Safer Internet Day
is an annual event that is being celebrated today, February 6, 2024.
The day was established by the European Union in 2004 to raise awareness
about online safety and encourage individuals to use the internet in a
responsible and positive manner. With the rapid growth of the internet
and its increasing usage in every aspect of our lives, it has become
crucial to promote a safe and secure online environment for all.
The world is uniting behind a common theme for Safer Internet Day, "Together for a better
internet."
Another key area
to consider during Safer Internet Day is privacy. The internet has
changed the way we live, work, and communicate, but it has also made it
easier for personal information to be collected, shared, and used
without our consent. Safer Internet Day raises awareness about the
importance of privacy and encourages individuals to take control of
their personal information by being mindful of the information they
share online and using privacy settings to control who has access to
their data.
VMblog reached out to a number of industry thought leaders to receive
expert commentary on creating and keeping a safe environment.
---
Darren Guccione, CEO and Co-founder, Keeper Security
A
fundamentally “safe” internet is simply not feasible with the barrage
of threats that individuals and organizations face in today’s world. In a
new study by Keeper Security, 92% of IT security leader respondents
reveal that cyberattacks are more frequent now than one year ago- and
growing more sophisticated. AI-powered attacks, deepfakes, cloud jacking
and fileless attacks topped the list for the emerging attack vectors
they feel least equipped to defend against.
Although the
internet itself will always pose risks, organizations can be safe online
by developing a proactive approach to cybersecurity, combining advanced
defense mechanisms and basic best practices to mitigate and fight
existing attack vectors and burgeoning threats. Specific steps include:
- Leveraging
strong, unique passwords for every account and enabling strong
multi-factor authentication (MFA). Stolen credentials have long been a
leading cause of breaches and cyberattacks. It is essential to use a
password manager to create high-strength random passwords for every
website, application and system.
- Exercising an abundance of
caution when it comes to opening email attachments and clicking on
hyperlinks. Bad actors are increasingly using generative AI to create
realistic phishing emails and URLs for spoofed websites and generating
variants as fast as they can to circumvent spam detectors.
- Deploying
a Privileged Access Management (PAM) solution. PAM helps IT
administrators and security personnel manage and secure privileged
credentials, and ensure least privilege access. This, combined with
tightly monitored access and activity, can greatly reduce cyber risks.
In the event a cybercriminal is able to gain access to an organization’s
networks, PAM can minimize the blast radius by preventing lateral
movement.
Following these proactive steps
significantly reduces the likelihood of falling victim to online
threats, ultimately creating a safer internet experience.
++
Anna Larkina, web content analysis expert at Kaspersky
Safer Internet Day 2024 comes along with data fears about limited access imposed on various popular apps, causing users to circumvent the new rules by downloading replacements. In an era where vast amounts of data is constantly being collected and analyzed, the risks of data breaches, identity theft, and invasions of privacy are more pronounced than ever. Restricting popular apps has become a more frequent practice than it used to be. Users looking for a replacement do not always get a quality app with a transparent privacy policy. Knowing users' rights and paying attention to who and how the app collects data can help prevent personal information from falling into the wrong hands.
++
Anthony Cusimano, Technical Director, Object First
In the digital age, internet safety is often overlooked in comparison to traditional safety measures for items like cars and homes. However, the increasing awareness of how our digital information can be exploited has brought to light the potential dangers in both the online and physical realms. Cyberbullying, social engineering, browser-based attacks, doxxing, and DDOS attacks are among the malicious tactics employed. In response, businesses have embraced the Zero Trust concept to enhance security, and backup admins have Zero Trust Data Resilience (ZTDR), but everyday internet citizens still need a best practice. Recognizing the need for a user-friendly approach, I present Zero Trust for Normies (ZTN).
The simplicity of ZTN lies in a few fundamental steps. First, adopt a skeptical mindset, assuming hidden intentions behind every online interaction. This involves considering the potential consequences of all posted content and being mindful of sharing personal information, even your birthday. Second, prioritize unique passwords for every account, utilizing password managers to thwart hackers attempting to exploit compromised credentials. Additionally, ZTN encourages users to resist engaging with trolls, recognizing their intent is to be fed by inciting anger or gathering personal information during a back-and-forth debate.
