CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010

October 25 – 29, 2010Kuala Lumpur Convention Centre

OCSSMC Research Findings and Messaging Outcomes

Among General Public and Industry Experts

Darin Andersen

- BA, Gov/Lit + USC x 2 Masters (MBA + Info Sys & Ops Mgt)

- 20 years in High Tech (Software + Security)

- COO, ESET – Anti-Virus/Anti-Malware security software

- Team = 200: Depts = 10 : 5 Year Growth = 1,300%

- 6 Boards (4 Community + 2 Private Business)

- Chairman of San Diego Police Foundation

- Chairman “Securing Our eCity”

- Cybersecurity Expert and Social Networker

ESET

• Global security company / 750 employees

• Corporate HQ – Bratislava, Slovakia

• North American Headquarters San Diego

• Flagship Product: ESET NOD32 Antivirus

• 130 mm users in 160+ countries

• INC 500 x4/Deloitte Fast x 3/SD Fastest x 5

• Forbes and Consumer Reports “Best”

Threatscape Evolution

• “Kiddie Scripter” to Cybercriminal

• Attacks more targeted – “spear phishing”

• Increasingly complex – self-modifying, encrypted, etc.

• Pre-installed (foreign sources)

• Decrease in email-borne malware

• Lower barrier to entry

Technology vs. Behavior

The rise of . . .

SOCIAL ENGINEERING

All Disasters Are Local

Securing Our eCity

• Public/Private Partnership

• Community outreach

– Workshops

– Seminars

– Public Relations & Media

• Digital citizens and businesses

– Aware

– Prepared

– Educated

Community Stakeholders

• Local government

• -Local law enforcement

• -Chamber of Commerce and EDC

• -Non-profits

• -Industry leaders

• -Education

• -Military

• -State and Federal constituents

The Model City Concept

• An active and engaged community ecosystem

Government

Law Enforcement

Education Non-Profit

Industry

Winner of DHS + White HouseCyber Security Challenge

A Unified Message for Cybersecurity

Overall Approach

• NCSA and APWG

– Internal among 45 members of the Online Consumer Security & Safety Messaging Convention Working Group (―Experts‖)

– External among 23 general public internet users nationwide, mix of demographics and level of safety/security concern

Overall Program Objectives

Develop a motivating and compelling online security and safety messaging across the public and private realms that:

1) Eliminates the discordant information on the threat of cyber menace

2) Develops sound, consolidated messages that offer clear advice to the public on how to stay safe/secure online

3) Produces a messaging suite to be used universally to raise awareness of e-crime and provide simple tips for individual consideration

4) Creates consensus around a single, concise, memorable message for consumers for online security and safety

But First …

RESEARCH

Early Findings

-Piecemeal but

appropriate Actions

(AV, Passwords etc.)

-Withhold

-Avoid

-Loss of Trust

-Strive for Calm,

Comfort, Happiness

-Mind Set

-Educated

-Aware

-Protect

-Smart Choices

-Avoid False Sense of

Security

-Reduce Risk & Harm

•Caution•Less Worry•/Stress•Confidence•Control•Peace of Mind•Protect family

Violation VigilanceFreedomEmpowerment

ConsumersExperts

Majority Have Recently Heard Something About Online Safety and Security

Q410. Have you read, seen or head anything recently about online safety and security?

Q412. Do you consider this positive or negative news?

Information Heard About Online Safety and Security Skews Negative

What Have you Read, Seen Heard?

55% Negative

Identity Theft

Privacy Policies

Attacks Increasing

Scams / Phishing

Hacking Viruses

Online Bullying

Software Protection

Internet Predators

Corp Security Breach

Financial Info Stolen

Protection Systems

Protect Personal Info

Identity Protection

Avoiding Scams/Phishing

Safety Tips

Virus Protection

Password Tips

Spyware/Malware

Monitor Kids Online

Q411. What have you read, seen or heard recently about online safety and security? Please be as detailed as possible.

Q412. Do you consider this positive or negative news?

45% Positive

Strong Agreement About Online Security

Q415. Please indicate whether you agree or disagree with each of the following statements:

96%

92%

93%

90%

85%

Online Safety and Security Viewed Most Important at the Personal Level

Q430. When you think about online safety do you see it as an issue that is most important at the:

Q431. When you think about online security do you see it as an issue that is most important at the:

59%

8%

33%

56%

7%

37%

Personal level

Community

level

National level

Importance of Online Safety or Security

Safety Security

There is no notable difference in how

people perceive the semantic difference of

safety vs. security

Focus on the value of Personal Security (64%)

Focus on the values of Control (47%) and Peace of

Mind (42%)

People Are Aware of Many Things They Should Be Doing to Be Safer Online

Q442. What are some specific actions or behaviors that you could take or do already take to be safer and more secure online?

