Post on 28-Mar-2015
Cyber Safety Awareness
Bahrain British Business Forum
21 February 2012
Ahmed J. AldoseriCyber Safety Director, TRA Bahrain
ECSA, CEH, CEI, RHCI, RHCE, MCSE, MCSA, A+, CQS-Security, Law Student
Agenda Overview
1
•Bahrain Market Numbers
2
•Benefits of the Internet
3
•Threats
4
•Solutions
5
•Emphasis on Children
6
•Questions…
7
•TRA’s SafeSurf DVD Initiative
1
•Bahrain Market Numbers
Bahrain’s Market
242,000 Fixed Lines
107,000 Wimax subscribers
1.7 million Mobile phone subscriptions
290,000 Broadband
Subscribers
694,000+ Internet Users
128,000 Mobile Broadband
Subscribers
Sources: TRA analysis Internet World Stats
2
•Benefits of Need for The Internet
Internet: Requirement or Luxury?
Maslow’s Hierarchy of Needs
Internet?
Internet Use
• Work
• Entertainment
• Study
• In short: the Internet improves our way of life!
So what do we do on the Internet?
Creating a web page
Purchasing or ordering goods or services
Internet banking
Telephoning over the Internet/VoIP
Interacting with general government Organizations
Keeping viruses, spyware and adware off your computer
Getting information from general government organizations
Playing or downloading video games or computer games
Posting information or instant messaging
Downloading software
Getting information related to health or health services
Education or learning activities
Downloading movies, images, music, watching TV or video, or listening to radio or music
Sending emails with attached files
Reading or downloading on-line newspapers or magazines electronic books
Getting information about goods or services
Sending or receiving e-mail
Social networking sites
7%
12%
12%
14%
15%
21%
24%
26%
27%
28%
29%
34%
35%
37%
37%
39%
69%
70%
Internet Activities
Internet Usage Frequency
73%
4%5%
18%
Within last 3 monthsBetween 3 months and a year agoMore than a year ago
Source: Nielsen/TRA survey, January 2012
Internet Usage in Bahrain - Adults
• Study conducted in 2010 (816 Adults)– Generally experienced
Internet users– Low Internet security
awareness– High level of trust– Frequently exposed to
negative online experiences
– No sources of reliable information for Internet advice
18-29 30-39 40-49 50-59 60-71
42.6%
31.0%
15.9%
8.4%
2.0%
Adults Surveyed
Source: TRA Analysis, 2010
Online Risk-Taking Behaviour of Adults
Series10
50
100
150
200
250
300
350 317292
260
146
290
Opened an email attachment that wasn’t from a trusted source
Received a virus from an email or a download
Posted personal information on a website
Shared personal information with someone they only met online
None of the above
Source: TRA analysis
Why is Cyber Safety relevant?
• High level of trust placed upon technology
• Relatively new area of crime legislation
• Constantly changing digital threats
• Security is by and large not a priority for many
• Potential for damage is huge!
3
•Threats
Online Dangers
Threats• Identity Theft• Account Theft• Confidentiality Breach• Participation in illicit
activities• Denial of Service• Defacement• …
Attack Venues• Email• Instant Messaging• Drive-by Attacks• Advertising Banners• Massive Traffic• Smart Phones (and apps)• Illegal Software• Wireless Connectivity• …
Sample Threats – Med Scams
Sample Threats - Phishing
Sample Threats – Spear-phishing
• Special form of phishing
• Targets a single individual
• Rate of success is much higher than normal phishing attempts
• Very difficult to defend against
• Example…
Example Spear-phishing EmailDear Ahmed,
My name is Khalid, I’m subscribed to your website’s mailing list. I called your office earlier but you weren’t at your desk. The receptionist said you are the person to speak to, so I asked for your email address.
I’ve visited your website recently to look for regulatory information pertaining to number portability, and was shocked to find such a government organization hosting highly objectionable files concerning recent events in Bahrain! This is highly irregular and is damaging Bahrain’s reputation! I hope no one in the media noticed this…
A sample PDF from your website is attached for your quick reference. As a Bahraini citizen I urge you to kindly remove such files as soon as possible.
Best wishes,
Khalid
Telecoms Consultant
From: Khalid_1976@gmail.comTo: aaldoseri@tra.org.bhSubject: TRA’s Website
Identity Theft
Lotteries
• Congratulations! You’ve won $50,000,000/-!!!
• How such frauds work…– Fees– Compromising computers
• Sample real stories…– Sample #1: “Microsoft told me I won…”– Sample #2: “The caller said he was from a local mobile
operator…”
Mobile Security Issues
• Smart phones of all types are great targets!
• You may receive a text message “from your operator” with new settings…– If installed, malicious software is installed
• Leads to disclosure of…– Bank account details– Contact lists– Messages
• Unverified applications are a favorite source– Jailbreaking (iOS)– Open Market (Andriod)– Windows Mobile– Symbian
Defacement
Microsoft India retail website defaced – Arabian Gazette, 14 Feb 2012
Hacktivism
4
•Solutions
General Advice
• Awareness, education, and some more awareness!– Need to recognize, and accordingly act, on the importance of cyber
safety
• Do not freely share your personal information online
• Procure legitimate software from trusted offline and online sources
• Ignore emails and attachments from untrusted sources, and be wary with trusted sources
• If it looks suspicious, or too good to be true, it probably is!