While these steps may seem basic, they serve as a reminder that collective efforts of following Zero Trust — whether through developers enhancing security measures, backup admins leveraging ZTDR, or individuals implementing ZTN in their online practices — can reclaim the internet as a space for innovation, knowledge sharing, and creativity while mitigating risks posed by malicious actors.
++
Rick Vanover, Senior Director, Product Strategy at Veeam Software
There is no silver bullet when it comes to protecting against cyber-threats like ransomware from happening, but there are ways to ensure data recovery when it is needed most. Around the world, businesses have surely seen the full force of ransomware’s impact in recent years. According to the Veeam Data Protection Report 2024, 76% of organizations were attacked at least once in the past 12 months, and 26% of those reported being attacked at least four times. Recovery is still a major concern, as only 13% believe they can successfully recover. This Safer Internet Day, organizations need to ensure they are cyber resilient and prepared for any cyber incident; and when the worst happens, they are able to recover their data as quickly as possible. Enterprises should follow data protection best practices such as the 3-2-1 rule to have multiple backups available, immediate lockdown to isolate and control the threat, regular monitoring and education, speedy response, and reliable recovery. By shrinking the gap between incident and recovery, organizations can make sure everything is secure across their entire data management provision and keep their business running without disruption. Following these best practices for rapid response and recovery will enable them to not just bounce back from an outage or data loss, but to bounce forward.
++
John Gallagher, VP of Viakoo Labs
Safer Internet Day is a good time for enterprises to reflect on their cybersecurity efforts, ensuring that they extend to every business function and unit. To create strong defenses on an organization-wide scale, companies should consider the following:
- Make non-IT teams accountable for security and reward them based on it. This includes empowering employees to achieve goals through training, fostering cross-functional team discussions on best practices, and tracking metrics. Progress in security awareness training within organizations is critical.
- Rely on automation where possible. With Internet of Things (IoT) devices, in particular, manual methods do not scale for password rotations, firmware patching, or certificate management. Likewise, using an automated asset and application discovery solution eliminates guesswork on security status and what systems are vulnerable.
- Expand security audits outside of IT to all parts of an organization. For example, consider implementing quarterly reviews of external systems to ensure Multi-Factor Authentication (MFA) is enabled and all users are provisioned with appropriate access. Extending security audits to all systems will ensure they are all reviewed and monitored, reducing the chances of a cyber incident.
++
Patrick Harr, CEO, SlashNext
Since the Internet was born, it has continued to bring new advancements, new collaboration tools, new communities, knowledge sharing platforms, and other tools to improve daily life. But of course, it’s also a breeding ground for cybercriminals and threat actors who quickly find a way to abuse any new innovations. An excellent example is the introduction of the QR code (quick response codes). QR codes were first used in 1994 but started gaining rapid adoption more recently and today are widely used in the supply chain, marketing, mobile payments and information sharing. They especially took off during the global pandemic as a safe, contactless way to make payments, open restaurant menus, etc. Right on cue, as QR codes became more prolific, cybercriminals developed ways to wield them for malicious purposes. QR code phishing (quishing) and QR link jacking (QRLJacking) exploit the trust and convenience of QR codes and instead directing users to malicious sites for credential theft, delivering malware and gaining access to users’ mobile devices to steal personal and financial information. Security researchers have recently observed a 50% surge in QR code-based phishing attacks, and unfortunately, it’s not easy to determine a legitimate QR code from one with malicious intent. People should not scan any randomly found QR codes, think twice about entering any user names/passwords if a QR code takes you to a login page unexpectedly, and certainly if a QR code physically looks like it’s been tampered with, don’t scan it. To be fully protected from quishing or QRLJacking campaigns though, users need security solutions that can block all malicious QR codes in both personal and business settings.
++
Manu Singh, VP, Risk Engineering, Cowbell
From work to education to entertainment, ensuring a safe online experience is crucial. Safer Internet Day raises awareness about online safety issues to promote safe digital habits, especially for children and young people. The slogan, “Together for a better Internet,” encourages everyone to join the movement and play a role in building a safer Internet.
In addition to standard best practices like using strong, unique passwords and enabling Two-Factor Authentication (2FA), here are a few best practices to follow to safely use the Internet.
- Stay Informed About Phishing Scams: Be cautious of unsolicited emails, messages, or links, especially those requesting sensitive information like passwords, credit card details, or Social Security numbers.
