Welcome to VMblog's roundup of expert commentary in honor of Internet Safety Month! In this digital age, where connectivity and online activities have become an integral part of our lives, it is crucial to prioritize and enhance our understanding of internet safety. To help you navigate the vast landscape of online security, we have gathered insights from some of the industry's top experts who have dedicated their careers to safeguarding users from potential threats, scams, and privacy breaches. Their valuable perspectives and advice offer a wealth of knowledge to ensure a safer online experience for individuals and families alike.

Internet Safety Month serves as a timely reminder of the importance of proactive measures to protect ourselves and our loved ones in the digital realm. Throughout this roundup, you will find a diverse range of ideas, as these industry experts bring their extensive experience and deep understanding of the evolving cyber landscape, shedding light on emerging threats and offering practical strategies to mitigate risks.

Let this compilation of expert commentary serve as a valuable resource to you. Stay informed, and take proactive steps towards a safer and more secure online experience.

--

Eve Maler, CTO, ForgeRock

"Children today grow up in a world surrounded by connected devices and smart technology. Combined with the rise of social media apps and access to online services, there are evolving challenges to children’s data privacy, particularly as they can easily submit false information to access age-restricted content.
 
Given today’s regulatory environment and the decreasing tolerance for abusive or inappropriate online experiences for children, it’s fair to say that services that do not verify a user’s age are doing things very "wrong." In light of Internet Safety Month, to better protect children, enterprises must balance knowing enough information about these users and knowing too much. They must also ensure that parents and guardians have the ability to consent to the right level of data sharing so that children are receiving the right kind of content."

++

David Divitt, Senior Director of Fraud Prevention and Experience, Veriff

"The recent AI boom has provided a wealth of tools for businesses to predict methods of fraud and bolster their defenses – but they’re not the only ones who benefit. As much as businesses are now able to predict fraudulent behavior and adjust their approach to stopping it, fraud actors are likewise able to leverage AI to predict those predictions and stay ahead. Sophisticated fraudsters have already been using combative neural networks for some time to probe fraud prevention solutions for weaknesses. AI tools also allow for automated attacks en masse – and even if only a miniscule fraction of them work, that’s still a free victory for criminals that requires little to no effort. Companies cannot afford to let their fraud prevention tactics and solutions grow stale, and must regularly assess and update them using the latest AI tools to stay one step ahead – because that’s what the people trying to defraud them are doing."

++
 
Anudeep Parhar, Chief Operating Officer, Entrust

"As hybrid work becomes the new normal, and consumers increase digital interactions – from online shopping to paying their bills – we all face an even greater risk of cyber threats and fraud. Today, many of the current security solutions for identity management are no longer effective. In fact, 51% of consumers are resetting a password at least once a month simply because they can’t remember it.
 
Just like enterprises, consumers need to make cybersecurity a top priority for their families. Embrace a Zero Trust mindset at home – assume a bad actor is already in your system and consistently change your passwords, enable multi-factor authentication, and even look to adopt single sign-on or passwordless login wherever possible.
 
Cybersecurity threats will continue to become more advanced, by preparing our systems and ensuring best practices, both at home and at the workplace, we can ensure safer internet interactions and limit damage from potential breaches."

++

Jeremy Chung, Head of Solutions Engineering, SPHERE

"This day and age, there is a lot to consider when thinking about how to keep data safe.  So much of it really comes down to knowing where your data “lives” and who has access to it.

For the average person, having a sense of what software companies, applications and retailers have your personal data on file is a good practice. If this seems like a difficult task, there are plenty of online tool recommendations that aim to make reclaiming your data simple and easy, or you can request these removals yourself, with a little research (each internet property is different, so you will have to go to each site you have used to determine how to do this). For accounts you choose to keep, protecting them with strong and unique passwords and enabling multi-factor authentication is a great place to start.

For businesses, especially larger ones, understanding and limiting which users and accounts have access to what data can be the difference between a strong security posture and a business catastrophe. Security-minded organizations and companies with compliance requirements have mandates to know who has access to what data. The risk presented by unmanaged data access is significant and can lead to many negative outcomes in the event of a breach including lateral movement of malware, major business interruptions, fines, and crippling reputational damage.

