CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 – 29, 2010 Kuala Lumpur Convention Centre OCSSMC Research Findings and Messaging Outcomes Among General Public and Industry Experts
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010
October 25 – 29, 2010Kuala Lumpur Convention Centre
OCSSMC Research Findings and Messaging Outcomes
Among General Public and Industry Experts
Darin Andersen
- BA, Gov/Lit + USC x 2 Masters (MBA + Info Sys & Ops Mgt)
- 20 years in High Tech (Software + Security)
- COO, ESET – Anti-Virus/Anti-Malware security software
- Team = 200: Depts = 10 : 5 Year Growth = 1,300%
- 6 Boards (4 Community + 2 Private Business)
- Chairman of San Diego Police Foundation
- Chairman “Securing Our eCity”
- Cybersecurity Expert and Social Networker
ESET
• Global security company / 750 employees
• Corporate HQ – Bratislava, Slovakia
• North American Headquarters San Diego
• Flagship Product: ESET NOD32 Antivirus
• 130 mm users in 160+ countries
• INC 500 x4/Deloitte Fast x 3/SD Fastest x 5
• Forbes and Consumer Reports “Best”
Threatscape Evolution
• “Kiddie Scripter” to Cybercriminal
• Attacks more targeted – “spear phishing”
• Increasingly complex – self-modifying, encrypted, etc.
• Pre-installed (foreign sources)
• Decrease in email-borne malware
• Lower barrier to entry
Technology vs. Behavior
The rise of . . .
SOCIAL ENGINEERING
All Disasters Are Local
Securing Our eCity
• Public/Private Partnership
• Community outreach
– Workshops
– Seminars
– Public Relations & Media
• Digital citizens and businesses
– Aware
– Prepared
– Educated
Community Stakeholders
• Local government
• -Local law enforcement
• -Chamber of Commerce and EDC
• -Non-profits
• -Industry leaders
• -Education
• -Military
• -State and Federal constituents
The Model City Concept
• An active and engaged community ecosystem
Government
Law Enforcement
Education Non-Profit
Industry
Winner of DHS + White HouseCyber Security Challenge
A Unified Message for Cybersecurity
Overall Approach
• NCSA and APWG
– Internal among 45 members of the Online Consumer Security & Safety Messaging Convention Working Group (―Experts‖)
– External among 23 general public internet users nationwide, mix of demographics and level of safety/security concern
Overall Program Objectives
Develop a motivating and compelling online security and safety messaging across the public and private realms that:
1) Eliminates the discordant information on the threat of cyber menace
2) Develops sound, consolidated messages that offer clear advice to the public on how to stay safe/secure online
3) Produces a messaging suite to be used universally to raise awareness of e-crime and provide simple tips for individual consideration
4) Creates consensus around a single, concise, memorable message for consumers for online security and safety
But First …
RESEARCH
Early Findings
-Piecemeal but
appropriate Actions
(AV, Passwords etc.)
-Withhold
-Avoid
-Loss of Trust
-Strive for Calm,
Comfort, Happiness
-Mind Set
-Educated
-Aware
-Protect
-Smart Choices
-Avoid False Sense of
Security
-Reduce Risk & Harm
•Caution•Less Worry•/Stress•Confidence•Control•Peace of Mind•Protect family
Violation VigilanceFreedomEmpowerment
ConsumersExperts
Majority Have Recently Heard Something About Online Safety and Security
Q410. Have you read, seen or head anything recently about online safety and security?
Q412. Do you consider this positive or negative news?
Information Heard About Online Safety and Security Skews Negative
What Have you Read, Seen Heard?
55% Negative
Identity Theft
Privacy Policies
Attacks Increasing
Scams / Phishing
Hacking Viruses
Online Bullying
Software Protection
Internet Predators
Corp Security Breach
Financial Info Stolen
Protection Systems
Protect Personal Info
Identity Protection
Avoiding Scams/Phishing
Safety Tips
Virus Protection
Password Tips
Spyware/Malware
Monitor Kids Online
Q411. What have you read, seen or heard recently about online safety and security? Please be as detailed as possible.
Q412. Do you consider this positive or negative news?
45% Positive
Strong Agreement About Online Security
Q415. Please indicate whether you agree or disagree with each of the following statements:
96%
92%
93%
90%
85%
Online Safety and Security Viewed Most Important at the Personal Level
Q430. When you think about online safety do you see it as an issue that is most important at the:
Q431. When you think about online security do you see it as an issue that is most important at the:
59%
8%
33%
56%
7%
37%
Personal level
Community
level
National level
Importance of Online Safety or Security
Safety Security
There is no notable difference in how
people perceive the semantic difference of
safety vs. security
Focus on the value of Personal Security (64%)
Focus on the values of Control (47%) and Peace of
Mind (42%)
People Are Aware of Many Things They Should Be Doing to Be Safer Online
Q442. What are some specific actions or behaviors that you could take or do already take to be safer and more secure online?
