The Gurus | itsecurityguru.org »
Cyber threats and Online issues…Safer Internet Day Tackles This And Aims To Raise Awareness Of Online Safety Issues
The 8th of February marked the 19th Safer Internet Day which saw over 200 countries take a collaborative stance to make the Internet a safer and better place for all, particularly for younger people. Over the past 18 months, online activity sky-rocketed due to the disruptions caused by the pandemic. With many faced with lockdowns, the vast majority were restricted to the confines of our homes, with adults working remotely and children learning virtually. The majority of our social interactions were also conducted online, whether that be from the computer, laptop, mobile (or other handheld devices) and this still continues to be the case.
Yet, while there are definite benefits to being online, there are dangers that many of us need to be aware of, particularly younger people who have been spending a lot more time on the internet. In fact, research by Ofcom has found 40% of children have engaged in ‘risky behaviours’ online by the time they reach the age of 12.
Whether it be gaming, social media or general web browsing, the age young people interact with the internet is getting lower and, unfortunately, there is the risk they are interacting or sharing sensitive information with people they don’t know. A child could’ve taken a picture or video of themselves and posted on a social media platform which could result in millions seeing them. Or sent a friend request on a game to a random stranger, or just generally acted in a way that would be disapproving to their parents.
This is a scary thought for any parent or guardian, knowing that a child could be interacting with a complete stranger. This is a concern many cybersecurity experts have with, especially when the youth are on the internet. Irfahn Khimji, chief systems engineer at Tripwire says: “As the world has been going more and more digital, virtual interactions are more prominent than ever. The difference is that you can be anyone you want to be online. This can be challenging to identify who it is you are talking to, so it is critical to ensure not to give away personal information to those who you’ve only met online.” Khimji adds: If you are faced with bullying or harassment, you can often block that user or even turn off your computer or mobile device and step away. If the harassment becomes persistent and threatening, you can always contact your local law enforcement agency to help.”
Joni Moore, director security solution at Lookout also advises parents to be more aware of what they are teaching their children when it comes to their activities online, with the teachings not too dissimilar from what they are taught in real-life: “Stranger-Danger” – we teach our kids to be aware of stranger danger in the real world. The same applies online.”
Additionally, Moore explains it is beneficial for more of the general public to learn about cybersecurity techniques that are used to dupe online gamers – both young and old: “Some hackers target gamers with fake game updates or utilities claiming to customise your game or help speed your game progress. Malicious apps spread through phishing, in-game communications, as attachments on gamers’ forums or chat rooms, and by other, similar means.”
On Safer Internet Day, Digital Minister Chris Philp also announced that the Online Safety Bill will be significantly strengthened with a new legal duty requiring all sites that publish pornography to put robust checks in place to ensure their users are 18 years old or over.
This could include adults using secure age verification technology to verify that they possess a credit card and are over 18 or having a third-party service confirm their age against government data. Jon Andrews, VP, EMEA at Gurucul, had the following to say: “It is an interesting topic as age restrictions on pornographic material on the internet would certainly help with societies problems when it comes to misogyny, violence towards women and sexism, which need to be directly addressed.
On the other hand, it is important to ensure that regulation don’t become restriction. The internet should be free and available to all, and regulations that can better society are certainly welcome. Credit card verification, however, can be a restrictive measure that might encourage people to obtain one in order to access certain parts of the internet, so less invasive forms of identification might be preferable.
These restrictions will also require websites to store personal identifiable information. This adds a component of risk for users, who will need to trust these entities with highly sensitive data. Unless government bodies consider this aspect and scrutinise the security policies of these websites, the move could have serious privacy implications and might motivate threat actors to launch campaigns aimed at stealing credit card details and other valuable information.”
Phishing and malware are threats that are ever-present in the gaming world with malicious individuals determined to trick young and unsuspecting minds with dangerous attachments or urls. Paul Bischoff, privacy advocate at Comparitech provides some advice on this issue specifically: “Never click on links posted in chats. Just like with emails, you should never click on unsolicited links. They could lead to malware or a phishing page. Or worse, you could get rickrolled.”
Regarding the issue around malware, Moore adds: “Malware also spreads through legitimate game update mechanisms in some cases. Some of that malware is game-oriented, stealing gamers’ credentials or in-game goods, but some steal bank accounts and other personal information stored on computers or smartphones. Gamers should always ensure they run the latest version of OS.”
But these problems are not just found at home.
Tackling the issues of malware and phishing and keeping sensitive information safe are challenges enterprises face everyday. With employees re-entering the office environments again, organisations need to ensure security training is being conducted. For organisations unaware of how to get their workforce best prepared, Erich Kron, Security Awareness Advocate, KnowBe4 has parted with some necessary guidance:
“Security professionals within organisations can best train their employees to be on the lookout for cyber attacks by implementing frequent and consistent security awareness training and by sending simulated phishing attacks so that employees truly understand what a real cyber attack could look like and they can practice this skill in a way that does not bring risk to the organisation. Having the proper reporting structure for employees to report suspected phishing emails, vishing calls or other types of attacks is also critical to help keep an organisation safe.”
“Employees may have adopted poor security practices while working remotely, such as sharing their devices or having corporate information on personal devices, not locking their machine when leaving it unattended or using corporate devices for personal tasks. These types of problems are often overlooked. Beyond technology, there could be physical records and assets that have made their way into employees’ homes. It is also difficult to determine if any sensitive information has been printed and secured or disposed of securely.”
“The challenges of defending against cyber attacks have increased significantly due the popularity of remote working brought on by the COVID-19 pandemic. That is why communication between organisations and employees is of utmost importance. Clear communication should lay out what the expectations are for employees who have moved to a remote working structure and how it will work logistically.”
Safer Internet Day