Has Irish online security decreased over the last two years?

New research shows a startling decrease of online security practices among Irish computer users, worse results in all categories of a comparative 2011/2013 survey.

In 2011 ESET Ireland has commissioned the first survey with Amárach Research, to determine how Irish computer users comply with their Antivirus software’s warnings. The results weren’t optimistic back then, as large percentages ignored their Antivirus’ warnings and voluntarily exposed their computers and networks to infection.

In 2013 we asked Amárach to repeat the survey, to see what the situation is like now and, unfortunately, the results we received show that the situation has deteriorated in every category we asked about.

So… when an Antivirus, any Antivirus, alerted the users something potentially bad was detected, now only 52% complied with the warning (was 66%), 19% stayed on a website they got warned about (was 15%), 24% ignored the warning when they tried to open a potentially infected file or program (was 14%), 8% actually disabled their Antivirus, because it wouldn’t let them open a file or a program or look at a website (was 6%), and 6% use no Antivirus software (was 4%).

AntivirusWarnings

The demographic breakdown shows some very interesting patterns. The youngest generation (ages 15-24) is the only one where complying with Antivirus warnings has actually increased (from 35% to 46%), so they seem to be taking things more seriously than they used to. But the midlife cyber-crisis seems to have hit the 35-44 year-olds hard, as they have shown the worst decline. Of 74% that used to trust their Antivirus’ warnings only 45% do so now, they are the worst age group when it comes to dodgy websites, as now 20% ignore warnings and continue surfing, while only 9% used to and they are also the worst when it comes to opening suspicious or infected files or programs, as 26% now ignore warnings, from the previous 11%.

While it is somewhat comforting that the percentage of people without any Antivirus protection is still relatively low, it is quite concerning that so many have it, but don’t comply with the warnings.

Any Antivirus tries to automatically prevent infections and the spreading of viruses and other malware. But that cannot work if computer users ignore or disable the protection, because they’re intent on doing something with the computer, regardless of the consequences. Malware is not used just to annoy users, but to steal their passwords, banking and credit card details, entangle them in scams and fraud, etc., all things that can have serious financial consequences. Is visiting that one dodgy site really worth that risk? Can we seriously expect our information superhighway traffic to be safe, if only one half of the drivers notices the traffic lights, one quarter willingly ignores them and one in twelve drives without brakes?

The Irish becoming serious about protecting laptops, less about other devices, but have no idea what data leakage is

The latest research ESET Ireland did was about how covered Irish computers and devices are with antivirus and data leakage protection.

The research by ESET Ireland, was carried out on a thousand people. First we determined what sort of devices the Irish use to connect to the internet:

Am03

Then we found out 90% of Windows-based PC/Laptop users have antivirus installed, as do 63% of Mac users. Linux users, however, still feel confident they’re entirely invulnerable, as only 10% use antivirus protection. The picture is a bit grimmer among mobile users, as only 41% of Android users have their mobiles protected by antivirus, followed by 27% of iPhone users and 26% of Windows phone users.

Am01

But the picture completely changes when it comes to Data Leakage Protection. The Irish, so it seems, are barely aware of data leaks being a problem at all, as 74% answered they don’t know, while about a third of Linux users use some protective measures, as does one in four Windows/Mac users.

Am02

So, while malware awareness seems to have reached a certain satisfactory level among computer users, it is still lacking for mobile devices, even though mobile devices are as much targets of malware as are computers, since they’re increasingly used for accessing social media, various apps and offer various purchasing functionality, which could be compromised by malware, causing the victim direct financial damage.

More surprising is the complete lack of awareness about data leakage, particularly with the amount of coverage the media have already given various data leaks in the past. With BYOD (bring your own device) becoming increasingly popular, this could cause many companies’ sensitive data being at risk of getting lost or stolen.

So, mobile users should give installing an antivirus on their device some thought and all computer and mobile device users would be wise to start paying attention to information on data leakage a bit, if they wish to avoid related trouble.

