Cybersecurity efforts in the US government and many businesses are improving, but many individual computer users still don't take basic precautions against cyberattacks, cybersecurity experts said Thursday.
More than 90 percent of computer users surveyed recently on behalf of Symantec have antivirus software installed and updated and 82 percent have antispyware protection, said Adam Rak, Symantec's senior director of public affairs. But only 42 percent of computer users who allowed Symantec to scan their computers had firewalls installed and enabled, only 50 percent had antiphishing protections installed and 58 percent had antispam protections, Rak said during an event to mark the beginning of the fifth annual National Cyber Security Month.
Eighty-one percent of those surveyed said they believed they had firewall software installed, and 75 percent said they believed they had antispam protections, Rak said. "What we have is a perception-versus-reality issue here," he said.
The National Cyber Security Alliance (NCSA), one of the groups promoting National Cyber Security Month, recommends that home computer users, at a minimum have up-to-date antivirus, antispyware and firewall software installed, said Michael Kaiser, NCSA's executive director. Those three software packages won't provide "bullet-proof" protection, but will guard against most cyberattacks, he said.
Computer users are using the Web to do more things at the same time that online criminals are launching more sophisticated attacks, Kaiser said. "We are actually becoming a Web-based society," he said. "We are on the Web everywhere we go, all the time."
At the same time, online criminals are looking at the many new ways people are using the Web and targeting those uses, he said. That puts a significant responsibility on computer users to be aware of cyberattacks, including online scams and fraud schemes, he added.
"It's a simple premise that we need to get across: Individual behavior matters," Kaiser said. "What you do matters. How you use your computer matters."
NCSA and the US Department of Homeland Security offered a list of ways computer users and businesses can practice cybersecurity. Among them: change passwords regularly; back up important files; and know who you're dealing with online. Web users shouldn't give out personal information to senders of unsolicited e-mail and they should ask whether a Web site needs their personal information before they give it, Kaiser said.
The Symantec survey also found that only 26 percent of respondents believed their computers were very safe from viruses and only 21 percent said their computers were very safe from hacker attacks. Those numbers suggest that cybersecurity advocates have more work to do, Kaiser said.
"When you drive your car, do you only feel safe 26 percent of the time?" he said
While Kaiser and Rak talked largely about cyberthreats to individuals and small businesses, a DHS official said his agency is making significant strides in protecting the government and critical cyberinfrastructure across the US.
US President George Bush announced a multifaceted National Cybersecurity Initiative in January, and DHS launched several initiatives to support the plan, said Greg Garcia, assistant secretary in the DHS Office of Cybersecurity and Communications. DHS has focused on improving its perimeter defense system and sharing it with other government agencies, it is working on ways to detect and eliminate back doors in IT products made overseas, and it is focusing on better sharing of cybersecurity information with the private sector, he said.
The agency has also created a document of essential knowledge for IT security officials and it is building relationships with U.S. universities, Garcia said. Although some lawmakers and cybersecurity advocates have recently criticized DHS, saying its cybersecurity efforts lack coordination and immediacy, Garcia defended his agency's work.
Asked if government agencies were more secure than when he joined DHS about two years ago, Garcia said: "My belief is they're more secure, and they're going to get more secure going forward."
In addition, US Web users and businesses are reporting thousands of more cyberattacks to US officials than they did five years ago, and the DHS National Cyber Security Division's budget has increased by nearly 500 percent in that time frame, Garcia said. "With our united effort, we can take back the Internet and show hackers and cybercriminals the recycle bin," Garcia said.