Cybersecurity: Users, other groups must work together

Individual Internet users, businesses, the government and tech vendors all need to focus more on cybersecurity and be aware of the dangers, a group of cybersecurity experts said Thursday.

The Internet is vulnerable at multiple levels and each of those groups play a part in protecting cyberspace, said Steve DelBianco, executive director of NetChoice, an e-commerce trade group.

NetChoice, in a report released Thursday, focused much of its attention on user behavior, saying that Internet users need to be better educated about types of social-engineering attacks. Last week, the U.S. Federal Trade Commission issued a warning about new phishing e-mail scams that identify the sender as a bank or mortgage lender that has taken over the e-mail recipient's account. The e-mails ask the recipients to click a link to confirm personal information, but the link takes them to a site harvesting personal information, not to a real financial institution.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Individual Internet users, businesses, the government and tech vendors all need to focus more on cybersecurity and be aware of the dangers, a group of cybersecurity experts said Thursday.

The Internet is vulnerable at multiple levels and each of those groups play a part in protecting cyberspace, said Steve DelBianco, executive director of NetChoice, an e-commerce trade group.

NetChoice, in a report released Thursday, focused much of its attention on user behavior, saying that Internet users need to be better educated about types of social-engineering attacks. Last week, the U.S. Federal Trade Commission issued a warning about new phishing e-mail scams that identify the sender as a bank or mortgage lender that has taken over the e-mail recipient's account. The e-mails ask the recipients to click a link to confirm personal information, but the link takes them to a site harvesting personal information, not to a real financial institution.

This attack can look credible, given the number of bank and mortgage lender failures in the U.S. right now, DelBianco said. "The bad guys are clever, and they're getting badder," he said during a cybersecurity event in Washington, D.C.

NetChoice's report, "Hardening the Security Stack," described potential vulnerabilites directed at user behavior and the DNS (Domain Name System), two layers of the so-called Internet stack identified by the group. It would be "phenomenally expensive" to implement proactive, tech-based security at every layer of the stack, which also includes operating systems, software and internal network services.

"Responsibility for cybersecurity lives at all layers of the security stack, not in any one layer," said the report, co-authored by DelBianco. "Simply put, there is no silver bullet."

The report calls on tech vendors to implement multifaceted security programs, including user education, as well as hardened software and equipment upgrades aimed at security. Government agencies can test new technologies and ensure that businesses use proper safeguards, the report said. The government also needs to maintain high standards for its tech vendors, the report added.

Ken Silva, senior vice president and chief technology officer at .com and .net registry operator VeriSign, agreed with the NetChoice report, but he called on individual computer users to be vigilant about cybersecurity. Individual users are often the target and often the cause of many cybersecurity problems, he said.

"Anyone who wants your money will find very creative ways to get it, legitimate or not," he said. "Most security vulnerabilities rest between the keyboard and the back of the chair."

The U.S. could make significant progress in fighting cybercrime if Internet users were more wary of phishing and other scams, if individuals and businesses changed static passwords and if laptops included several layers of protection against data theft when they were lost and stolen, Silva said.

However, it's not always easy to see cybercriminals at work, Silva added. Earlier this decade it was fairly easy to tell if a computer was compromised with spyware or a virus because the malware caused easily seen problems, he said. But now, many people are unaware that their computers have been compromised and are leaking personal data or are used in a botnet to send spam or attack other computers, he said.

The IDG News Service is a Network World affiliate.