Threat Intelligence

12:00 AM
Dark Reading
Dark Reading
Products and Releases

How Safe Is Your Online Behavior?

Carnegie Mellon researchers say the safety of your online behavior depends on where you're from.

PITTSBURGH – Selecting a password or deciding whether an email is a phishing email or not are among countless security decisions you make on a regular basis. Are you making the right decisions? Do you consider your online behavior safe? According to the latest research out of Carnegie Mellon University’s CyLab, it actually depends on where you’re from.

"By and large, users are working primarily with security tools that are designed by and for western users,” says Nicolas Christin, a professor in the departments of Engineering and Public Policy and the Institute for Software Research. “What we wanted to find out was: does that matter? How does your country of origin affect your online security behavior?"

The study was presented at last month’s ACM CHI 2017 conference in Denver, CO.

"We found that people from different countries exhibit significantly different security behaviors," Christin said. "For example, participants from some Asian countries – especially Japan – tend to exhibit less secure behavior."

The researchers are unsure why Japanese users are particularly more relaxed when it comes to security, but hypothesize that it may have to do with overall security in Japan. 

"Japan has had for many, many years one of the lowest crime rates in the world," Christin says. "We speculate that this may cause them to be a lot less concerned in security than some of their counterparts like France or the USA."

Participants from the USA and France exhibited the highest security scores in the study.

These findings help pave the way towards designing more personalized security tools. Information about users’ location, for example, could help set more effective default system security settings. Christin offers an analogy.

"When you go to a doctor, they can give you pretty good advice on fighting a cold," Christin says. "… but their advice is a lot better if they know what kind of diet you follow or what kind of exercise you routinely do."

In the study, Christin and his team created an online survey to collect information about security behavior of participants in seven different countries: China, France, Japan, Korea, Russia, the United Arab Emirates (UAE), and the United States (US). These countries were chosen, the authors say because they represent five different geographical regions and consist of nearly one-third of the total world population.

After overcoming various challenges in translating the survey into six other languages (e.g. the use of double-negatives does not translate well into Japanese), the survey was sent to and taken by 3,500 participants – 500 from each of the seven countries under focus.

Other authors on the study included Electrical and Computer Engineering Ph.D. student Mahmood Sharif and KDDI Research, Inc. researchers Yukiko Sawaya, Ayumu Kubota, Akihiro Nakari and Akira Yamada.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo Global,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.