At the start of this week I asked if another campaign week really change attitudes to online security as ‘Get Safe Online' launched its 2010 week.
While I commend the work done by this and other campaigns and I believe that Get Safe Online in particular should be commended for its work with law enforcement and the public sector, my concern is that come Monday, a lot of the work will have been forgotten. At the same time, it would be interesting to know how many members of the public are even aware of such an initiative.
Stephen Howes, founder and CTO of GrIDsure, was in agreement that he fully commended the initiative of all the organisations involved in ‘Get Safe Online Week' and said that this highlights the ‘confusing and dangerous online world'. However he commented that the problem is that with the increasing threat from hackers and fraudsters, computer users ‘are now all expected to be security experts'.
“The truth is that most computer users do not know or care what the latest iteration of the Zeus banking Trojan is, or which anti-virus software offers them the best protection. So while user education of the risks is always important, I believe that the online service providers should put in place systems that are easy to use and secure enough to make it very difficult for a hacker to steal logon details even if they have infected the users' PC,” he said.
This reflects what SC Magazine reported in August, when I asked if it was best to treat Zeus as a different threat to others out there, or generalise warnings on malware in order to best protect users and ensure that they protect themselves?
Whichever way you believe that it should go, the reports I see are made no clearer when reports consistently warn of greater and stronger malware. However perhaps the warnings should be less on the threat and more on how they end up on a user's machine?
The main piece of research that Get Safe Online did was to highlight the problem of rogue anti-virus, with claims made that one in four UK web users were targeted via cold calls. Not new news for SC, we reported on this back in July when ESET senior research fellow David Harley said that with low internet telephony rates, it is just as cheap to call a victim as it is to wait for them to drop by your website.
Saying that ‘the war drags on' with fake support, Harley claimed that he had spent quite a few months of trying to raise public awareness of the problem of fake support cold-calling and welcomed other vendors starting to publicise the issue.
Neil Fisher, vice president of Global Security Solutions at Unisys, said he was encouraged that people are waking up to these risks, but there was still too much of a hit and miss approach to online security.
Greg Day, director of security strategy for EMEA at McAfee, said: “Scareware is a tried and tested scam that has been around for a long time, we reported this as a growing problem back in 2009, and it has continued to grow throughout 2010. It is great to see Get Safe Online raising awareness of these scams, but it is concerning to see that twelve-to-eighteen months on, numerous individuals are still falling foul of them.”
Likewise, Pat Carroll, CEO of ValidSoft, commented that this type of scam provides a case as to why both consumers and banks need to work together to fight against these criminals, the banks by providing strong authentication methods and consumers by using them.
He said: “This does not have to be an onerous task; consumers and banks can use a simple automated call to verify an online payment. For example, if a desktop or laptop PC is compromised by a man-in-the-browser attack, which compromises web transactions even when protected by digital certificates, the mobile phone network will provide a ‘clean' channel over which the transactions details can be verified via voice.
“With an estimated 40 million Britons owning a mobile phone, consumers are not required to carry any additional security equipment such as a PIN ‘calculator' and using mobile phones in this way provides an easy and secure way to beat the hackers.”
I am sure that before the end of the year there will be another campaign hour, day or week and that it will generate more headlines for the organisers and give the likes of me more research to write about. I just believe that something more distinct and notable needs to be considered and with a £650 million fund burning a hole in the Prime Minister's pocket, I hope we will not be waiting long either.