High cybercrime levels and worrying youth cyber-bullying, latest Irish survey shows

New survey by ESET Ireland reveals what terrible things befall the Irish with regards to their computers and smartphones. One in five Irish had laptop, smartphone or tablet stolen and over 50 per cent had a computer virus infection.

ESET Ireland, the distributor of ESET NOD32 Antivirus, has commissioned a survey to find out what endangers Irish computer and smartphone users the most. The research was carried out by Amárach research on 1018 Irish adults.

We asked Irish computer, smartphone and tablet users if they’ve experienced any of the following, and these are the results we got:

irishcybercrime

54% of Irish computer and mobile device users have admitted to having had their computers infected with various viruses. Although we have no way to prove the correlation with results of a survey we did a few months ago, where 45% of Irish computer users admitted to using free antivirus and 8% using pirated or no antivirus at all, these two numbers do add up to 53%, which being nearly exactly the percentage of the infected too, is an interesting coincidence.

We also didn’t quite expect the relatively high numbers of other distressing things that happened to Irish users. One in five had their laptop or device stolen, about one in seven had their credit card abused, their emails or social media account hacked, fell victim to a scam and 4% even had their identity stolen online. With over three million estimated Internet users in Ireland, we can guesstimate that up to a half a million people were victimized in this way.

A smaller, but not negligible 9% of people have also been victims of unauthorised use of their emails and social media by friends or family, colloquially known as “fraping” (a combination of Facebook and rape), something that usually occurs when people forget to log out. While usually only used to embarrass the victim and not for serious cybercrime, if it occurs with malicious intent among children, it can also be classified as or lead to cyber bullying.

Here it stops being funny, as 5% of all surveyed have admitted to being victims of some form of cyber bullying. Since the survey includes all age groups, the group most affected needed to be looked at more closely. And in the demographic breakdown the age group 15-24, a shocking 13% have said they were cyber bullied. Since the phenomenon is predominant in even younger age groups, we can imagine the results of a survey focusing only on teenagers would give even scarier results. This should be very worrying for parents and teachers across Ireland. Over a year ago, we did a survey where we asked Irish parents if they leave their children unauthorised online, and with up to 73% of children being left unsupervised, we find this very concerning, since Ireland has had some very publicised experience with cyber bullying.
Anti-theft and anti-scam technology can counter these threats, but can’t take over common sense and parenting responsibility

The high level of laptop and device theft is one of the reasons ESET introduced anti-theft GPS tracking technology to the latest version of their security products. To combat scams, ESET introduced anti-scam monitoring as well. But just like with all the safety features in a car and on roads, most still depends on the driver. With computers it is no different. ESET cannot make users be more responsible with their credit card info online, nor force them to use safer passwords to prevent email or social media abuse. We can also not make people log out of their accounts or falling for scams if they ignore the warnings. And most importantly, no software can replace actual parenting or prevent children bullying each other, if those responsible don’t go about it in a cyber-aware manner themselves.

Online security is more than just installing an antivirus and a firewall. It is also knowing about threats and staying informed, as well as acting responsibly when using computers, smartphones and other devices, since, as can be seen from the statistics above, threats come in many shapes and forms and some can also have terrible consequences.

Urban Schrott
IT Securit & Cybercrime Analyst
ESET Ireland

Research reveals nearly half of all Irish computers depend on free antivirus for protection

A recent poll commissioned by ESET Ireland shows 45% of Irish computer users use free antivirus on at least one of their computers, 36% use licensed software, while the rest use a combination of products,  pirated software, none at all or don’t know.

A multiple answer poll conducted among 1000 Irish adults in January has revealed a few interesting things. A very positive one is that the vast majority of computers in Ireland are protected by some form of security software and only 5% use nothing at all, while a 3% minority is mad enough to use pirated antivirus – as that makes about as much sense as having robbers guard jewellers and bank vaults.

