Gibson raised a number of security issues with a digital Britain, and pointed out potential security weak spots that could be, and are, exploited by cybercriminals.
The Microsoft CSO said that despite the UK having the “strictest spam legislation in the world”, for example, there are still “huge amounts of spam” – the anti-spam legislation only covers private spam, not business spam. Malicious spam can of course lead victims to malware websites and/or lead to other security threats.
Windows Vista – security overboard
Looking at Microsoft’s own products, Gibson said many have complained of Windows Vista being too slow, but said the reason why, is because Microsoft built a lot of security into Vista - “but we went a bit overboard”, he admitted.
Users are constantly asked whether they really want to do this and that, and in the end, users end up clicking ‘yes’ to everything, because most users cannot distinguish for example a safe ActiveX from an unsafe one, Gibson pointed out.
The Microsoft CSO warned people to think twice before accepting various plug-ins and installs online for security reasons.
He also warned against using the new Google Chrome without reading the terms and conditions carefully. He claimed once users accept Google’s terms and conditions for Chrome, it is “no longer your computer, but Google’s”.
Not only free browsers could pose a security issue, Gibson said. The free anti-virus and anti-malware software offered by more and more banks in the UK to make online banking safer, could cause serious problems on users’ computers if they already have a running anti-virus software. The two anti-virus software tools could start attacking each other and render the end user less secure than before.
Another security threat, Gibson told the audience, could be cloud computing. Do you know that your data is safe? And do you know where it is being stored?
Social networking – a security threat in more than one way
It is not only malware spread through social networking services that could pose a security risk, Gibson said, using a hypothetical example of soldiers on Facebook in Afghanistan.
Even if a soldier does not have a profile himself, one of his colleagues may blog about him/her exposing his/her whereabouts.
Furthermore, information found on social networking sites, could be used by cybercirminals for social engineering.
If a soldier posts ‘I’m going home on the 1 October’, a cybercriminal can use this information and send the soldier’s grandma an email pretending to be the soldier saying ‘I’m stuck in X. Please send me some money so I can get home’.
All responsible for security
In his concluding remarks, Gibson told the audience that we are all responsible for digital security by knowing what software we have on our computer, keep security software updated, and to think before clicking ‘yes’ on those security warnings.