Study Finds 'Alarming' Ignorance About Cybercrime

"Consumers' unsecured computers play a major role in helping cybercriminals conduct cybercrimes," the National Cyber Security Alliance warns

by Michael Smith (Veshengro)

At the recent RSA Conference, it was reported by the National Cyber Security Alliance (NCSA) that consumers, in the USA, and I can also guarantee to that, elsewhere, do not understand botnets; those networks of compromised computers that have become one of the major methods for attacking computer systems.

"Botnets continue to be an increasing threat to consumers and homeland security," said Ron Teixeira, executive director of the NCSA, in a statement.

"Consumers' unsecured computers play a major role in helping cybercriminals conduct cybercrimes not only on the victim's computer, but also against others connected to the Internet." (See also my article “Unsecured PCs – The Bane of the Internet”)

Many computer users, especially consumers, so to speak, that is to say the “ordinary” home user or the small entrepreneur working from home, often simply do not understand to what degree their computers can be subverted, thereby degrading security for others.

A great majority have no idea as to the term "botnet"; more than half actually believe it is unlikely that their computer, even if compromised, could affect homeland security; just under half believe it not to be possible for their computer to be commandeered by hackers; again more than half have not changed their password in the past year; and nearly half of users do not know how to protect themselves from cybercriminals.

I can vouch for that with the amount of people that I come in contact with who use a PC from home for all kinds of activities, often including running a business, who do not have any anti-virus software even, of if they do they have never ever updated it.

Such findings really should come as no surprise. Last October, a joint study conducted by McAfee and the NCSA found that almost half the consumers surveyed erroneously believed their computers were protected by antivirus software.

Moreover, the ongoing success of social engineering attacks demonstrates that people are easily fooled. And really, given the frequency with which studies exposing people's ignorance about all manner of things appear, it should be assumed that more education about everything is needed. However, how much more can you educate people?

As said, there are many that have not even got anti-virus software on their PCs or they have never updated it, if they have such a program, believing that having such a program installed does protect then for ever and they have to do nothing.

Let us not ask them whether they have software firewalls (hardware firewalls would just confuse them) installed. The same is true as regards to anti-spam and anti-malware programs. The great majority, I am sure, have neither.

Ron Teixeira considers it "alarming" that people don't know how to keep their computers secure.

While that may well be cause for alarm, it is, however, worth noting that companies with highly paid IT professionals get hacked, too. That should at least be as alarming, if not more so. And, it is not just companies; the very security services get hacked.

Tell a hacker or cracker that your system is secure and he has his homework for the week. He will try to hack your system and, more likely than not, he will, given time, succeed.

There is no such thing as a fireproof system; all we can do is keep on top of it. This means anti-virus software must be, as I already said in the previous piece, updated daily, if not even every couple of hours, if need be manually, while one is online. The same for any other protection software. If it is not updated and has not the latest signatures then it cannot catch and disable the threats that are out there.

Now, let's be careful out there... In addition a change of OS might be an idea too...

© M Smith (Veshengro), April 2008