Cybersecurity: Users, other groups must work together

Individual Internet users, businesses, the government, and tech vendors all need to focus more on cybersecurity and be aware of the dangers, a group of cybersecurity experts said Thursday.

The Internet is vulnerable at multiple levels, and each of those groups play a part in protecting cyberspace, said Steve DelBianco, executive director of NetChoice, an e-commerce trade group.

[ Don't be a dupe! Read our tips on how not to be taken in by social engineering. ]

NetChoice, in a report released Thursday, focused much of its attention on user behavior, saying that Internet users need to be better educated about types of social-engineering attacks. Last week, the U.S. Federal Trade Commission issued a warning about new phishing e-mail scams that identify the sender as a bank or mortgage lender that has taken over the e-mail recipient's account. The e-mails ask the recipients to click a link to confirm personal information, but the link takes them to a site harvesting personal information, not to a real financial institution.

This attack can look credible, given the number of bank and mortgage lender failures in the U.S. right now, DelBianco said. "The bad guys are clever, and they're getting badder," he said during a cybersecurity event in Washington, D.C.

NetChoice's report, "Hardening the Security Stack," described potential vulnerabilites directed at user behavior and the DNS, two layers of the so-called Internet stack identified by the group. It would be "phenomenally expensive" to implement proactive, tech-based security at every layer of the stack, which also includes operating systems, software and internal network services.

"Responsibility for cybersecurity lives at all layers of the security stack, not in any one layer," said the report, co-authored by DelBianco. "Simply put, there is no silver bullet."

The report calls on tech vendors to implement multifaceted security programs, including user education, as well as hardened software and equipment upgrades aimed at security. Government agencies can test new technologies and ensure that businesses use proper safeguards, the report said. The government also needs to maintain high standards for its tech vendors, the report added.

Ken Silva, senior vice president and chief technology officer at .com and .net registry operator VeriSign, agreed with the NetChoice report, but he called on individual computer users to be vigilant about cybersecurity. Individual users are often the target and often the cause of many cybersecurity problems, he said.

"Anyone who wants your money will find very creative ways to get it, legitimate or not," he said. "Most security vulnerabilities rest between the keyboard and the back of the chair."

The U.S. could make significant progress in fighting cybercrime if Internet users were more wary of phishing and other scams, if individuals and businesses changed static passwords, and if laptops included several layers of protection against data theft when they were lost and stolen, Silva said.