Keep Software Updated

Protect Personal Info

Visit Secured / Reputable SitesNo Attachments/Emails from Unknown Sender

Safe / Strong Passwords

Use Firewalls

Limit Online Shopping / Banking

Enhance Social Networking Privacy Settings

Know Who You’re Dealing With Online

Clear Cookies

Increase Personal Education

Enhance Security System

Inaction – Split Between Over Confidence and Under Confidence

Q445. Some people say that they don’t do all the things they know they can or should do to be safer and more secure online. What reason is most applicable to

you personally?

• Ages 55+ (37%)• Ages 65+ (41%)• Online Threat is Top

Concern (33%)• No kids in HH (31%)• Interested in Online

Security Issues (30%)

• Not Interested in Online Security Issues (36%)

• Focus on value of Freedom (29%)

• Ages 18-34 (25%)

• HH Income of $100K+ (13%)• Not interested in Online

Security Issues (10%)

• Spend less than 10 hours online a week (11%)

• Ages 18-24 (10%)• Ages 35-44 (9%)

Reasons People Choose to Not Be Safer/More Secure Online

Strong Majority Take Proactive Steps to Be Safer and More Secure Online

Q450. Have you done any of the following within the last 6 months?

Consumers Understand the Importance ofOnline Safety

Q425. Broadly thinking, please rate the importance of a safe and secure online environment in each of the different settings, using a scale of 0-100 where 0=not at

all important, and 100=extremely important.

The following groups ALL rate EACH of these higher than their peers:• Women• Know Internet Victim• Resident of the South• Interested in Online Security Issues

• Online Threat Top Concern

Overall Most Consumers Believe it is in Their Control to be Safer and More Secure Online

Q507. Thinking about the last two questions, there are many different things you can do or control to make yourself safer and more secure online, but there are

also several things to be concerned about that are out of your control. When you think about two sides of online safety and security, imagine them as two pieces

of a pie. Please indicate how big each piece of the pie is to you personally, that is how big is the portion of things you can control and how big is the portion of

things you cannot control that concern you. Each piece can be assigned any whole number between 0 and 100, however the total of the two pieces needs to

equal 100.

• Do not feel vulnerable online (69%)

• Ages 65+ (64%)• Post Grad Education (64%)

• Males (63%)• No kids in HH (63%)

• Feel vulnerable online (41%)

• Were or Know Internet Victim (41%)

• Females (41%)• Have Kids in HH (41%)

• High School or Less Education (41%)

Relative Strength of Message Components

Stop. Think. Click.

Safer for Me—More Secure for All

Everyone plays a part in protecting our freedom to learn, interact, transact, and explore online

It’s easier than you think

Take control

Take care what you share

Be Web Wise

Keep a Clean Machine

Share with Care

Preserve our freedom online, do your part

It’s all about preserving our freedom

When I’m being safe online, I helping make it secure online for all

Most people already know what to do to be safe and secure online

Feel the confidence of being more secure online

We all live in an online world

Enjoy the security, protection, and freedom to venture anywhere

Take full advantage of the online world

Component Resonance: Stop. Think. Click.

Q574. Of all the concepts you just reviewed, which one is your favorite? Which is your second favorite?.

Stop. Think. Click. Take care what you share* so can better enjoy the security,

protection and confidence to venture anywhere and take full advantage of the online world.

Keep It Positive and Personally Relevant

• Direct to consumer messages that focus on fear or point at actions individuals do to put others at risk will not be effective

– People generally feel safe and secure in their personal online activities and don’t really believe their actions are putting people at risk.

• People will respond more favorably to messages that feed their belief they can make a positive difference for themselves, others, and the internet more broadly

Strategic Hinge

A direct to consumer campaign should focus on specific things people can do to promote online safety and security—common

sense things they can do and for which they are

Common Sense Actions,Personal

ResponsibilitySomething I control

Protected, More Comfortable and

Confident

Personal Security Peace of Mind

Impacts Others

What Does This All Mean?

• Citizens are primed for a communications campaign on cyber security

– High interest and personal concern

– High level of awareness on cyber security issues

– High level of belief they can make a difference

– Recognize they could be doing more

• Moreover, citizens recognize the link between individual and national cyber security and care about protecting both.

• All this despite the fact that most citizens generally feel safe and secure online in their personal actions and don’t

feel what they are doing puts others at risk.

A Community Based Approach

AwarenessPreparednessEducation

QUESTIONS