![]() ![]() ![]() ![]() ![]() ![]() |
|||
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
|||
![]() |
|
| House of Representatives Standing Committee on Communications
Navigation: Previous Page | Contents | Next Page Chapter 4 Community Awareness and VulnerabilityIntroduction4.1 This chapter discusses the current level of e-security awareness among Australian home users and small businesses. The evidence demonstrates a considerable inconsistency between levels of awareness of e-security threats and actual online behaviour, indicating that home users and small businesses remain highly vulnerable to a range of cyber crime types. Levels of Awareness and Uptake of E-security Measures4.2 As mentioned previously in this report, there is a wide variety of inconsistent and often incomparable information on the level of cyber crime activity due to varying definitions of cyber crime, fragmented intelligence gathering and the under reporting of cyber crime by victims.[1] 4.3 These data collection issues have also given rise to a number of conflicting statistics on the level of cyber crime awareness in the Australian community. While some sources indicate that the level of awareness is high, other sources show that this does not necessarily translate into better online practices. 4.4 Evidence to the Committee supports the notion that home users have some awareness of cyber security risks:
4.5 The evidence also suggested that Australian small businesses possess some understanding of cyber security issues:
4.6 However, a range of other evidence indicated that Australian home users and small businesses still take insufficient precautions against cyber crime.[10] This evidence includes, for example:
4.7 The level of cyber crime in Australia demonstrates that end users are not heeding advice on e-security threats. For example, while the Australian banking industry said that customers are highly aware of the threat posed by phishing emails,[16] a 2007 ABS survey estimated that, in the twelve months prior to the survey, 30,400 Australians were the victim of online phishing scams.[17] 4.8 Similarly, despite an apparent awareness of the threats posed by identity theft and fraud, the ABS survey estimated that 76,000 Australians were victims of online credit card or bank card fraud in the year preceding the survey.[18] 4.9 Even where end users do take sufficient technical precautions, they may still fall victim to online scams due to emotional vulnerabilities. For example, the ACCC informed the Committee of an increasing number of dating or romance scams.[19] Additionally, the 2006 ABS survey indicated that at least 31,700 Australians were the victims of online scams in the twelve months prior to the survey.[20] 4.10 The continued impact of romance scams provides a particularly good example of how knowledge of cyber crime risks is not necessarily translating into protective actions. The Queensland Police Service (QPS) informed the Committee that, in the case of romance scams, 76 per cent of victims who lost large amounts of money continued to willingly participate in such scams despite being notified by the QPS that they were being victimised.[21] Similarly, Mr Peter Shenwun, Consular Minister, Nigerian High Commission in Australia, told the Committee that many victims of advance-fee fraud originating out of Nigeria seek to continue contact with scammers, despite being advised not to by Nigerian authorities.[22] 4.11 AusCERT argued that the range of seemingly inconsistent evidence indicates that home users may hold misconceptions about the level of protection provided by their security measures. AusCERT’s Home Users Computer Security Survey 2008 found that:
4.12 The Tasmanian Government stated that although there appears to be a general awareness in the community of the need for some level of protection, most home users and SMEs do not have adequate security.[24] 4.13 The Australian Computer Society argued that Australians seem to be aware of, and are taking precautions against, old cyber crime threats but are not aware of, or taking steps against, new and emerging cyber crime threats.[25] For example, while users may be installing anti-virus software to combat some e-security risks, QPS informed the Committee that they observed a 1,000 per cent increase in the incidence of romance scams between 2006 and 2009.[26] Issues that contribute to low levels of awareness4.14 The Committee received evidence on a number of factors that contribute to the low level of awareness of cyber crime threats among Australia home users and small businesses:
4.15 These issues, and proposals to deal with them, are examined more thoroughly in the following chapters. Committee View4.16 The Committee considers that the level of awareness of cyber crime threats among Australian home users and small businesses is insufficient to ensure their safety online. 4.17 The Committee is of the view that the vulnerability of Australian home users and small businesses presents a risk to all sections of the Australian community. The insufficient uptake of simple e-security measures means that home users and small businesses will continue to be victimised by cyber criminals. This has direct financial and emotional impacts on the victims themselves, and exposes other sections of Australia’s ICT systems to attack, including areas of government. 4.18 Community education and awareness raising is part of the Australian Government’s Cyber Security Strategy. The adequacy of Australia’s current initiatives is examined in Chapter 10. |