Norton's Cyber Security Insight Report for 2016

Norton’s Cyber Security Insight Report for 2016 (link to a downloadable pdf).

Some of the figures, if they are correct, are a little concerning. It suggests 26% of Australia’s population has been affected in some way by cyber crime…including Credit card fraud: 19%, Account password compromised: 15%, Email hacked: 14%.

5 Likes

… that’s what I was thinking as well, given it is a report from a company identifying ‘the illness’ when they sell ‘the cure’.

There’s a more wordy 2017 report - https://www.symantec.com/content/dam/symantec/docs/about/2017-ncsir-global-results-en.pdf - in which they say:

About the 2017 Norton Cyber Security Insights Report
The Norton Cyber Security Insights Report is an online survey of 21,549 individuals ages 18+ across
20 markets, commissioned by Norton by Symantec and produced by research firm Reputation
Leaders. The margin of error for the total sample is +/-.7%. Data was collected Oct. 5 – Oct. 24,
2017 by Reputation Leaders.

Maybe I’m just cynical, and I’m not a statistician by any means, but I’m suspicious of anything that claims to be representative of the experience of nearly a billion people in 20 countries based on an online survey of under 22000 people … looks like it, feels like it, smells like it - probably is it …

It also leaves a bad smell when a report specific to the Australian market quotes values in US$ … but I’m just being picky now :slight_smile:

I couldn’t see a localised summary for 2017 corresponding to the original post - there were a couple covering US, Canada and the UK but I guess the others are still in the oven … cooking …

1 Like

Yes statistics. It is worth noting that opinion polls are based on sample size as small as 1000 persons…these usually have an error of about +/-2%. If they sampled more, the error would be less and the result would still he within the original +/- 2 percent band.

If they sampled 21500 over 20 countries, then it could be similar to an opinion poll which is often used as the media as an accurate measure for current political environment.

So, maybe the sample size is okay!

BUT, online surveys, unless done randomly and have a representive population sample (age, sex, socioeconomic background etc), are notorious for having potential for bias. This is due to those who may be interested in the topic of the survey only answering the call for its ompletion. For example, those who have been impacted by cybercrime may be more likely to complete a survey on cybercrime.

Also if a voluntary survey, interest groups have been known to circulate links to survey to its contacts/members which results in one group with a particular view increasing the weighting their the views in the final result. This occurs particularly if the survey is about an emotive or decisive issues.

If Norton/Symantec used independent survey company to run the survey, then one could argue that the results are valid.

Some of the results make sense like password compromises, as there have been alot of major companies who have had such information ‘stolen’. Sony, Yahoo etc come to mind and it is likely that 15% of the population (about 1 in 6) has an account with at least one of these compromised online accounts.

I also know of a few people that have been subject to credit cardit fraud, but it wouldn’t be about 1 in 5 each year…possibly 1 in 5 in total over all years. Maybe I circulate in more conservative groups which use credit cards inline less often?..or are less likely to admit to their friends that they have been targeted.

Maybe the 2017 Australian report eill be released this time next year. This (2016) one appears to have been released recently as there was a pop-up notification earlier today when using the desktop pc.

2 Likes

Given the lack of information on how the survey was conducted, I would suggest a healthy dose of cynicism.

Perhaps it’s one of those surveys where a site’s (Symantec/Norton) users are asked if they are willing click through to do a survey done by an independent body? I have done quite a few of these for various organisations. If so, projections to the whole of the population are meaningless due to the lack of randomness of the people visiting the host site. That is, the chances are people are visiting Symantec/Norton because they have had, or are worried about the possibility of cybercrime.

They could easily have 22K respondents, but due to the lack of disclosure of the methodology, I urge significant caution as to the validity of the findings. That is, until shown to be validly conducted, the results of this survey must be deemed meaningless.

3 Likes

Here here. I do also thank @phb for posting though, and at the time question was also raised in that original post - a worthy point for discussion because we know the issues are real, but we also know the article comes from a (very) interested party, so somewhere betwixt is the truth :slight_smile:

2 Likes

Obvious question: what proportion of Australians has or has had a Yahoo account that was in operation in 2013? Given that Yahoo has now admitted that all of its three billion accounts have been compromised, I would suspect that could easily account for this figure by itself.

Ignoring people with more than one Yahoo account, one could go with:

  • World population seven billion
  • Three billion accounts hacked = 43% > 26%.

Alternatively, Symantec knows what proportion of Australians use its products. Using Kaspersky’s links with Russian intelligence as a guide, it may well be that Symantec is similarly linked to the US government and therefore every user of the product in Australia is having their data sent to the NSA for analysis.

I should note that while I have had this thought myself, a US security podcaster - in discussing Symantec - wondered why any other country would trust Microsoft or Apple. In short, it is quite possible that your computer is compromised even before you accept delivery.

The same security podcast recommends against using anti-virus software, as it creates another attack vector for malware. That said, it is targeted at IT professionals who are very aware of the threats that are ‘out there’, use other mitigation tools, and have a strong understanding of how they might get infected.

1 Like

I find the attacks on Kaspersky to be just short of black humour. This story is both informative and in another way amusing. One of the ‘problems’ with Kaspersky is apparently that it finds NSA malware. Terrible, that! Years ago I met with a company that worked for ‘the government’ and learned nothing high tech left the US without proper ‘vetting.’ Those were the times of COCOM where the US kept tight reigns on a range of technologies and products.

The differences between any national interest are probably in what each of us grew up to accept as the ‘good guy’, the ‘bad guy’, and how adept each is at manipulating public opinion.

A few months old, but a decent read.

One problem with the combativeness amongst nation states and controlling complex technologies is that there are very smart people everywhere who have a range of values, not always aligned to the west or to capitalism or to secular precepts.

The US spent many years with an attitude of ‘we do it so well you should not do it, just buy it from us’ but at the same time were also very selective in who could get ‘it’. Fast forward and the US is no longer unique in its ability to develop and deploy high tech and ‘smart people’ in many countries have been let out of their proverbial closets. Here we are with ‘smart people’ competing against each other with their diverse value systems on what and who is the ‘good guy’ and ‘bad guy’, and one side appears to have put partisan politics above everything else including national interests. ‘Open kimono’ provides the general public with insights of inner workings that many will find unsettling and their response may be entertaining times.

As consumers the probability is that there are no ‘good guys’, just ‘self serving guys’ doing their best in different degrees, who have to coexist with multiple governments, and which of them is 100% trustworthy? I know my answer, and I do not need any fingers to count them. Open source would be the closest because anyone can see how it works, as well as plan ways to circumvent how it works unless ‘Operating Systems 101’ comes back into vogue - rule 0: protect yourself from the user and do not progress to rule 1 if you cannot assure that.