It truly pays to get granular and understand where your critical data resides and who should have access to it!"

++

Will Bass, Vice President of Cybersecurity Services at Flexential

"As the workforce continues to move towards working from anywhere, it is important for organizations to put additional defenses in place to protect workers. Bad actors know workers are more susceptible to compromise when working from home or on the road and have targeted them on their home networks or while working from public Wi-Fi. Educating users about these threats and taking a defense-in-depth approach to endpoint security is key to reducing the risk of compromise and protecting company data."

++

Todd Moore, VP of Encryption Products at Thales

"As internet bandwidth and usage continues to expand, more and more critical business data is being streamed online through zoom calls, daily corporate backups, and hybrid cloud applications and personal data via social media, online games, and streaming services. This makes internet safety a growing priority for both work and personal environments.
 
For consumers, keeping their online identity safe requires them to be better versed in the threats that come along with our digital world. The Thales team ran a consumer report which found 44% of respondents are afraid their identities will be stolen in a cyberattack. So how can they keep their personal data and digital identity safe from an attack? Users should consider incorporating a multi-factor authentication (MFA) approach to keep themselves protected.
 
When it comes to organizations, there needs to be better education around data in motion. Businesses typically place efforts behind keeping data at rest (what’s stored in their databases) protected against threats but it’s just as critical to protect data that’s moving across the organization, across regions and globally. Putting measures in place like encryption with full key management lifecycle practices keeps data in motion protected, safeguarding sensitive assets regardless of the environments they are traveling through.
 
Creating a safe internet relies on better cyber education, not just in the workplace but also within our homes to best protect sensitive business and personal data from bad actors."

++

Sounil Yu, CISO and Head of Research at JupiterOne

"As an industry, we need to improve upon the terms we use. We often use "internet safety" and "internet security" interchangeably, but these terms are not synonymous. To simplify the distinction between safety and security, it helps to use another descriptor alongside these words. For instance, food safety practices include hygiene, third-party inspections, and checklists. On the other hand, food security brings to mind concerns about shortages of baby formula, potential poisoning of the food supply, and starvation.

If you believe that compliance does not equate to security, it might be because compliance is more akin to safety. However, good safety practices do not eliminate the possibility of intentional compromise. Nonetheless, safety practices that promote high-quality outputs allow investigators to swiftly rule out accidental causes when breaches occur.

Focusing on safety cultivates a sense of personal responsibility, encouraging users to adopt safety measures in the activities they engage in, the information they share, and the online expectations they uphold. By underscoring the importance of cyber safety practices that can be maintained and executed at the individual level, we can diminish the risk of more severe cybersecurity threats."

++

Ricardo Amper, CEO and Founder at Incode Technologies

"The discussion around Internet Safety often overlooks the connection between our real-world and online identities. During account creation, the verification of real-world identity is often neglected, leaving individuals vulnerable to the creation of fraudulent profiles using their personal information or exposing them to the threats of cyberbullying and online predators.

As society continues its rapid transition into the digital world, biometrics enables us to prioritize internet safety. Authentication post-enrollment is only possible with biometrics. Biometric verification serves as a robust security measure increasingly replacing hard-to-remember and easily stolen passwords as protection against the ever-growing threat of sophisticated fraud. Vendors that integrate identity verification, transaction monitoring, and analytics to combat fraud in milliseconds - while helping businesses comply with local regulations and providing a frictionless customer experience -  will help build an internet landscape that empowers and protects, ensuring a brighter and safer digital world for generations to come."

++

Thomas Carter, CEO at True I/O

"With the increasing prevalence of cyber threats and data breaches, protecting our online activities has become more critical. Blockchain technology holds the potential to revolutionize internet security by providing enhanced protection and resilience. 

