Enhancing users’ confidence in cyberspace, risks and solutions

Event report

The session identifiedthe risks that users should be aware of; challenges to address these risks; and the solutions needed to ensure a secure and human-centric cyberspace.

Ms Anastasiya Kazakova (Public Affairs Manager, Kaspersky) noted that the entire cybercrime landscape has changed in the last few months. She highlighted that it would not be correct to attribute all of those changes to the current pandemic; rather, the lack of trust and particularly the growing vulnerability from the users’ side are more important factors.. Since corporate data has moved from a secure corporate environment to a less secure and less protected home environment, it has become a very attractive target for ransomware and phishing attacks. Remote entertainment is unique to the first quarter of 2020. Per Kaspersky’s data, the average daily number of attacks blocked has increased by 25% since January 2020. The vulnerabilities of users stem from the lack of cyber awareness, the increasing sophistication of the threat landscape, the vulnerabilities in software and the delays in patching them, and the speed at which emerging technologies are developing.

Attacks on vulnerable infrastructure (such as elections infrastructure), government practices (hacking and exploitation of zero day vulnerabilities, use of cyber offensive operations), and companies’ bad security practices (failure to use effective security, and poor policies on disclosing vulnerabilities) were pointed out by Ms Julia Schuetze (Project Manager, International Cyber Security Policy, Stiftung Neue Verantwortung (SNV)). Schuetze noted that the legitimacy of the democratic process is at risk if people do not believe or trust the results of elections because of the use of technology. She also noted that attacks on critical infrastructure may move from attack on elections to attacks on cities, and, as we move to e-government services, this could be detrimental to users’ trust.

The session participants also noted that the stability of society, democracy, and values are the most important aspects that need protectionin cyberspace.

The vulnerability of one given user is very different from the vulnerability of another user, noted Mr Luca Antilli (Head of Media Literacy Research, Ofcom). OfCom data shows a big gap between user confidence in cybersecurity practices and actual online behaviour. Antilli brought up media literacy, noting that media literacy is about having skills to differentiate between safe and unsafe practices, having awareness and skepticism. Speaking about the effect of the COVID-19 pandemic, Antilli noted that it is a misconception that the lockdown increased user skills and awareness. He also highlighted the increase in doubt and the lack of trust in social media.

Kazakova also reflected on digital literacy, noting that users often think that platforms will secure users, whereas in fact platform providers can only secure the platform and not user behaviour, which is where digital literacy is important.

Mr Jaroslaw Ponder (Head of the ITU Office for Europe, International Telecommunication Union) likewise highlighted the importance of addressing digital skills. He noted the importance of ensuring that those who were forced to become a part of the digital society by the pandemic, such as the elderly, can engage properly, use ICTs properly, and avoid threats. For this reason the ITU has developed and launched the new Digital Skills Assessment Guidebook to assess the gaps in digital literacy in developing countries. The ITU will also launch a new set of global guidelines developed by the international community addressing four groups who make changes in digital space: children, educators, industry, and policymakers. Following that, the ITU will launch new studies focusing on the Western Balkans (WB) countries regarding child safety online. He noted that some WB countries do not have strategies and capacity building programmes for children; the ITU plans to provide some means for these countries to launch national initiatives in this regard.

The discussion on digital literacy of children also noted that children need a more rounded introduction to digital communications, one which is not based only on drawing their attention to unsafe practices. Their introduction also must address the opportunities to communicate, create, and share in the digital sphere. Cross-sectoral strategies that take into account trust and privacy are needed to make sure that the digital literacy provided to children can help them use ICTs confidently and produce digital goods.

Mr Vladimir Radunovic (Director of Cybersecurity and E-Diplomacy, DiploFoundation) noted that DiploFoundation maintains that digital literacy goes beyond understanding what is secure and not secure and passes into critical thinking, the responsibility of users, and understanding Internet governance in the digital age.

On the role of companies to ensure safety of users and their trust, Kazakova noted that Kaspersky’s Global Privacy Report 2020 finds that users are not secure in cyberspace due to privacy concerns as well as due to concerns around social rating (a person’s potential based on past actions, social circle, and the like). Kazakova underlined that service providers and IT developers need to be more transparent about security by design and security by default. She stressed that it is important to confront the fact that it is not ICTs that are dangerous for users. The use of ICTs can have negative implications on society. Ponder suggested that a checklist for the providers and hardware producers of what should be integrated into their services and products would be useful. Antili noted that human behaviour is one of the biggest contributors to ongoing lack of trust in social media and suggested that platforms should be more transparent in their reporting mechanisms.

By Andrijana Gavrilović