Views
5 years ago

April 10, 2011 Salzburg, Austria - WOMBAT project

April 10, 2011 Salzburg, Austria - WOMBAT project

- If users declared that

- If users declared that they send/forward electronic mails without checking whether they contain any attached malicious file. 3. MAIN RESULTS The main question mark which has motivated this Study is determining the security level in Spanish Internet households/users and the trust they generally have in the Information Society, and particularly regarding Internet. The way to reach this objective has been twofold: on the one hand assessing the trust and perception of security of the users, and on the other, carrying out an analysis on the real security level incidents in the computers in Spanish Internet user households. The result of contrasting the two variables is a series of user segments and profiles according to information security. Seen as a whole (socially and technologically), the Internet security system is empirically defined by the following characteristics: 3.1 Security measures and habits Automatable measures occupy the first places in the table of the declared use of security measures: antivirus programs (92.5%), firewalls (81.3%) and operating system updates (80.7%). These positions are the same as in previous quarters. Users of social networking sites are becoming increasingly careful with their privacy: 66.2% declare that their profiles can only be seen by friends or contacts. 47.8% of parents state that they have created a limited user account for their children to go online. This information is very 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% positive as it reduces the impact possible dangerous behaviour by the minor may have on the computer. 3.2 Security incidents The most common security incident in the past three months as declared by Internet users is receiving unwanted e-mails or spam (66.9%). According to the INTECO network of sensors, the real figure rises to 77.4%. 53.6% of the computers analysed with the iScan programme are infected with malware. Trojans, at 38.7%, and adware, at 27.1%, are the types of malicious code most commonly present on users' computers, followed by tools (23.8%). 3.3 Users' reaction to security incidents and their consequences 60.6% of users have made no changes to their Internet browsing habits as a result of an incident they have experienced, compared to 39.4% that did adopt some precautionary measures. Users state that they are acting to a greater degree on security programmes (55%), followed by changing passwords (45.9%). Almost two out of every three users resolve security problems independently: 44.6% with no-one's help and 19% with the help of an expert. 3.4 e-Trust in Spanish households The majority of Spanish Internet users trust the Internet (89.9%) during the third quarter of 2010 and believe that their computer is reasonably well protected (81.5%). Users continue to show more trust in carrying out banking transactions in a branch (72.9%) than via the Internet (50.8%). Lastly, 79.3% of panellists would like the Government to be more involved in guaranteeing Internet security. 79.6% 76.2% 78.2% 79.3% 84.0% 82.8% 79.4% 85.6% 76.5% 76.0% 84.9% 76.3% 65.3% 65.9% 62.7% 59.1% 61.5% 56.2% 54.2% 54.0% 57.1% 52.8% 53.6% Lineal (Malware Evolution Trending) The analysis carried out highlight that e-trust stands at an average of 76.6 points in a scale from 0 to 100 (Figure 2). Figure 1. Malware incidence evolution 2007 – 2010 (%) 5

The conclusion that can be drawn is that high trust is a prerequisite for a rewarding Internet use. The users tend to keep this e-trust above 75 points. When the sensation of security is broken by an unexpected incident, the user tries to repair the balance increasing their security equipment, increasing their caution or both at the same time. Generally, these changes help to return to a comfortable level of e-trust. But if things are not as expected (repeated incidents), the need for support from a third party starts to become necessary. This third party for support is the Government. Specifically, the role the users give the Government in security matters seems to consist of being a last resort. The result must be to guarantee security when the measures within the reach of the user and sensible navigation habits are revealed to be insufficient. In general, this intervention is accepted and demanded by 79.3% of the users. The overall result of this re-stabilization process in time is that users think that both the amount and seriousness of the incidents suffered in their computers has been reduced in the last year. This reinforces their idea that re-stabilization the suitable strategy. Given that the level of basic equipment is similar in the majority of users, caution in usage habits has been revealed to be an important additional protection factor. In fact, the results of the computer scanning show how the security habits generally mark the differences in incidents amongst the users with antivirus and updated operating systems. The Government has a key role: information must be channeled both regarding protection systems and safe practices. The data indicates that the actual security incidents detected in the scanning seem to have their solution in two relatively independent factors: the real presence of security devices and the preventative and considerate usage habits. Both factors constitute the pillars of the system security and its complementary nature must be strengthened as far as possible: there is no security without the simultaneous presence of both of them. 100 90 80 70 60 50 40 30 20 10 0 67,4 68,6 66,3 Tools and security measures indicator Security behaviour and habits indicator 72,5 69,5 76,6 We must stress a culture of security. It is necessary for the users to be aware of the utility of the solutions such as the antivirus, firewalls, antispam, security updates, etc., but they must also know their limits, the real threats, and the additional recommendations, so that a false sense of security is not created. To increase security it is vital to provide users with greater information with a view to using the new technologies responsibly and safely, with usage habits based on caution and protection. 4. CONCLUSION Even though both security measures and users’ behaviour reduce the number of detected incidents, it is noteworthy the fact that computers’ behaviour is the reason for a greater decrease in the amount of malware found on the machines. Given that the basic level of equipment is similar for most users, prudence in usage habits has become an important additional factor for protection. In fact, computer scan results show how security habits differentiate incidents between users with antivirus software and up-to-date operating systems and those without. It exists a false feeling of security, i.e. users have the perception that incidents do not reach the level that in fact exists and that they are less and less serious. Moreover, it has been detected that many users neglect their security habits after installing protection measures on their computers, which means that the risks to their systems will increase instead of decreasing, as it should be. Thus, it is confirmed that the installation of security tools is necessary but not enough. It is also important to take other complementary actions, such as good practices and proper security habits. Security on the Internet is not a question of machines and technology, but of people! Therefore, the use of security measures and devices - e.g. antivirus software, firewall, anti-spam software or security updates - must be encouraged and users must be trained in security habits at a technical level, so that technical measures, whether active and passive, can be really efficient. 65,8 e-trust indicator Malware incidents indicator 55,7 47,9 40,3 Computers at high risk indicator 20,4 8,6 Computers with high dissemination potential indicator 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 Figure 2. System of Statistical Indicators 6

D06 (D3.1) Infrastructure Design - WOMBAT project
6-9 December 2012, Salzburg, Austria Social Programme
D I P L O M A R B E I T - Salzburg Research
D I P L O M A R B E I T - Salzburg Research
D I P L O M A R B E I T - Salzburg Research
Communication Plan for EGU 2011 April 3-8, 2011, Vienna, Austria
ECCMID meeting Vienna, Austria 10-13 April 2010 - European ...
8th Liquid Matter Conference September 6-10, 2011 Wien, Austria ...
8th Liquid Matter Conference September 6-10, 2011 Wien, Austria ...
April 10, 2011 - University of Cambridge
Top 10 Project Management Trends for 2011 from ESI International