• Be wary of public wireless networks, and secure your own
Some More General Advice
• Do not use information in public IDs (e.g. email addresses) that will give away personal information– Such as ceo@company.com, 36107107@email.com, etc.
• Use strong passwords that only you would remember– Do not use names, dates, phone numbers, pet names, etc.– Example of a strong password: I L0ve the BBBF!
• 16 characters long, yet easy to remember• Includes upper and lower case, special characters, and numbers• Near-impossible to ‘crack’
• Install and keep up-to-date protection software (Antivirus, Internet Security, Firewall, …)– On your computer, laptop, phone, …
• Never click on links within emails; instead, type the address manually
Advice for Businesses
• Establish and enforce a corporate security policy– Passwords– Securing data storage and transmission– Document classification
• Ensure security is built-in, not bolted-on– Security should be considered throughout your IT architecture– Only deal with contractors that are security-conscious– Get audited and certified!
• Prepare for recovering from disasters– Test your preparations– Ensure at a minimum that critical staff can continue working
• Empower your technology staff with the tools and resources to do their job
Food for thought…
• It is possible to deter a hacker, and to make it very difficult for him to succeed, but it is impossible to stop him…
• Prevention is ideal, but detection is a must
• There really is someone out there trying to guess your passwords
• The one thing worse than not being secure, is having a false sense of security
5
•Emphasis on Children
Children and the Internet (1/2) – TRA 2010 Study
• Daily usage of the internet an average of 2.5 – 3.5 hrs
• Homework, playing games or to interact with other people.
• Use apps; including instant messaging, chat rooms, games, blogging and Social Networking Sites (SNS)
• There is no real understanding of what is meant by personal information
• Children do not share their online experience with adults
Children and the Internet (2/2) TRA 2010 Study
• Most parents do not participate in online activities with their children
• Most children have unsupervised access to the internet and there was little significant variation by nationality, religion, age or gender
• Cyberbullying is a problem identified by young people and teachers
• “Teacher humiliation” on SNS is becoming problematic
• Teachers feel they lack the skills as many young people are more computer literate than they are
• There is no formal internet safety training at schools
• Children are reluctant to seek advice out of fear of being reprimanded
ALERT! ALERT! ALERT!
Older children (14 – 18) take the most
risks; sharing personal information with strangers and
opening email attachments from an unknown sources.
43% of children surveyed had met
with an online contact who they
had not met in person before.
Advice for Parents
• Communicate– The first thing you should do is talk to your children about what they should
and should not do online– Befriend them; show your interest in what they do
• Get involved– Talk to your children and understand the ways they are using the Internet
and mobile phone
• Be aware– Your child may as likely cyberbully as be a target of cyberbullying. Be alert
to your child seeming upset after using the Internet or mobile phone
• Learn how– Use safety tools on a particular service or program. Most services have
block or ignore buttons, privacy settings, etc.
Some More Advice for Parents
• Remind your child– Don’t respond to bullying messages – at least not in anger– People, not computers, should be their best friends
• Take precautions– Make use of parental software– Review the activities of your child every now and then– Keep the computer in a common, well trafficked, room
• Keep the evidence– If you feel the threats or cyberbullying is serious, report it
to the police
Advice for Children
• Respect others– You can’t see the impact of your words or images on other people, so it is important to show
respect
• Think before you send– What you post online could stay there forever!
• Keep your personal information to yourself– Treat your password like your toothbrush! Only give personal information (mobile number,
website address) to trusted friends
• Block the bully– Learn how to block or report someone who is behaving badly, and don’t retaliate or reply in
anger
• Save the evidence– Learn how to keep records of offending messages, pictures or online conversations
• Make sure you tell– Please talk to an adult you trust – your parents, older sibling, or your teacher.
6
•TRA’s SafeSurf DVD Initiative
SafeSurf DVD
DVD Objectives
Provide free antivirus software
Help identify risks
Educate & make aware
Raise level of ICT
literacy
Make it a part of everyone's life
Positive experience
Explore the benefits
“The DVD will raise the level of awareness on how to interact with other internet users and will teach the user to explore the
internet in order to create, to share, to participate, to communicate and to transact Safely and Securely”
DVD Features
The DVD will be narrated in the top 5 languages that are used in the Kingdom of Bahrain with additional resources available in all languages, catering for those who might be illiterate and not able to read.
• 1st of it kind• Interactive • Narration + Subtitles • Platform neutral• Very Informative & Useful resource
Translation & Narration Recording
1. Arabic2. English3. Malayalam 4. Bengali5. Urdu
Snapshots of the DVD
And we’re done!
For more information about TRA Bahrain please visit
www.tra.org.bh
Questions?
Ahmed Aldoseri
Cyber Safety Director
Tel: +973 1752 0000,
Email: aaldoseri@tra.org.bh