Lack of cybersecurity education for consumers
The Biden administration took a major step forward in its cybersecurity efforts this week when the State Department launched a cyberspace and digital policy office with more than 60 employees and plans to hire more.
Meanwhile, many of us struggle with the most basic components of online security. “123456” is the most popular password in the world, based on breached data analysis. According to a 2021 report from the National Cybersecurity Alliance, about a third of us miss out on critical security fixes because we don’t keep up with software updates.
Technologists are bad at explaining cyber threats and solutions in terms ordinary people can understand, experts tell me regularly as I write for The Post’s personal technology vertical called Help Desk. Sometimes that means we spend decades making the same mistakes, he says. Eric Colewho served on the Committee on Cyber Security during the Obama administration and began his career in the 1990s as a hacker for the CIA.
“If you had told me back then that in 2022 the number one way to hack people would still be a bad password, I wouldn’t have believed you,” Cole told me.
Policymakers grab headlines for being tough on cybercrime, but rarely pass on security information to constituents. according to victoria bainesa visiting fellow at Bournemouth University who wrote the book “Rhetoric of Insecurity”.
Providing citizens with frank information about digital threats is rarely at the top of lawmakers’ lists, and its imprecise language gives it away, Baines said. Cyberspace becomes the “Wild West” and the “dark corners” of encrypted messengers. Even the FBI relied on an image of a scary looking hacker in a dark hoodie to greet visitors to its public cybercrime website (changed image in 2020).
- “The more we portray cyber threats as some kind of intergalactic horror story, the less safe people will be because they will feel less able to protect themselves, their businesses, their friends and loved ones,” Baines said.
Scare tactics can prompt consumers to take cybersecurity seriously, Baines said, but they also distract from the fact that policymakers themselves often don’t understand the complicated factors at play.
Mass cybersecurity education campaigns are not particularly attractive. In 2004, the National Cyber Security Alliance and the US Department of Homeland Security established National Cyber Security Awareness Month to further understanding of digital threats, but interest and participation has since dwindled, according to Kavya Pearlmanfounder and executive director of the Extended Reality Security Initiative.
- “While there has been increased awareness due to recent executive orders on cyber security threats, the federal government and lawmakers are not sufficiently explaining to laymen how emerging digital threats percolate and affect everyone,” Pearlman said. .
- Pearlman said that the government should do more and that he urged the Cybersecurity and Infrastructure Security Agency (CISA) to allocate part of its budget to educate citizens about the security risks of emerging technologies, including artificial intelligence and the Internet of things.
- A CISA spokesperson wrote in an email that strengthening America’s cybersecurity requires a “whole-of-nation approach” and that the agency educates people on how to stay safe online through its website and social mediaas well as “awareness campaigns, alliances and [its] network of regional offices nationwide.”
National governments should use public health campaigns as a model for consumer cybersecurity education, Baines said. If governments can tell people how to wear masks to reduce coronavirus risk, they can explain basic digital hygiene, she argued.
Some politicians feel more comfortable discussing digital threats. Senator warner brand (D-Va.), Sen. Ron Wyden (D-Ore.) and former Texas congressman Will Hurd (R) have always put cybersecurity center stage.
Rep. Alexandria Ocasio-Cortez (DN.Y.) took to Instagram this week to answer questions from his audience, one of which was about cybersecurity.
“Cyber attacks on banks and the network… how likely are they? Should we prepare? It’s scary,” one Instagram user wrote, apparently referencing concerns about cyber warfare as Russia continues its invasion of Ukraine.
“Turn on factor 2 and use enhanced security to protect yourself and others,” Ocasio-Cortez said in a written response. “Don’t click on any weird links.”
Is it a complete cybersecurity guide? Maybe not. But she nods to practical advice that politicians rarely come to.
It’s your lucky day: The Post has a Security Reset Guide.
In the absence of broad campaigns educating consumers about so-called digital hygiene, other resources must fill in the gaps. The Post’s technical help desk is creating a collection of how-to cybersecurity guides to help readers get their digital ducks in a row. With the help of experts (and readers themselves), we break down common questions about passwords, software, Wi-Fi, and more, and uncover the easiest ways to protect yourself against online threats. Check back and click when you need an extra hand, or send it to your parents.
The US Government Sanctioned a Darknet Marketplace and Charged an Alleged Server Administrator
Treasury Department sanctions in Hydra Market came about when German authorities seized the site’s servers and around $25 million in cryptocurrency. The Justice Department charged a 30-year-old resident of Russia, Dmitri Olegovich Pavlovwith conspiring to distribute illegal drugs and committing money laundering in the administration of the Hydra servers.
The Treasury Department also sanctioned Garantex, a cryptocurrency exchange that was originally registered in Estonia but operated primarily within Russia, the department said. Of the more than $100 million in illegal transactions on Garantex, nearly $6 million was associated with the Conti ransomware gang and about $2.6 million was associated with Hydra, Treasury said.
Jordanian Activists’ Devices Were Infected With Pegasus Spyware, Researchers Say
At least some of the attacks against Jordanian human rights activists appear to have been carried out by the Jordanian government, Front Line Defenders and Citizen Lab said. Jordan denied the allegations, The Associated PressThe reports of Josef Federman.
“According to their joint report, the attacks took place between August 2019 and December 2021,” Federman writes. “He said the latest attack took place on an iPhone, indicating that NSO has continued to target Apple’s operating system even after a lawsuit from the global tech giant over earlier attacks.”
NSO did not comment on the report, but told the AP that monitoring activists with its software would amount to “severe misuse.”
An investigation by The Washington Post and 16 media partners last year found that NSO’s Pegasus spyware was used to target activists, executives and journalists. In November, the US government blacklisted the company, restricting its ability to receive US technologies, after concluding that foreign governments used its spyware to “maliciously target” government officials, activists, journalists and academics.
Russian cyberattacks are on the rise, says Ukrainian cybersecurity official
Ukrainian officials said the rise in cyberattacks came mainly in the form of attempts to spread malware and spy on critical organizations in Ukraine. the Wall Street Journalby Catherine Stupp reports. The officials also reported that Russia-linked hackers sent malicious emails to Latvian officials.
Victor Zhora, a top Ukrainian cybersecurity official, also renewed pressure on Chinese drone giant DJI.whose drones are being used on both sides of the war. In the early days of the war, Russian officials received the locations of Ukrainian drone operators, while Ukrainian officials were unable to do the same, Zhora told reporters, noting that the discrepancy was “quite suspicious to us.” . Zhora’s comments came as Ukrainian authorities said in a report that his investigation “confirmed” that DJI aided Russia’s attacks. CyberScoopby AJ Vicens reports.
- Facebook parent Meta joins CISA’s Joint Cyber Defense Collaboration.
This morning’s announcement:
- Former president Barack Obama; former director of the Cybersecurity and Infrastructure Security Agency chris krebs; and representatives lauren underwood (D-Illinois) and adam kinzinger (Creek.) speak at a disinformation conference hosted by the University of Chicago and the Atlantic today through Friday.
- eric goldsteinCyber Security Executive Deputy Director of the Cybersecurity and Infrastructure Security Agency and National Cyber Deputy Director steal knake testify before a panel of the House Homeland Security Committee today at 10 am
- Director of the Defense Advanced Research Projects Agency Stephanie TompkinsDirector of the Defense Innovation Unit michael brown and Deputy Secretary of Defense heidi syu testify before a panel of the Senate Armed Services Committee today at 2:30 pm
- The Center for Strategic and International Studies Hosts an event on the national defense implications of commercial wireless networks on Thursday at 9:30 am
Thank you for reading. See you tomorrow.