Presentation on theme: "Cyber Safety Awareness Bahrain British Business Forum 21 February 2012 Ahmed J. Aldoseri Cyber Safety Director, TRA Bahrain ECSA, CEH, CEI, RHCI, RHCE,"— Presentation transcript:
Cyber Safety Awareness Bahrain British Business Forum 21 February 2012 Ahmed J. Aldoseri Cyber Safety Director, TRA Bahrain ECSA, CEH, CEI, RHCI, RHCE, MCSE, MCSA, A+, CQS-Security, Law Student
Agenda Overview 1 Bahrain Market Numbers 2 Benefits of the Internet 3 Threats 4 Solutions 5 Emphasis on Children 6 Questions… 7 TRAs SafeSurf DVD Initiative
Bahrains Market 242,000 Fixed Lines 107,000 Wimax subscribers 1.7 million Mobile phone subscriptions 290,000 Broadband Subscribers 694,000+ Internet Users 128,000 Mobile Broadband Subscribers Sources: TRA analysis Internet World Stats
Internet: Requirement or Luxury? Maslows Hierarchy of Needs Internet?
Internet Use Work Entertainment Study In short: the Internet improves our way of life!
So what do we do on the Internet? Source: Nielsen/TRA survey, January 2012
Internet Usage in Bahrain - Adults Study conducted in 2010 (816 Adults) –Generally experienced Internet users –Low Internet security awareness –High level of trust –Frequently exposed to negative online experiences –No sources of reliable information for Internet advice Source: TRA Analysis, 2010
Online Risk-Taking Behaviour of Adults Opened an email attachment that wasnt from a trusted source Received a virus from an email or a download Posted personal information on a website Shared personal information with someone they only met online None of the above Source: TRA analysis
Why is Cyber Safety relevant? High level of trust placed upon technology Relatively new area of crime legislation Constantly changing digital threats Security is by and large not a priority for many Potential for damage is huge!
Sample Threats – Spear-phishing Special form of phishing Targets a single individual Rate of success is much higher than normal phishing attempts Very difficult to defend against Example…
Example Spear-phishing Email Dear Ahmed, My name is Khalid, Im subscribed to your websites mailing list. I called your office earlier but you werent at your desk. The receptionist said you are the person to speak to, so I asked for your email address. Ive visited your website recently to look for regulatory information pertaining to number portability, and was shocked to find such a government organization hosting highly objectionable files concerning recent events in Bahrain! This is highly irregular and is damaging Bahrains reputation! I hope no one in the media noticed this… A sample PDF from your website is attached for your quick reference. As a Bahraini citizen I urge you to kindly remove such files as soon as possible. Best wishes, Khalid Telecoms Consultant From: Khalid_1976@gmail.com To: email@example.com Subject: TRAs Website
Lotteries Congratulations! Youve won $50,000,000/-!!! How such frauds work… –Fees –Compromising computers Sample real stories… –Sample #1: Microsoft told me I won… –Sample #2: The caller said he was from a local mobile operator…
Mobile Security Issues Smart phones of all types are great targets! You may receive a text message from your operator with new settings… –If installed, malicious software is installed Leads to disclosure of… –Bank account details –Contact lists –Messages Unverified applications are a favorite source –Jailbreaking (iOS) –Open Market (Andriod) –Windows Mobile –Symbian
Defacement Microsoft India retail website defaced – Arabian Gazette, 14 Feb 2012
General Advice Awareness, education, and some more awareness! –Need to recognize, and accordingly act, on the importance of cyber safety Do not freely share your personal information online Procure legitimate software from trusted offline and online sources Ignore emails and attachments from untrusted sources, and be wary with trusted sources If it looks suspicious, or too good to be true, it probably is! Be wary of public wireless networks, and secure your own
Some More General Advice Do not use information in public IDs (e.g. email addresses) that will give away personal information –Such as firstname.lastname@example.org, email@example.com, etc. Use strong passwords that only you would remember –Do not use names, dates, phone numbers, pet names, etc. –Example of a strong password: I L0ve the BBBF! 16 characters long, yet easy to remember Includes upper and lower case, special characters, and numbers Near-impossible to crack Install and keep up-to-date protection software (Antivirus, Internet Security, Firewall, …) –On your computer, laptop, phone, … Never click on links within emails; instead, type the address manually
