{"id":2209,"date":"2017-04-03T09:13:00","date_gmt":"2017-04-03T07:13:00","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2209"},"modified":"2017-04-03T09:14:30","modified_gmt":"2017-04-03T07:14:30","slug":"pew-should-call-a-do-over-on-its-cybersecurity-survey","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2209","title":{"rendered":"Pew should evolve its cybersecurity survey"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-full wp-image-26\" src=\"https:\/\/www.ofcourseimright.com\/blog\/wp-content\/uploads\/2008\/06\/cybercrime.jpg\" alt=\"\" width=\"96\" height=\"132\" \/>Last year, <a href=\"http:\/\/www.pewinternet.org\/quiz\/cybersecurity-knowledge\/\">Pew Research surveyed<\/a> just over 1,000 people to try to get a feel for how informed they are about cybersecurity.\u00a0 That\u2019s a great idea because it informs us as a society as to how well consumers are able to defend themselves against common attacks.\u00a0\u00a0 Let\u2019s consider some ways that this survey could be evolved, and how consumers can mitigate certain common risks.\u00a0 Keep in mind that Pew conducted the survey in June of last year in a fast changing world.<\/p>\n<p>Several of the questions related to phishing, Wifi access points and VPNs.\u00a0 VPNs have been in the news recently because of the Trump administration\u2019s and Congress\u2019\u00a0<a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/01\/26\/trump-kills-obama-privacy-plans-anti-immigrant\/#af0a4134eddc\"> backtracking on privacy protections<\/a>.\u00a0 While privacy invasion by service providers is a serious problem, accessing one\u2019s bank at an open access point is probably considerably less so.\u00a0 There are two reasons for this.\u00a0 First, banks almost all make use of TLS to protect communications.\u00a0 Attempts to fake bank sites by intercepting communications will, at the very least produce a warning that browser manufacturers have made increasingly difficult to bypass.\u00a0 Second, many financial institutions make use of apps in mobile devices that take some care to validate that the user is actually talking to their service.\u00a0 In this way, these apps actually mark a significant reduction in phishing risk.\u00a0 Yes, the implication is that using a laptop with a web browser is a slightly riskier means to access your bank than the app it likely provides, and yes, there\u2019s a question hiding there for Pew in its survey.<\/p>\n<p>Another question on the survey refers to password quality.\u00a0 While this is something of a problem, there are two bigger problems hiding that consumers should understand:<\/p>\n<ul>\n<li>Reuse of passwords.\u00a0 Consumers will often reuse passwords simply because it\u2019s hard to remember many of them.\u00a0 Worse, many password managers themselves have had vulnerabilities.\u00a0 Why not?\u00a0 It\u2019s like the apocryphal Willie Sutton quote about robbing banks because that\u2019s where the money is.\u00a0 Still, with numerous break-ins, such as those that occurred with <a href=\"http:\/\/money.cnn.com\/2016\/12\/14\/technology\/yahoo-breach-billion-users\/\">Yahoo!<\/a> last year<sup>*<\/sup>, and the others that have surely gone unreported or unnoticed, re-use of passwords is a very dangerous practice.<\/li>\n<li>Aggregation of trust in smart phones.\u00a0 As recent articles about <a href=\"http:\/\/www.nbcnews.com\/news\/us-news\/american-citizens-u-s-border-agents-can-search-your-cellphone-n732746\">American Customs and Border Patrol demanding access to smart phones<\/a> demonstrate, access to many services such as Facebook, Twitter, and email can be gained just by gaining access to the phone.\u00a0 Worse, because SMS and email are often used to reset user passwords, access to the phone itself typically means easy access to most consumer services.<\/li>\n<\/ul>\n<p>One final area that requires coverage: as the two followers of my blog are keenly aware, IoT presents a whole new class of risk that Pew has yet to address in its survey.<\/p>\n<p>The risks I mention were not well understood as early as five years ago.\u00a0 But now they are, and they have been for at least the last several years.\u00a0 Pew should keep surveying, and keep informing everyone, but they should also evolve the questions they are asking and the advice they are giving.<\/p>\n<hr \/>\n<p><sup>*<\/sup> Those who show disdain toward Yahoo! may find they themselves live in an enormous glass house.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pew should evolve the questions they are asking and the advice they are giving based on how the threat environment is changing.  But they should keep asking.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,545,9],"tags":[32,362,38,564,8,496],"class_list":["post-2209","post","type-post","status-publish","format-standard","hentry","category-internet","category-iot","category-security","tag-cybercrime","tag-cybersecurity","tag-identity","tag-pew","tag-phishing","tag-security"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2209"}],"version-history":[{"count":3,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2209\/revisions"}],"predecessor-version":[{"id":2212,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2209\/revisions\/2212"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}