This week Trend Micro’s own Kyle Wilhoit was featured in a 2-part series on NBC (part 1, part 2) about information security risks facing Sochi visitors. There is some controversy around the accuracy of those reports. Kyle published the technical details of the experiment on our blog today which should clear up the experiment itself. That leaves the broadcast of the results in question.
I think it’s important to remember that what was portrayed in the broadcast was tailored to the average user.
For those of us in the information security profession, it’s often easy to forget that we long ago left the world of the average user behind. What NBC produced contained the critical messages but was presented it in a way that would grab people’s attention and expose them to the information.
The key messages presented are:
- There’s a lot of malicious activity around the games both in person and remotely
- Russia, in particular, has a high amount of cybercrime
- Most people are unaware of this and unprepared for it
The Experiment
It is best to read the specifics of the experiment directly from Kyle but the summary is that it was intended to mimic the setup and behaviour of an average user. Beyond that setup, Kyle deployed some tools to monitor what was happening without affecting the setup.
What happened next was what a typical user would experience. While visiting a site with information about the Olympics on the phone, the user was prompted to download a new application.
Like most users, they clicked the “Accept” button and downloaded the application. This application then started to gather intelligence on the user.
It was much the same story for the laptops. All of the attacks happened with user interaction. But that interaction was typical of how an average user behaves.
Stopping Attacks
What most people should take away from this is that the default setup of your computer and phone isn’t enough to protect you. You need to make sure that you keep your software up to date, add additional security controls to protect yourself, and trust your instincts and don’t click on suspicious links.
An event like the games draws a ton of attention. That attention is a fantastic opportunity for hackers to take advantage of the situation and steal your data. By practicing these simple steps, you can reduce the risk you face and still enjoy the games to their fullest.
Raising Awareness
This is the first time that I can remember where a major program has devoted a significant amount of air time (approx. 7% of the show for two nights!) to raising information security awareness.
What we usually see is a reaction to a breach. That’s important too but as information security professionals, we need to work to shift the conversation to prevent breaches from happening.
Every user that we can reach and help protect before they are attack adds another one in the win column. While they skimmed over the technical details, the NBC reports present the information in a way that hits home for the average person.
NBC Nightly News has an average viewership of 8.5 million viewers each night. Because the message was presented in a way that was accessible for the audience, 8.5 million people saw more than 7 minutes of security awareness information. Any way you look at it, that’s a huge win.
Keep that in mind the next time your writing material for your security awareness program.