Advice for Businesses Establish and enforce a corporate security policy –Passwords –Securing data storage and transmission –Document classification Ensure security is built-in, not bolted-on –Security should be considered throughout your IT architecture –Only deal with contractors that are security-conscious –Get audited and certified! Prepare for recovering from disasters –Test your preparations –Ensure at a minimum that critical staff can continue working Empower your technology staff with the tools and resources to do their job
Food for thought… It is possible to deter a hacker, and to make it very difficult for him to succeed, but it is impossible to stop him… Prevention is ideal, but detection is a must There really is someone out there trying to guess your passwords The one thing worse than not being secure, is having a false sense of security
Children and the Internet (1/2) – TRA 2010 Study Daily usage of the internet an average of 2.5 – 3.5 hrs Homework, playing games or to interact with other people. Use apps; including instant messaging, chat rooms, games, blogging and Social Networking Sites (SNS) There is no real understanding of what is meant by personal information Children do not share their online experience with adults
Children and the Internet (2/2) TRA 2010 Study Most parents do not participate in online activities with their children Most children have unsupervised access to the internet and there was little significant variation by nationality, religion, age or gender Cyberbullying is a problem identified by young people and teachers Teacher humiliation on SNS is becoming problematic Teachers feel they lack the skills as many young people are more computer literate than they are There is no formal internet safety training at schools Children are reluctant to seek advice out of fear of being reprimanded
ALERT! ALERT! ALERT! Older children (14 – 18) take the most risks; sharing personal information with strangers and opening email attachments from an unknown sources. 43% of children surveyed had met with an online contact who they had not met in person before.
Advice for Parents Communicate –The first thing you should do is talk to your children about what they should and should not do online –Befriend them; show your interest in what they do Get involved –Talk to your children and understand the ways they are using the Internet and mobile phone Be aware –Your child may as likely cyberbully as be a target of cyberbullying. Be alert to your child seeming upset after using the Internet or mobile phone Learn how –Use safety tools on a particular service or program. Most services have block or ignore buttons, privacy settings, etc.
Some More Advice for Parents Remind your child –Dont respond to bullying messages – at least not in anger –People, not computers, should be their best friends Take precautions –Make use of parental software –Review the activities of your child every now and then –Keep the computer in a common, well trafficked, room Keep the evidence –If you feel the threats or cyberbullying is serious, report it to the police
Advice for Children Respect others –You cant see the impact of your words or images on other people, so it is important to show respect Think before you send –What you post online could stay there forever! Keep your personal information to yourself –Treat your password like your toothbrush! Only give personal information (mobile number, website address) to trusted friends Block the bully –Learn how to block or report someone who is behaving badly, and dont retaliate or reply in anger Save the evidence –Learn how to keep records of offending messages, pictures or online conversations Make sure you tell –Please talk to an adult you trust – your parents, older sibling, or your teacher.
SafeSurf DVD DVD Objectives Provide free antivirus software Help identify risks Educate & make aware Raise level of ICT literacy Make it a part of everyone's life Positive experience Explore the benefits The DVD will raise the level of awareness on how to interact with other internet users and will teach the user to explore the internet in order to create, to share, to participate, to communicate and to transact Safely and Securely
DVD Features The DVD will be narrated in the top 5 languages that are used in the Kingdom of Bahrain with additional resources available in all languages, catering for those who might be illiterate and not able to read. 1 st of it kind Interactive Narration + Subtitles Platform neutral Very Informative & Useful resource Translation & Narration Recording 1.Arabic 2.English 3.Malayalam 4.Bengali 5.Urdu