We all know that spending on cybersecurity has been on the rise lately, as everyone from major corporations to military groups ramp up their cyberdefenses. A new study from Kaspersky Lab (News - Alert) suggests this could be a good idea, as regular users don't fare so well in spotting some potentially major cyber-threats.
The Kaspersky Lab study was simple enough in nature, asking users to download a copy of The Beatles' hit “Yesterday.” Twenty six percent of respondents went with the “safe” option of a .wma file, while the rest proceeded in less-than-secure directions. Better than a third—34 percent—of users turned to an .exe file, which went under the filename “Beatles_Yesterday.mp3.exe”. Another 14 percent turned to a .scr file, while 26 percent used a .zip option. The problem here is that each of these three file types has the potential to contain malicious content.
For other types of files and media, the situation didn't improve. Twenty-one percent of users turn to several different online sources for downloading files, which increases the odds of hitting malicious content. Just 24 percent could recognize a genuine webpage as presented against phishing options, and when presented with several options for sites on which to enter data, 58 percent were prepared to input data into a fake.
Kaspersky Lab principal security researcher David Emm compares some parts of the Web to a “dodgy bar” where users wouldn't normally flash their cash, and recommended similar user response. Even Emm, however, acknowledges that this is somewhat futile; cyber-criminals are constantly at work to develop new threats, and what may not look like a threat today may be the most obvious sign of all in a week.
It's easy to mock people for being less than computer-savvy, but when even one of Kaspersky's biggest researchers is noting that anything an average user learns today could be rendered largely invalid by developing events, trying to pin the blame on users here is a tougher sell. Sure, it's seldom a good idea to download .exe files, but many of our standard apps start with these files. Could anyone ever use Mozilla (News - Alert) Firefox without downloading an .exe? Some protections are too simple to pass up, however, like looking for the S in https addresses or similar matters.