Threat Intelligence

6/19/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

How Safe Is Your Online Behavior?

Carnegie Mellon researchers say the safety of your online behavior depends on where you're from.

PITTSBURGH – Selecting a password or deciding whether an email is a phishing email or not are among countless security decisions you make on a regular basis. Are you making the right decisions? Do you consider your online behavior safe? According to the latest research out of Carnegie Mellon University’s CyLab, it actually depends on where you’re from.

"By and large, users are working primarily with security tools that are designed by and for western users,” says Nicolas Christin, a professor in the departments of Engineering and Public Policy and the Institute for Software Research. “What we wanted to find out was: does that matter? How does your country of origin affect your online security behavior?"

The study was presented at last month’s ACM CHI 2017 conference in Denver, CO.

"We found that people from different countries exhibit significantly different security behaviors," Christin said. "For example, participants from some Asian countries – especially Japan – tend to exhibit less secure behavior."

The researchers are unsure why Japanese users are particularly more relaxed when it comes to security, but hypothesize that it may have to do with overall security in Japan. 

"Japan has had for many, many years one of the lowest crime rates in the world," Christin says. "We speculate that this may cause them to be a lot less concerned in security than some of their counterparts like France or the USA."

Participants from the USA and France exhibited the highest security scores in the study.

These findings help pave the way towards designing more personalized security tools. Information about users’ location, for example, could help set more effective default system security settings. Christin offers an analogy.

"When you go to a doctor, they can give you pretty good advice on fighting a cold," Christin says. "… but their advice is a lot better if they know what kind of diet you follow or what kind of exercise you routinely do."

In the study, Christin and his team created an online survey to collect information about security behavior of participants in seven different countries: China, France, Japan, Korea, Russia, the United Arab Emirates (UAE), and the United States (US). These countries were chosen, the authors say because they represent five different geographical regions and consist of nearly one-third of the total world population.

After overcoming various challenges in translating the survey into six other languages (e.g. the use of double-negatives does not translate well into Japanese), the survey was sent to and taken by 3,500 participants – 500 from each of the seven countries under focus.

Other authors on the study included Electrical and Computer Engineering Ph.D. student Mahmood Sharif and KDDI Research, Inc. researchers Yukiko Sawaya, Ayumu Kubota, Akihiro Nakari and Akira Yamada.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.