- Be Cautious with Downloads: Only download files, software, or applications from trusted sources, such as official websites or app stores (e.g., Google Play Store, Apple App Store). Be cautious with email attachments and only open them if you trust the sender.
- Keep Software and Operating Systems Updated: Regularly update operating systems, web browsers, and software applications. These updates often contain security patches to address known vulnerabilities. Consider setting computer and mobile devices to automatically download and install software updates.
- Look for HTTPS Encryption: Ensure that websites you visit use HTTPS (HyperText Transfer Protocol Secure). Look for the padlock icon in the address bar, which indicates a secure connection. Avoid entering sensitive information on websites without HTTPS.
Safer Internet Day serves as a reminder for individuals, businesses, and organizations to prioritize cybersecurity, protect personal information, and promote a culture of responsible online behavior.
++
Gopi Ramamoorthy, Head of Security and GRC at Symmetry Systems
For families, navigating the digital world and using technology safely has become more and more challenging in the last decade. Nearly all major organizations heavily depend on the internet and digital world to run their businesses and operations. As part of this digital transformation, these organizations collect large amounts of data from users and customers, including personally identifiable information (PII). With this knowledge, bad actors are trying to steal data from customers and individuals using various covert techniques.
For end users, internet security should start with a zero trust principle and least information sharing approach. The core and fundamental steps for end users on safe internet usage are selection of the right browser, and security hardening with appropriate browser security and privacy settings. Each browser provides security and privacy best practices and guidelines. The next step is to check the internal URLs and security settings for the domains. Users may give masked or altered information to certain sites, if the services provided by those sites do not depend on the information being collected.
I would recommend making use of online security awareness events organized by service organizations, schools and local agencies to learn more and ask questions. For protecting children online and education privacy, the regulations such as COPPA, FERPA and some of the state laws have statutes but, at the end of the day, it is left to the knowledge, awareness and practice of each individual on following the best practices when they are in the digital world.
++
Scott Gerlach, co-founder and CSO at StackHawk
Safer Internet Day is a great reminder that security is a team sport. Collaboration between the teams that monitor for suspicious activity and the teams responsible for building the applications we access daily, helps strengthen an organization’s security posture and fosters a foundation of trust and resilience against future security threats.
++
Max Gannon, Senior Cyber Threat Intelligence Analyst at Cofense
Every year, Safer Internet Day reminds us that online security isn’t just about individual vigilance - it’s a collective effort requiring strong internal defenses. With cyberattacks growing in frequency and complexity, integrating robust security practices across your entire organization is crucial. This includes prioritizing comprehensive email security awareness training for employees and empowering them to become active participants in safeguarding your system's data.
Email, which serves as the workhorse of communication, can be a dangerous gateway for malicious phishing threats that bypass Secure Email Gateways (SEGs). An estimated 40% of ransomware attacks start through email. By raising awareness and prioritizing email security education, employees can identify and report malicious threats, using simulations on current phishing attacks to gain insights into the tactics used against organizations. For every email reported, an average of 20 additional malicious emails are removed from inboxes. Creating a stronger employee reporting culture with a uniform base of knowledge helps protect entire organizations, creating a safer internet environment.
++
Jason Keenaghan, Director of Product Management at Thales
This Safer Internet Day, we should transfer the onus of security from the user to the digital platforms of the organizations they interact with. Now internet safety isn’t just about security, but also creating a security experience customers value. The 2024 Thales Digital Trust Index found that there is no longer an either/or – customers want both security and seamless interactions. They’re happy for data to be used, so long as they have control and visibility. Security is ultimately the point where friction can be introduced, but that no longer need be at the expense of usability and experience. The relationship between trust and user experience is the foundation of successful online interactions. The imperative for Safer Internet Day is clear: organizations must uphold an unwavering commitment to both data security and user experience to build a future where trust enables digital interactions.
++
Ofer Friedman, chief business development officer, AU10TIX
Let's be realistic; you can accomplish less and less by just being 'careful' about compromised identity. It's the dawn of GenAI. There's not much you can do. The tools available to commit highly persuasive identity fraud are already hard at work serving fraudsters. This is why you are advised to use service providers that offer the deepest defense and latest technologies to protect you.
++
Patrick Harding, Chief Product Architect, Ping Identity
The internet is a double-edged sword. It offers convenience, productivity, accessibility and worldwide scale, while criminals leverage it to launch cyber attacks on individuals and businesses alike, aimed at stealing personal information for financial gain. Safer Internet Day serves as a reminder to be vigilant about what and how digital identity data is shared, collected and stored, especially given the increasing prevalence of artificial intelligence (AI) tools.
