Government, Industry Push Education on Risks Ignored Online
Government and industry officials endorsed a national “cybersecurity awareness” campaign, though they were vague on financing and other details as they raised the matter at a Washington conference. McAfee data unveiled at the National Cyber Security Awareness Summit Monday show that consumers aren’t as secure online as they believe.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Phishing is “a pernicious problem,” FTC Chairman Deborah Majoras said, noting that about 8 percent of consumers answer bogus e-mails. “If we could just teach every consumer… to never respond and train them to hit ‘delete,'” she said. The FTC will hold a half-day “antiphishing roundtable,” put out a video on the topic and is putting “final touches” on an interactive online tutorial, she said. “We can’t round up all these bad guys, so we have to” educate consumers and companies so they can protect themselves, she said. The government is also “investing significant resources to bring our own house in order,” including requiring “formal response plans” that were due Sunday.
Greg Garcia, DHS assistant secretary for cybersecurity and communications, envisions a “national movement” to change attitudes about cybersecurity, he said, giving no details. He praised his department’s early warning system, EINSTEIN, as a success. The network tool protects computer systems at 13 federal agencies, giving analysts a “big picture view” of network backdoors, baseline network traffic patterns and other intelligence for “rapid detections of cyberattacks,” he said. EINSTEIN cut from four to five days to four to five hours the time needed for the U.S. Computer Emergency Readiness Team to uncover and patch vulnerabilities, he said. And DHS provided “analytical response and training” to Estonia after a major cyberattack there, he said.
In a McAfee phone survey, nearly all subjects said they think online security is important and have heard of spyware and phishing. Most said they had antivirus software and firewalls activated on their machines. But followup scans of those respondents’ computers revealed that “what they say they have doesn’t actually match up with what they have,” said Bari Abdul, McAfee vice president, consumer marketing. Most lacked even “core protection,” which includes updated antivirus and antispyware tools. Many consumers confuse trial software with “working software” and are “not as savvy as they think they are,” he said. Tom Duffy, deputy director, New York Office of Cyber Security, said every organization should have mandatory cybersecurity training for home and office users. “We need to reach 100 percent of the populace,” he said, but are “light years away from where we need to be.”
Industry must close gaps in support and resources left by the government, said Tom Lehner, public policy director of the Business Roundtable. John Ingold, director of communications for the Financial Services Roundtable, said his group’s e-mail security project aims to “improve the confidentiality of information exchange.” The group is also encouraging ISPs and other service providers to adopt and encourage adoptions of security protocols, he said. - Alexis Fabbri