With trouble only one click away, it’s nice to know people like Jeff Gardiner are on the case.
Gardiner, central information security officer, is part of a working group in information security – a Senate sub-committee. He stays busy formulating security policies, identifying risks and recommending best practices and network policies. Safe to say, he is kept busy.
His latest venture is to create a greater awareness across campus of the proliferation of cybercrimes.
In a recent study by the Internet security firm Norton, the Norton Cybercrime Report 2011, the cost of global cybercrime was calculated at $114 billion annually. Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost. With 431 million adult victims globally in the past year – and at an annual price of $388 billion globally based on financial losses and time lost – cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).
While more than two thirds of online adults (69 per cent) have been a victim of cybercrime in their lifetime, the study identifies men between 18-31 years old who access the Internet from their mobile phone as even more likely victims. In this group, four in five (80 per cent) have fallen prey to cybercrime.
“It’s not surprise cybercrime is a huge problem,” Gardiner says. “They estimate about every 14 seconds there’s a new victim; so annually there’s millions more new victims.”
At Western, Gardiner says technical protections are in place to guard against outside forces. But the campaign hopes to educate users on their online behavior and make them aware of what’s going on.
Information on eWellness is popping up across campus on flatscreens and will soon be available on the website, security.uwo.ca.
“The trend itself is changing,” Gardiner says. “Sure, we’ve seen those e-mails that somebody works for someone in Nairobi and those are quite obvious. But the threat is evolving from ‘phishing’ to ‘spear phishing,’ where they actually target information directly to you.”
The idea behind ‘spear phishing’ is your computer gets infected with a virus which then harvests the computer for addresses you know, sites you visit, etc. That information is then used to gear a phishing e-mail on a more personal level.
“They are selectively starting to get more intelligence on the victims and that makes the likelihood of these people being victimized greater,” Gardiner says.
More often than not, even these ‘spear phishing’ attempts have hallmark traits, such as requesting money through some method, money exchanges and/or the promise of greater wealth for a small investment.
“If you really know the person in the e-mail, you’re going to phone them up and see if it’s really them,” Gardiner adds.
In addition to scams, he hopes to educate students, staff and faculty about giving out personal credentials.
“In our environment, we have great financial value in some of the online resources that our library system has,” Gardiner says. “When we have students giving out their credentials to unauthorized folks, they come in and just harvest these online resources and that just gets us shut down legitimately from accessing our stuff.
“We’re trying to get people to think about their online behaviours, such as the sharing of credentials, the consequences of identity threat, and the value of their Western identity. The magnitude of the problem is large enough that people have to take it seriously.”
The two most heavily attacked services on campus are SSH (Secure Shell), used by lot of researchers, and RDP (remote desktop), which receive in excess of one to one-and-a-half million attacks per day.
“That is a behavioural thing. At the end of the day, all the technical constraints in place to protect our infrastructure won’t have any value if people are willing giving out information,” he says. “Denying the threat is as much a problem as not dealing with it.”