Incorporating Blockchain into Internet Security

Blockchain technology, with its decentralized and transparent nature, offers several advantages for improving internet security:

1. Decentralization and Immutable Records: Blockchain operates on a decentralized network, eliminating the reliance on a single point of control. By distributing data across multiple nodes, blockchain mitigates the risk of single points of failure and makes it incredibly challenging for hackers to manipulate or compromise information. The immutable nature of blockchain records ensures that once data is added to the chain, it cannot be altered or tampered with, providing a robust data integrity layer.
2. Identity Management and Authentication: Identity theft and unauthorized access are common threats on the internet. Blockchain's cryptographic mechanisms can enable secure and decentralized identity management. Blockchain-based identity solutions ensure that only authorized individuals can access sensitive information or perform transactions by utilizing public-private key pairs and digital signatures. This enhances authentication processes, reducing the risk of fraudulent activities and unauthorized access.
3. Secure Data Storage and Sharing: Traditional centralized storage systems are susceptible to data breaches. Blockchain offers a secure and distributed approach to data storage. By encrypting data and distributing it across the network, blockchain prevents unauthorized access and ensures data integrity. Moreover, blockchain-based platforms can enable secure data sharing and collaboration without compromising privacy, allowing users to maintain control over their information.
4. Smart Contracts and Trustless Transactions: Blockchain's smart contract capabilities provide secure and transparent transaction opportunities. Smart contracts are self-executing agreements that automatically execute predefined conditions without the need for intermediaries. By leveraging blockchain's trustless environment, transactions can be conducted with enhanced security and transparency, reducing the risk of fraud and manipulation.
5. Enhanced Cyber Threat Intelligence: Blockchain technology can facilitate the sharing of cyber threat intelligence securely and anonymously. Organizations and individuals can contribute and access threat information by utilizing distributed ledgers without compromising sensitive data. This collaborative approach enhances the collective defense against cyber threats and empowers security professionals to stay one step ahead of malicious actors.
   

As we observe Internet Safety Month, exploring innovative solutions to enhance online security is crucial. Blockchain technology offers a promising paradigm shift in how we approach internet security. By leveraging decentralization, encryption, and smart contracts, blockchain can significantly strengthen the security posture of our digital lives"

++

Darren Guccione, CEO, Keeper Security

"Keeping children, young adults or anyone safe online requires a multi-faceted approach that includes the right tools, monitoring and education. Children and elderly adults are prime targets for cybercriminals, due in part to lack of knowledge and experience with online threats including phishing scams and social engineering. A password manager can help people stay safe while using the internet by generating and storing strong, unique passwords for their accounts that can’t be easily compromised. This practice helps protect accounts and home networks from being hacked by reducing the risk of password cracking.

Technology should not be your only cyber defense. Education is also a vital component to internet safety. Anyone planning to use the internet should learn to watch for phishing scams including how to identify suspicious links that could include malware or malicious links.

For parents, this means educating themselves or finding a trusted resource that can explain the concept of phishing and emphasize the importance of privacy using age-appropriate language. Parents should also know that online safety is not a one-time conversation. They should strive to keep an open dialogue that encourages their children to ask questions and discuss any concerns they have about safely navigating the internet. Promoting the use of password managers from an early age can help expose children to good digital hygiene habits and promote safe online behavior that will hopefully lead to lifelong practices that protect against current and future threats from bad actors." 

++

Mandy Andress, CISO, Elastic

"This Internet Safety Month, we must remember to hold our vendors, service providers, and software suppliers accountable for offering secure solutions out of the box. Instead of simply providing access to secure default configurations from the start, vendors regularly charge a premium for fundamental (yet necessary) security features like single sign-on (SSO), encryption, and multifactor authentication (MFA). Organizations that fail to update these default configurations themselves are consequently more exposed to cybersecurity threats, which is why we must ensure that vendors are supporting minimum security standards and providing products that are both secure by design and secure by default. Securing their customers needs to be a core business requirement, not just a technical feature that can be sold for an additional cost.

Additionally, all organizations should consider developing security in the open, which enables security practitioners to see the underlying code of a product and understand how it works in their environment. This will help security teams identify any blind spots and address gaps in their security technology stack, which is especially vital given that no single security product can protect against every known (and unknown) cybersecurity threat."

##