London, UK – 'Tis the season to be jolly - if you're a cybercriminal. Christmas is a time for giving and receiving, and every year without fail kids draw up their gift wish lists, which may include the latest tech gadgets such as smartphones, gaming consoles, tablets, 'intelligent toys' and a plethora of apps to fill their new devices.
However, many of the tech gifts that we're buying for our loved ones - particularly if they're connected to the internet - aren't as safe as we think. And if children aren't aware of the potential risks - and parents don't have the right knowledge or awareness themselves - then Christmas could turn into a technology disaster for all involved.
Recent research commissioned by SANS Institute looked at the attitudes and behaviours of 1000 UK parents and 1000 UK students aged 14-18 towards cybersecurity, and found that some UK households may not be equipped with the right skills to fend off cyber criminals, either at Christmas or in the longer-term:
- Aware of the risks? 72% of parents and 68% of students cited the biggest cybersecurity risk to their family as the theft of their personal information. This is no surprise, given recent attacks on Facebook and other household names leaking customer data into the ether. But how many of us can be really sure we are properly protecting that data?
- Lock up your tablets! Only 26.7% of students who own or have access to a device, rate the device as 'very secure.' Of that group of students, 69% believe their tablets are secure due to having anti-virus software installed. But AV software alone won't be enough to stop Christmas phishing scams. Educating young people and adults alike in how to spot a phishing email or a suspicious website is also critical.
- Beware those dodgy apps! 41% of students who believe their devices are insecure said this was a result of never reading privacy policies in full or never checking the security of the apps they download (52% of students). Could these students potentially be putting their devices at risk, and into the hands of cyber criminals by downloading dodgy apps?
- Disconnect? Parents educating kids: 46% of students who have heard of cybersecurity, said they heard about it from their parent or guardian. However, only 28% of parents who have heard of cybersecurity said that they themselves are 'very aware' of it. If parents are not confident about their knowledge or aware of the potential risks that come with connected devices, then chances are that teenagers may not be practising good security hygiene either. What's more, only 39% of parents who believe that the devices their children own or have access to are secure, report that they regularly check their children's devices.
But cybersecurity is for life, not just for Christmas; and parents and children need to be aware of online risks all year round. Cybersecurity awareness has a wider impact too. As a nation, we are facing a critical shortage of cybersecurity skills, and with today's young people poised to become our future workforce, the nation desperately needs to recruit more knowledgeable professionals into the cybersecurity industry to stop the bad guys from holding our technology - and our lives - to ransom. The best way to do this is to catch students at a younger age, and educate them about cybersecurity and what a career in the industry could bring.
Cyber Discovery is a free, extra-curricular programme, delivered by SANS Institute for the UK Government, that is open to students aged 14-18 across England, Scotland and Northern Ireland. It uses games, challenges and role playing to teach the basics of cybersecurity in a safe and fun setting. By encouraging students to think about cybersecurity early, the aim is to ensure the safety of our nation by bolstering our defences now.
Students have until 7 January to register and complete the series of fun assessment challenges. If they score highly enough, they will be invited to take part in the next phase, which offers hundreds of similar challenges designed to teach students the basics of cyber security in a fun and exciting way.
"People mistakenly believe they are not a target for cyber attackers. But the truth is, if you use technology in any way, you have value to hackers," commented James Lyne, Head of Research and Development at SANS Institute. "It's fair to say that many young people are now more digitally literate than their parents, so we're encouraging the younger generations to take a more active role in their own cyber education - and maybe even that of their parents! Security is not just about protecting personal devices, though. It could ultimately be as important as helping to protect the country at large. This is why it's important to share knowledge and reinforce the right type of behaviours online so that we're not leaving ourselves exposed to the idle hands of hackers - at Christmas, or otherwise."
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)