The day also underscores the value of relying on authentication methods that provide more security and convenience – like passwordless and Multi-Factor Authentication (MFA) when accessing information online. In fact, 50% of consumers say MFA makes them feel better about the service they are using, and 65% would switch to a comparable brand if it offered passwordless authentication. It’s never been easier for businesses to meet consumer demands while making the internet a safer place.
++
Bhagwat Swaroop, President, Digital Solutions at Entrust
A Zero Trust mindset isn't just for professionals. The concept of "never trust, always verify" actually plays a key role in all digital interactions, regardless of whether or not they are professional or personal. Rather than waiting for a breach to occur, assume a bad actor is already in your system.
Bad actors are constantly seeking out our most sensitive information. This always-on approach keeps individuals vigilant. With the rapid rise of phishing attacks, it's important to question and verify the correspondence we receive, whether it be an email, voicemail or text message. These kinds of scams are becoming increasingly sophisticated, making it essential for all of us to stay up-to-date on the latest tactics.
This Safer Internet Day serves as a reminder, to ourselves and our loved ones, to be watchful and deploy security measures such as phishing-resistant multifactor authentication, more digital identity verification, like biometric identification, and passwordless login whenever possible to limit the impact of breaches and keep data safe.
++
Dan Benjamin, Sr. Director of Product Management, Prisma Cloud, Palo Alto Networks
Safer Internet Day is a reminder for organizations and consumers alike that while we continue to embrace and innovate with digital technology, it is not without maliciousness. The global reliance on the internet vastly expands the potential attack surface and as new technologies are embraced, attackers will always take the path of least resistance. Take the cloud for example, our entire lives from healthcare, financial and personal data are stored and shared in the cloud. If the organization’s that are responsible for this data do not put security as a top priority, a cyber attack is only a matter of time.
Safer Internet Day should be a time of reflection for organizations to understand their cyber resiliency and the evolving threat landscape.
++
Matt De Vincentis, VP of Marketing at Palo Alto Networks
Most organizations have an attack surface management problem, and they don’t even know it, because they lack full visibility of the various IT assets and owners. Safer Internet Day stresses the importance of having a complete understanding of all known and unknown internet-facing assets an organization has. Our 2023 Attack Surface Threat Report found that attackers are now moving at machine speed, with the ability to exploit known vulnerabilities within hours of disclosure. This problem is particularly evident today with the recent Ivanti vulnerabilities, which are affecting organizations across the globe. The key to addressing this problem is an attack surface management solution, that helps actively discover, learn about and respond to unknown risks in all connected systems and exposed services.
++
Arti Raman, CEO and founder Portal26 (She/Her)
Artificial intelligence is the proverbial genie released from its bottle. While Generative AI products like ChatGPT, CoPilot, and DALL-E offer tremendous power, these are free and publicly accessible platforms for anyone to use for any purpose - for good or malicious intent. And we are already seeing both sides of the story as people and companies adopt its usage.
In the Portal26 2023 State of Generative AI, two-thirds of surveyed companies admitted to a GenAI security or misuse incident within the last year, and 60% of these companies provided five hours or less of AI training annually.
From a business perspective, business leaders must begin adopting strategies for AI governance so they may proactively manage the risks associated. The next step is developing in-depth employee training on how to responsibly and ethically utilize these GenAI tools while being tuned into their company's security risks.
For the general public, it’s just as essential to begin teaching yourself what GenAI is, how it works, what the risks are, and how to identify nefarious attacks using GenAI. Cybercriminals are already finding ways to exploit AI by targeting your personal information, much of it gleaned from readily available sources of information like social channels. Understanding how to protect your and your family’s privacy is as important as learning how to take advantage of these powerful tools for improved personal productivity.
The best way for both companies and users to celebrate Safer Internet Day this year is by taking the time to understand modern threats posed by AI and implementing best practices to defend against them.
++
Deepika Gajaria, VP of GTM and Strategy, Securin
Computers and smartphones encapsulate our daily lives, and we depend on them to complete routine tasks. Our devices connect us to essential internet services and social aspects of our lives and because of that bad actors take advantage of people through malicious activities like bots, phishing, and data breaches. This Safer Internet Day, Securin proudly reaffirms its commitment to fostering a safer online experience.