Keep Software Updated
Protect Personal Info
Visit Secured / Reputable SitesNo Attachments/Emails from Unknown Sender
Safe / Strong Passwords
Use Firewalls
Limit Online Shopping / Banking
Enhance Social Networking Privacy Settings
Know Who You’re Dealing With Online
Clear Cookies
Increase Personal Education
Enhance Security System
Inaction – Split Between Over Confidence and Under Confidence
Q445. Some people say that they don’t do all the things they know they can or should do to be safer and more secure online. What reason is most applicable to
you personally?
• Ages 55+ (37%)• Ages 65+ (41%)• Online Threat is Top
Concern (33%)• No kids in HH (31%)• Interested in Online
Security Issues (30%)
• Not Interested in Online Security Issues (36%)
• Focus on value of Freedom (29%)
• Ages 18-34 (25%)
• HH Income of $100K+ (13%)• Not interested in Online
Security Issues (10%)
• Spend less than 10 hours online a week (11%)
• Ages 18-24 (10%)• Ages 35-44 (9%)
Reasons People Choose to Not Be Safer/More Secure Online
Strong Majority Take Proactive Steps to Be Safer and More Secure Online
Q450. Have you done any of the following within the last 6 months?
Consumers Understand the Importance ofOnline Safety
Q425. Broadly thinking, please rate the importance of a safe and secure online environment in each of the different settings, using a scale of 0-100 where 0=not at
all important, and 100=extremely important.
The following groups ALL rate EACH of these higher than their peers:• Women• Know Internet Victim• Resident of the South• Interested in Online Security Issues
• Online Threat Top Concern
Overall Most Consumers Believe it is in Their Control to be Safer and More Secure Online
Q507. Thinking about the last two questions, there are many different things you can do or control to make yourself safer and more secure online, but there are
also several things to be concerned about that are out of your control. When you think about two sides of online safety and security, imagine them as two pieces
of a pie. Please indicate how big each piece of the pie is to you personally, that is how big is the portion of things you can control and how big is the portion of
things you cannot control that concern you. Each piece can be assigned any whole number between 0 and 100, however the total of the two pieces needs to
equal 100.
• Do not feel vulnerable online (69%)
• Ages 65+ (64%)• Post Grad Education (64%)
• Males (63%)• No kids in HH (63%)
• Feel vulnerable online (41%)
• Were or Know Internet Victim (41%)
• Females (41%)• Have Kids in HH (41%)
• High School or Less Education (41%)
Relative Strength of Message Components
Stop. Think. Click.
Safer for Me—More Secure for All
Everyone plays a part in protecting our freedom to learn, interact, transact, and explore online
It’s easier than you think
Take control
Take care what you share
Be Web Wise
Keep a Clean Machine
Share with Care
Preserve our freedom online, do your part
It’s all about preserving our freedom
When I’m being safe online, I helping make it secure online for all
Most people already know what to do to be safe and secure online
Feel the confidence of being more secure online
We all live in an online world
Enjoy the security, protection, and freedom to venture anywhere
Take full advantage of the online world
Component Resonance: Stop. Think. Click.
Q574. Of all the concepts you just reviewed, which one is your favorite? Which is your second favorite?.
Stop. Think. Click. Take care what you share* so can better enjoy the security,
protection and confidence to venture anywhere and take full advantage of the online world.
Keep It Positive and Personally Relevant
• Direct to consumer messages that focus on fear or point at actions individuals do to put others at risk will not be effective
– People generally feel safe and secure in their personal online activities and don’t really believe their actions are putting people at risk.
• People will respond more favorably to messages that feed their belief they can make a positive difference for themselves, others, and the internet more broadly
Strategic Hinge
A direct to consumer campaign should focus on specific things people can do to promote online safety and security—common
sense things they can do and for which they are
Common Sense Actions,Personal
ResponsibilitySomething I control
Protected, More Comfortable and
Confident
Personal Security Peace of Mind
Impacts Others
What Does This All Mean?
• Citizens are primed for a communications campaign on cyber security
– High interest and personal concern
– High level of awareness on cyber security issues
– High level of belief they can make a difference
– Recognize they could be doing more
• Moreover, citizens recognize the link between individual and national cyber security and care about protecting both.
• All this despite the fact that most citizens generally feel safe and secure online in their personal actions and don’t
feel what they are doing puts others at risk.
A Community Based Approach
AwarenessPreparednessEducation
QUESTIONS