A slightly more worrying one is that nearly half believe that a free antivirus is equally effective in keeping their computers safe as a full security suite. While some free security products that can be found online are, honestly, worth less than they cost, it is true that usually free and payable versions of AV from the same vendor use the same core engine, but they don’t have the same functionality and features. In most cases, they’re intended as an evaluation tool. Because of the work that needs to be put into any product, if it’s to be in any way effective, the developer needs to get some return on his investment. In “free” software, this is often done by installing “complementary” toolbars, utilities containing adware-like functionality, etc, where the client is monitored and served with advertisements.  These add-on programs subsidise the cost of the “free” anti-virus potentially at the expense of users’ privacy.

antimalware

Results of January 2013 poll.

Therefore relying on full protection of one’s computer by using a semi-functional security product is somewhat naïve, to put it mildly. Online security these days goes far beyond just sets of virus definitions as was the case with antivirus a decade ago. The multiple-vector attack nature of modern malware and cybercrime in general forces effective security suites to integrate antivirus, firewall, anti-spam, social media scanners and scam-site detectors, using traditional definition-based malware recognition, combined with proactive, behavioural heuristic detection. That is then also backed up by large teams of security experts and analysts, who monitor the web 24/7 for new outbreaks and new forms of attack as well as offer tech support to their users.

Further demographic analysis of the poll show that, as in most similar polls we did, women tend to be more cautious, while men more reckless in computer use. Just as more men than women admitted to using pirated software, visiting dodgy sites, ignoring their security software’s warnings in previous polls, so in this one more men than women use free software (48%), while women prefer to be safe with payable full versions (41%). Only 1% of females use pirated antivirus software, while 5% of men do. Same attitude towards safety as in most previous polls is also revealed age-wise. The young group of 15-24 is the most reckless in using free (46%) and pirated antivirus (6%), while in the 55+ age group is safest, as no one admitted to be using pirated software while the use of free antivirus is 43%. Geographically it is a bit more unusual. While the Dublin area had the lowest use of free software (40%) it also had the highest level of piracy (6%), Connaught/Ulster was the opposite. There 51% rely on free programs, and only 2% use pirated ones.

The conclusion could therefore be, that while awareness of the dangers online is increasing and steps are being taken by users to ensure some level of security for their computers, the naïve perception of the threats and solutions for them is a bit reminiscent of WW2 garden aluminium air-raid shelters. While they may not really offer any serious protection against bombings, they at least reassure that something is being done.

Urban Schrott
IT Security & Cybercrime Analyst
ESET Ireland

A Right Royal Security Blunder

Yesterday’s Guardian reports of an interesting royal IT security failure, when a supposedly non-problematic article of Prince William at work also revealed a large piece of paper with a military login and password clearly displayed in the background. (Guardian’s photo at http://static.guim.co.uk/sys-images/Politics/Pix/pictures/2012/11/20/1353420459724/Prince-William-chats-with-010.jpg)

UK’s MoD has since urgently changed their passwords, but the lax attitude towards IT security, particularly in delicate areas such as the military, does leave a very sour aftertaste. As if revealing the password wasn’t bad enough, the password itself wasn’t very strong either, apparently.

Globally the most widespread passwords still seem to be “123456” and “password” as well as other very simple ones. Statistics show the Irish are a slight bit smarter when it comes to passwords, as the majority do use a combination of letters and numbers at least:


(source ESET Ireland survey, May 2011)

In a series of articles, ESET expert David Harley has also been dealing with the issue of password security, but one worth pointing out in light of the Royal blunder is that the best password in the world is of little use if the site or service or organization that you access with it isn’t taking proper care of it“, from the Password Strategies: Who Goes There article in SC Magazine.So, while the Irish do use better passwords than is the global average, the question remains, where do they have them written down and displayed for everyone to see.

Do more children have to die before parents take their online lives seriously?

ESET Ireland survey: Up to 73% of children are left entirely unsupervised online.

The recent Co. Donegal and Co. Leitrim tragedies, where two teenage girls committed suicide because of online bullying and abuse, reminded us in a most dreadful way that the web isn’t just a nice place of Google searches, YouTube videos and friendly Facebook wall posts. Online life, just like regular life, has its shady sides as well. But while we’re taking many measures to stay safe in real life, the online life is considered less important by most. At least until something tragic occurs.

These horrible events prompted us to attempt raising awareness of the issue once again in hope something does change for the better, and remind the Irish public of the survey we had conducted about a year ago. ESET Ireland had a survey done with over a thousand people participating across Ireland, to find out if Irish children are supervised online. The results were shocking as they revealed that up to three quarters of children are left entirely unsupervised online.

We asked if children of different age groups (ranging from 6 to 16) were left unsupervised online, and as it turns out parents seem to supervise less and less as the children age. So the youngest group of 6-7 years of age were only left unsupervised in 27% of the cases, but then supervision drops incrementally to 73% being unsupervised in the 16 years of age group.

Question: Is your child left unsupervised online?
The graph shows how many parents of children of a certain age said YES.

It is hard to imagine that a third of 6-7 year olds and three quarters of 16 year olds receive absolutely no supervision from their parents while online, when it has also been brought forward by other researchers, that just over one in ten will accept any friend request on social media, and nearly half of them have friends they have never met.

At ESET we believe it’s also a parent’s job to help younger children to develop on-line life skills:

  • Know (and discuss) the dangers. With younger children, learning about safety issues could be a family project where parents and children could learn from each other.
  • Just because it isn’t physical, bullying and abuse online is just as traumatic and cruel as elsewhere and should be detected early, blocked in time and the victim treated as seriously as they would be in the case of any other abuse.
  • The web (and especially social media sites) are full of social interaction with people you or your children may never have met, as well as people that may not have good intentions. Keep an eye on who your children are communicating with and what it is about.
  • Think about installing Parental Control software which lets you monitor and limit computer use, as well as block many categories of offending websites and programs.

11 Tips for protecting your data when you travel

Recently FBI issued a warning about a threat involving hotel Internet service overseas and it produced a lot of requests for advice on how to respond to the threat. So researchers at ESET came up with a list of data security tips for travelers. These tips will help you keep your data safe while traveling and should defeat this particular threat (when a pop-up appears as you are signing in to the hotel Internet and asks you to update perform a software which is actually a malware infection).

  1. Make sure your operating system and antivirus software are updated before you go on the road.
  2. Backup your data before you head out (and store the backup in a safe place).
  3. Consider leaving some data behind or move sensitive data from your laptop hard drive to an encrypted USB stick.
  4. Make sure you have password protection and inactivity timeout engaged on all devices including laptops, tablets, and smartphones.
  5. If possible, only use reputable hotel Internet service providers (ask the hotel who their provider is before you book).
  6. If the hotel Internet asks you to update software in order to connect, immediately disconnect and tell the front desk.
  7. If you use hotel Internet to connect to your company network use a VPN.
  8. Do not use WiFi connections that are not encrypted with WPA (avoid WEP encrypted connections which are easily hacked).
  9. Consider getting a 3G or 4G hotspot and using that instead of hotel Internet.
  10. Avoid online banking and shopping while on any hotel or public Internet connection.
  11. Disable pop-ups in your web browser.

WEP/WPA? How to know which encryption scheme an access point offers

If you are using a Windows 7 laptop you can see the encryption type for any available access point when you display the list of access points from the network icon in the Taskbar (typically lower right of the screen). You may have to hover over the point in the list to see the information.Airport encryption

If you are using a MacBook you can Option-Click the Airport icon for a list that will display the encryption type of your current connection and, on hover, other connections, as shown on the right.

Bonus tip #1: If you are on the road and suspect that your Windows laptop has become infected you can get a free online scan from ESET.

Bonus tip #2: Don’t assume your laptop is safe from malware when traveling just because it is a Mac. Consider installing a reputable antivirus product, for example, you could install a free 30-day trial of ESET Cybersecurity for Mac OS X before you head out on your travels.

Follow

Get every new post delivered to your Inbox.

Join 78 other followers