... » Organisers of The Emergency Services Show have confirmed that the two-day event held at the NEC in B... WordPress still vulnerable ...old plugins give eas... » Plugins and extensions: the Achilles heel of popular CMSs A by-product of High-Tech Bridge’s Immuni... Reaper goes East! » UK Reaper Remotely Piloted Aircraft Systems (RPAS) would be deployed to the Middle East to support c...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Making people less trusting of the internet has to be one of the first steps towards combatting cybercrime, it has been warned.

According to business security consultant Roger Smith, internet users must undergo a fundamental change in their perception in order to improve cyber security.

Smith, a security trainer whose company, R & I ICT Consulting Services is based in Canberra, Australia, is one of the contributors to Security 3.0, a book exploring the future of the global security industry. In his chapter, Cyber security: everyone’s responsibility, Smith says:

“In normal day to day existence, we make normal emotional decisions, when meeting people, based on our five senses (sight, sound, touch, smell and taste (I try not to lick people when I meet them)). These senses give us a perception of the people we meet, an understanding if something is a little "off", or an understanding that I can trust them. On the Internet we only use one and that seems to be enough for most people. I like the look of you therefore you must be OK! Maybe I am strange but for me to trust you, it will take a lot more than what you look like.”

Smith adds: “It does make me wonder how stupid we are. The problem is, it is not stupidity. This is a fundamental change in human physiology. The other four senses are no longer used so we have to rely on other factors to increase my level of trust in you and who you are.

“In business this is done through marketing and more importantly reputation. Social media, when used correctly for business, has the capability of increasing your trust level in both me and my product. This is why we see large businesses and politicians use social media to increase the trust level of their community. Sometimes it works, others times it doesn't.

“The problem is that the bad guys also use these types of tactics to increase your trust in them. From blatant lies to false advertising they are out to get you. The criminals even use Google Ad words and search engine optimisation (SEO) to target potential victims. Looking for the newest game, song or film to download or looking for the newest celebrity screw-up, I will bet you that the top 10 search results both natural and paid for will deliver not only a version of what you are looking for but malware, spyware or a worm.”

Smith argued that, in order to be effective, individuals must begin to take responsibility for their security.

“The buck has to stop somewhere,” he said. “If everyone who connected to the Internet had the attitude that "MY protection is MY problem" we would be in a totally different world and I wouldn't have much to write about.

“We can use technology to help with the solution, we can use management to keep track and resolve the problems and we can make sure that we are as adaptable as we can be but it still comes down to the fact that everyone needs to say that it is MY problem. If it is MY problem then I am also the solution.”

Smith described cyber security as a ‘whole of business attitude’. “It is a holistic attitude towards protecting everyone and everything within the business. It needs to be driven from all areas of the business, managed and controlled by the top but implemented and embraced at the bottom.

“I have a simple saying - Cyber security is MY problem. Not just because I work in the area but because it should be the catch phrase of everyone who is using the Internet. If everyone looked at cyber security like that then we really do have a chance of controlling the problem.”

In order to beat the cyber criminals Roger Smith outlined six easy to follow steps that people should follow.

He said: “In the area of training there are 6 facets that can be used by everyone that will flow into their workplace. Some of them can and are controlled and enforced by computer policies, others are not. They are all important.

• Use complicated passwords for every password. It doesn't matter what the web site is or the reason for the password, if you use a complicated password then a brute force attack will fail.

• Use unique passwords across different areas of your personal and business life. There is a place in the cybercrime area for people who use the same password on every site. These people are just basically fodder for the cybercrime machine. If I use the same username and password on a site and it is compromised then the first thing that the bad guys do is test other sites with that combination, it is an automatic and automated process.

• Patch everything including operating systems and applications. If the computer tells you it has an update - apply it. If an application has a patch, apply it. Applications are a bigger danger as they go across multi platforms.

• Use an anti-virus program on anything that will take one. Anti-virus software is now available for most platforms. From Mac to Microsoft to android. Most look for viruses, they are also looking for malware and spyware. The more people who use an operating system or application the more chance there is that something bad has been written for it. Yes apple and IOS is a target.

• Be paranoid. Everyone is out to get you on the internet - from 12 year old script kiddies to full blown bad guys and the threat are increasing. In addition to that even the automated systems are out to get you. It is going to happen to you (99.9% chance of being a victim of cybercrime in the next 10 years) so make sure that you do a regular backup.

• Always use common sense.

o If it looks like a scam - it is

o If they want money - it's a scam

o If they want to give you something for free - it's a scam

o If it seems too good to be true - it's a scam.

o If it’s free - it is a scam, in most cases it is also infected with malware, spyware or ransom ware.

“Get these areas correct and there is a flow on effect. You, as a user, are more secure on the Internet which means that who you work for is more secure.”