0

The results of a new security survey, which asked some 6,000 people across Europe questions about cybercrime, would appear to suggest that nearly everyone (88% of respondents in fact) is some kind of online victim. Have things really got this bad, or is it just another case of the security industry painting a very dark picture in order to drive demand for IT security solutions and services?

Well let's take a look at the results of that survey which was carried out by security vendor Sitecom. I can understand fully that the 73% of people 'concerned about their security online' might think that, after all every sane person has to be concerned about malware, phishing, cybercrime. I'm slightly surprised that this would seem to imply that 27% are not concerned, as that suggests to me these people don't care if they fall victim or not. Surprisingly, 88% believed it was 'important to be protected against cybercrime' which is another statistic that falls into the 'realms of normality' category. Or at least it would were it not that this then highlights the disparity between those who are concerned about cybercrime (73%) and those who think it important to protect against it (88%). Somewhere there is a peculiar 15% who, I have to assume, think it is important to protect against something that they are not actually concerned about.

dweb-phish

But wait, things get even odder as you dig into the results further: 88% of the respondents said that they "have been victims of one of the following forms of cybercrime: virus, spyware, trojans, worms, rootkits, fraud, phishing or malware". Which tallies with the number of folk who thought it important to protect against such things, but still leaves 15% who have been hit by cybercrime in some form but still refuse to be concerned about it. Odder still, when you consider that 98% of those asked by this survey actually use an anti-virus scanner of some sort yet 48% of them didn't feel protected by it.

If you are starting to get that old chestnut of lies, damn lies and statistics floating around your head I can understand it. Not that I am accusing Sitecom, or anyone else for that matter, of making this stuff up. However, I do wonder just how relevant such statistics are for anything other than product marketing purposes.

Is the Internet really so completely saturated with malware and bad guys that it has become an unsafe place to be? No, of course not. The suggestion that only 12% of Internet users, if you extrapolate the results of asking 6,000 people to the entire population, have not been hit by a virus, spyware, Trojan, worm, rootkit, fraud, phishing or malware just does not gel with my own experiences, nor those of the fact majority of people I know. In fact, truth be told, I know very few people, relatively speaking, who have fallen victim to cybercrime of any type.

Of course, how you phrase the questions will always be a factor in any kind of survey. As will how you group together categories that define a whole. How many of that 88% of cybercrime victims, for example, actually were just recipients of a badly constructed spam email trying to persuade them to login to a cloned banking site for a bank account they do not even have? Again, I'd like to make it clear that I'm not aiming this directly at Sitecom, but without knowing that level of detail the overall claim of victimisation is diluted to the point of being, well, pointless.

What do you think, are claims about Internet insecurity overblown by security vendors or do the numbers you see tend to tally with your own experiences? Join the DaniWeb conversation and let us know...

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

9
Contributors
9
Replies
10
Views
5 Years
Discussion Span
Last Post by sbesch
0

I could believe they are fairly accurate, however I think you are correct in assuming that much of what is categorised as "cyber crime" is probably very low on the severity scale. Personally, I get virus warnings - a lot of false positives, tracker cookies and things like that, and some genuine - every few months. I have also been receiving emails from various companies stating they have reset my passwords for various website/game accounts and the like due to "possible security breaches", it seem like every couple months.

Its impossible for any antivirus software to offer 100% protection. The only way to get that is to never go online, ever. It's unfortunate that these statistics are so high, but in my experience a lot of people aren't aware of what constitutes a risk or threat online. Education towards recognising threats, both before and after you have become their victim, I believe is the way forward.

The fact that my spam folders in gmail/hotmail are always full has to tell us something about the sheer quantity of dodgy stuff that is out there. But a very small percentage, I suspect, actually finds a mark.

0

My point is that the '88% are victims of cybercrime' claim seems way too high, as far as my real world experience as both a journalist and small business consultant working in the field of IT security is concerned. It's how you define the word 'victim' that is the key I suspect. Does being a recipient of a phishing scam email make you a victim? No, not unless you follow it up and eventually lose money. Does being sent a link to a Trojan dropper site make you a victim? No, not unless you click it and install it and the payload is dropped.

These things are all a huge problem, I'm not trying to downplay that. I just wonder if the constant scare stories do less in terms of educating people and making them aware of the dangers and rather more by way of simply numbing them to the problem by overexposure and exaggeration?

Edited by happygeek: typo

0

They say "don't ask the barber if you need a haircut". I think this applies here as the survey was done by an organization that definitely has something to gain by FUDding. In all the years I have been online (at work and at home) I have only (maybe) been infected once. It was not definite but because I had doubts I restored a system image (30 minutes) and continued merrily on my way. However, I have had to sanitize my father-in-law's computer on numerous occasions. Unfortunately, he is the type of person who will download and install anything without thought (three cheers for disk imiaging).

I agree about the 88% figure likely being inflated. My anti-virus software (Trend Micro) regularly reports on all of the intercepted "threats". When you consider that most of these threats are blocked cookies or blocked access to sites that "may pose a threat" as well as alerts on modifications that I have made myself to my HOSTS file the actual threat to my computer is quite low.

0

Even though there are many anti virus software, we can really never be sure on how safe we are. All the dangers is in on line. So we really have to be aware everytime and be sure to always update our softwares.

0

Well..May be we are a victim of internet as everything has some merits and demerits. It depends on how you utilize the resources you are availing.

0

"Lies, Damn Lies, and Statistics" - Benjamin Disraeli's comment about the power of statistics to tell lies is as relevant today as it was in the 19th century. It is sad that every time we see a statistic, there is this natural suspicion of the number. Having said that, I also have to say that I believe these numbers to be suspect, but, for what it's worth, there is the possibility that it is not intentional. There are (at least) 2 problems with all of these types of surveys: Selection Bias and Badly Defined Endpoints. I suspect that this survey suffers from both of these problems.

First, Selection Bias shows up all the time. This is where the sample that is surveyed is, for some reason, highly enriched with people who have had the problems being studied. Why this happens is sometimes obvious but often it is very subtle and hard to detect. In a case like this, the sample may be drawn from people who call help centers with problems, or perhaps from survey e-mails that are most likley to get a response from those who are cyber-attack susceptible. Skeptics, like me - and many of the readers of this post, would never respond to them.

Second, a badly defined endpoint refers to making incorrect assumptions about the relationships between what the survey is actually measuring and what they are trying to quantify. In this case, an example would be counting as a victim anyone who gets spam (i.e., is exposed to the possibility of cyber-attack), whether they respond to it or not.

Both of these errors in statistical sampling would badly skew the results, either innocently, or by intent. Given their extreme numbers, and the fact that it does not seem to align with many peoples first hand observations, suggests to me that their results are badly skewed, both by Selection Bias and Ill Defined Endpoint assumptions. In short, the study design is flawed.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.