Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Expert Commentary: Safer Internet Day

February 2024 by Experts

February 6th is Safer Internet Day. Safer Internet Day is celebrated in nearly 200 countries and territories across the globe with the goal of spreading awareness about emerging online issues and current concerns. The commentary from experts.

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea

February 6th is Safer Internet Day, celebrated each year to raise awareness of emerging online issues and concerns, from cyberbullying to social networks misinformation, and even online digital security. In today’s digital society, we are heavily dependent on the Internet and technologies for daily activity. And as technologies continue to evolve, so do the potential online dangers.

Artificial intelligence and machine learning are beginning to play a more prominent role in our daily lives, and this is only increasing. It can be difficult to understand these emerging threats and how to stay safe online. My advice is simply to never be afraid to ask for advice, speak up or ask questions. It can be difficult to determine the difference between a real person online and an AI persona - if you see something suspicious, ask the experts for help or advice. In your digital social spheres, it’s always great to have a cyber-mentor who is your go-to person for advice and to be aware of the cyber help lines in your communities as well. In this age of emerging technologies and evolving online threats, let’s make the internet a safer place for everyone and never be afraid to ask for advice.

Darren Guccione, Ceo And Co-founder at Keeper Security:

A fundamentally “safe” internet is simply not feasible with the barrage of threats that individuals and organizations face in today’s world. In a new study by Keeper Security, 92% of IT security leader respondents reveal that cyberattacks are more frequent now than one year ago- and growing more sophisticated. AI-powered attacks, deepfakes, cloud jacking and fileless attacks topped the list for the emerging attack vectors they feel least equipped to defend against.

Although the internet itself will always pose risks, organizations can be safe online by developing a proactive approach to cybersecurity, combining advanced defense mechanisms and basic best practices to mitigate and fight existing attack vectors and burgeoning threats. Specific steps include:

Leveraging strong, unique passwords for every account and enabling strong multi-factor authentication (MFA). Stolen credentials have long been a leading cause of breaches and cyberattacks. It is essential to use a password manager to create high-strength random passwords for every website, application and system.
Exercising an abundance of caution when it comes to opening email attachments and clicking on hyperlinks. Bad actors are increasingly using generative AI to create realistic phishing emails and URLs for spoofed websites and generating variants as fast as they can to circumvent spam detectors.
Deploying a Privileged Access Management (PAM) solution. PAM helps IT administrators and security personnel manage and secure privileged credentials, and ensure least privilege access. This, combined with tightly monitored access and activity, can greatly reduce cyber risks. In the event a cybercriminal is able to gain access to an organization’s networks, PAM can minimize the blast radius by preventing lateral movement.

Following these proactive steps significantly reduces the likelihood of falling victim to online threats, ultimately creating a safer internet experience.

John Gallagher, VP at Viakoo Labs:

Safer Internet Day is a good time for enterprises to reflect on their cybersecurity efforts, ensuring that they extend to every business function and unit. To create strong defenses on an organization-wide scale, companies should consider the following:

Make non-IT teams accountable for security and reward them based on it. This includes empowering employees to achieve goals through training, fostering cross-functional team discussions on best practices, and tracking metrics. Progress in security awareness training within organizations is critical.
Rely on automation where possible. With Internet of Things (IoT) devices, in particular, manual methods do not scale for password rotations, firmware patching, or certificate management. Likewise, using an automated asset and application discovery solution eliminates guesswork on security status and what systems are vulnerable.
Expand security audits outside of IT to all parts of an organization. For example, consider implementing quarterly reviews of external systems to ensure Multi-Factor Authentication (MFA) is enabled and all users are provisioned with appropriate access. Extending security audits to all systems will ensure they are all reviewed and monitored, reducing the chances of a cyber incident.

