2009-12-01
Abstract
'Ignorance of the risks of cybercrime is what poses the greatest threat to the new generation of Internet citizens.' Jeff Debrosse, ESET.
Copyright © 2009 Virus Bulletin
The global Internet penetration rate currently stands at approximately 24%. With a world population of 6.7 billion, that equates to roughly 1.6 billion Internet users. Meanwhile, as Internet usage has increased, cybercrime has become pervasive, pandemic and increasingly connected with other parts of the criminal ecosystem. It ranges from the theft of an individual’s identity to the complete disruption of a country’s Internet connectivity.
For those who have yet to connect to the Internet, there are significant challenges – one of which is cybercrime (in its many forms). There are technological measures that help mitigate cybercrime attacks, but technology alone is not the answer.
The next billion users on the Internet will come not from developed nations, but from developing countries. These new users will be fresh targets for cybercriminals. Awareness is a key factor in reducing cybercrime, and even basic levels of awareness of various types of risks and Internet-borne threats can yield positive results. This is primarily due to the fact that the end-user is the weakest link in the ‘security chain’.
In an effort to educate and protect local communities, a number of organizations are currently spearheading campaigns and initiatives to teach citizens about technologies and tools that help reduce and/or prevent cybercrime. Regardless of the arguments as to what individuals, institutions (businesses, academia, etc.) and governments should do to combat cybercrime, one fact remains: doing nothing is the worst position to take.
Cybercrime targets information – data that is electronically stored, used and transmitted. For instance, even with varying levels of per capita income, the amount of money that stands to be lost through a phishing attack has the potential to be significant due to the sheer number of users at risk – economy of scale. The risk that cybercrime poses on a global scale is as limitless as human determination, ingenuity and ignorance.
Cybercrimes like phishing and data breaches are a threat to users across the globe. In the United States these threats are so severe that they were detailed as national security threats in the 2009 Annual Threat Assessment Intelligence Briefing to the Senate Intelligence Committee. This represents the scope of threats in a country whose users have had many years’ experience of the Internet. Newcomers to the Internet will face the same threats – from cybercriminals that have had years of experience and who have optimized their attack and evasion techniques.
When companies conduct risk analyses, they often have to take into consideration the costs associated with protecting their organizations against malware and the likelihood that less aware end-users will take actions that will increase their risk. Analysis of malware traffic, behaviour and code are the standard methods used for identifying and reducing the malware risk. Taking behaviour analysis to the next level: the end-user provides a means of determining whether users have been exploited and now pose a threat to themselves and, potentially, their organizations. Traditionally, the end-user has been regarded as the ‘weakest link’, but learning from and leveraging end-user behaviour has the potential not only to add to the security layering, but also to increase the strength of the weakest link.
In developing countries, computing infrastructure build-out, deployment and subsequent end-user connectivity must be coupled with effective cybersecurity awareness training – in addition to localized application training. Ignorance of the risks of cybercrime is what poses the greatest threat to the new generation of Internet citizens. Coordinated global efforts in effective awareness training will transform these new Internet citizens from potential victims to increasingly aware and less vulnerable people as a whole.