Securin is dedicated to protecting enterprises by providing the latest intelligence on emerging threats, and right now, a prominent threat affecting many organizations are simple misconfigured internet management interfaces. Misconfigurations in network devices, cloud services, routers, and firewalls cause serious holes in the security of an organization’s attack surface and threat actors target these misconfigurations in most of their attacks. Community-wide efforts like Safer Internet Day are necessary to raise awareness of all digital threats and make us more secure, users and organizations alike.
++
Corey Nachreiner, Chief Security Officer, WatchGuard Technologies
Safer Internet Day is a great opportunity to reflect on and discuss what more we can do to ensure a safer internet experience for children and young people. Privacy considerations and other concerns related to AI are top of mind right now. With more AI tools and applications becoming publicly available and utilized by the masses, this year’s annual observance of Safer Internet Day is an opportune time to shine a light on AI technology risks and company practices that could improve children's safety online. Here are some high-level tips for children, parents, and educators:
- Take your privacy online seriously: Threat actors can exploit small, seemingly basic pieces of information you share online to nefariously build trust, hack one of your passwords or pretend to be you. Avoid sharing too much private information about yourself on sites that strangers can see.
- Know that it’s easy to pretend to be someone you are not online: Be skeptical when you meet anyone online and always validate their identity. Malicious actors can copy and use other peoples’ images on social media in an attempt to impersonate them (like with a fraudulent Facebook profile). AI technology can be used to make deepfake audio and video that closely mimics someone you know but isn’t really them.
- Never post things you wouldn’t want your grandma or a random stranger to see: Digital content posted online has the potential to live forever and spread virally, despite the perceived controls you think you have. Remember that it’s not difficult for others to make copies of the images or media that you share online and repost them elsewhere.
- Protect your online identity: Protect your online accounts by employing strong and long passwords and using two-factor or multi-factor authentication (2FA/MFA) to strengthen the authentication security. Don’t share your passwords or logins with anyone else, even your friends.
The best advice is this: If the details don’t add up or anything just feels off, it’s better to stay on the safe side to avoid falling victim to sneaky attacks and ensure a safer internet experience.
++
Nathan Vega, VP of Product Marketing & Strategy, Protegrity
We recognize Safer Internet Day this year by focusing on the data privacy problems that plague our customers. Businesses are on notice from regulators, industry associations, and consumers that privacy is no longer an option. 87% of consumers say they will not do business with a company if they have concerns about the business’s security practices. (Mckinsey). There is an adage in cybersecurity. You can have data security without privacy, but you cannot have privacy without data security. Organizations must embed strategic data security objectives into their business modernization plans to safeguard privacy, to reduce risk, and accelerate productivity.
Data privacy is an evolving landscape that requires businesses to be agile to changes by:
- Applying zero trust principles directly to data, not just the applications or systems that use it,
- Empowering administrators, developers, and data teams with the tools and knowledge to embed data security and privacy throughout your enterprise architecture,
- Embracing privacy-enhancing technologies that accelerate innovation initiatives that thrive on personal data like AI/ML, analytics, and business intelligence.
As the internet and technology continuously evolve, it is paramount that organizations take steps to protect organizational, customer, and employee data, but that doesn’t mean locking down data. Applying the right privacy tactics to meet your business objectives will offer competitive benefits, from building employee and customer trust to reducing data siloes.
++
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea
February 6th is Safer Internet Day, celebrated each year to raise awareness of emerging online issues and concerns, from cyberbullying to social networks misinformation, and even online digital security. In today's digital society, we are heavily dependent on the Internet and technologies for daily activity. And as technologies continue to evolve, so do the potential online dangers.
Artificial intelligence and machine learning are beginning to play a more prominent role in our daily lives, and this is only increasing. It can be difficult to understand these emerging threats and how to stay safe online. My advice is simply to never be afraid to ask for advice, speak up or ask questions. It can be difficult to determine the difference between a real person online and an AI persona - if you see something suspicious, ask the experts for help or advice. In your digital social spheres, it's always great to have a cyber-mentor who is your go-to person for advice and to be aware of the cyber help lines in your communities as well. In this age of emerging technologies and evolving online threats, let's make the internet a safer place for everyone and never be afraid to ask for advice.
##