Patrick Harr, CEO at SlashNext:

Since the Internet was born, it has continued to bring new advancements, new collaboration tools, new communities, knowledge sharing platforms, and other tools to improve daily life. But of course, it’s also a breeding ground for cybercriminals and threat actors who quickly find a way to abuse any new innovations. An excellent example is the introduction of the QR code (quick response codes). QR codes were first used in 1994 but started gaining rapid adoption more recently and today are widely used in the supply chain, marketing, mobile payments and information sharing. They especially took off during the global pandemic as a safe, contactless way to make payments, open restaurant menus, etc. Right on cue, as QR codes became more prolific, cybercriminals developed ways to wield them for malicious purposes. QR code phishing (quishing) and QR link jacking (QRLJacking) exploit the trust and convenience of QR codes and instead directing users to malicious sites for credential theft, delivering malware and gaining access to users’ mobile devices to steal personal and financial information. Security researchers have recently observed a 50% surge in QR code-based phishing attacks, and unfortunately, it’s not easy to determine a legitimate QR code from one with malicious intent. People should not scan any randomly found QR codes, think twice about entering any user names/passwords if a QR code takes you to a login page unexpectedly, and certainly if a QR code physically looks like it’s been tampered with, don’t scan it. To be fully protected from quishing or QRLJacking campaigns though, users need security solutions that can block all malicious QR codes in both personal and business settings.

Manu Singh, VP, Risk Engineering at Cowbell:

From work to education to entertainment, ensuring a safe online experience is crucial. Safer Internet Day raises awareness about online safety issues to promote safe digital habits, especially for children and young people. The slogan, “Together for a better Internet,” encourages everyone to join the movement and play a role in building a safer Internet.

In addition to standard best practices like using strong, unique passwords and enabling Two-Factor Authentication (2FA), here are a few best practices to follow to safely use the Internet.

Stay Informed About Phishing Scams: Be cautious of unsolicited emails, messages, or links, especially those requesting sensitive information like passwords, credit card details, or Social Security numbers.
Be Cautious with Downloads: Only download files, software, or applications from trusted sources, such as official websites or app stores (e.g., Google Play Store, Apple App Store). Be cautious with email attachments and only open them if you trust the sender.
Keep Software and Operating Systems Updated: Regularly update operating systems, web browsers, and software applications. These updates often contain security patches to address known vulnerabilities. Consider setting computer and mobile devices to automatically download and install software updates.
Look for HTTPS Encryption: Ensure that websites you visit use HTTPS (HyperText Transfer Protocol Secure). Look for the padlock icon in the address bar, which indicates a secure connection. Avoid entering sensitive information on websites without HTTPS.

Safer Internet Day serves as a reminder for individuals, businesses, and organizations to prioritize cybersecurity, protect personal information, and promote a culture of responsible online behavior.

Gopi Ramamoorthy, Head of Security and GRC at Symmetry Systems:

For families, navigating the digital world and using technology safely has become more and more challenging in the last decade. Nearly all major organizations heavily depend on the internet and digital world to run their businesses and operations. As part of this digital transformation, these organizations collect large amounts of data from users and customers, including personally identifiable information (PII). With this knowledge, bad actors are trying to steal data from customers and individuals using various covert techniques.

For end users, internet security should start with a zero trust principle and least information sharing approach. The core and fundamental steps for end users on safe internet usage are selection of the right browser, and security hardening with appropriate browser security and privacy settings. Each browser provides security and privacy best practices and guidelines. The next step is to check the internal URLs and security settings for the domains. Users may give masked or altered information to certain sites, if the services provided by those sites do not depend on the information being collected.

I would recommend making use of online security awareness events organized by service organizations, schools and local agencies to learn more and ask questions. For protecting children online and education privacy, the regulations such as COPPA, FERPA and some of the state laws have statutes but, at the end of the day, it is left to the knowledge, awareness and practice of each individual on following the best practices when they are in the digital world.

Scott Gerlach, co-founder and CSO at StackHawk
Safer Internet Day is a great reminder that security is a team sport. Collaboration between the teams that monitor for suspicious activity and the teams responsible for building the applications we access daily, helps strengthen an organization’s security posture and fosters a foundation of trust and resilience against future security threats.


See previous articles

    

See next articles













Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts