Canadians don’t know enough about the technology they rely upon every day and may be accidentally exposing themselves and the country’s infrastructure to unnecessary cyber risks, the Conference Board of Canada said Wednesday.
Internet users across the country know much more about the technology they depend upon than they do about the serious consequences that can stem from misuse of the systems that have become a key part of everyday life, the think tank said in a newly published report.
That knowledge gap needs to be closed in order to protect individuals, organizations and governments from cybercrime, it said.
John Neily, the board’s director of national security and public safety, said people often use email, social media and other Internet-based applications without taking time to consider the dangers they may encounter from viruses, hackers or scam artists, he said.
“The risks that are involved in using the digital technologies, we’re actually somewhat ignorant of those,” Neily said in a telephone interview. “They actually exacerbate our own digital vulnerability, and we can accidentally… endanger the security of others.”
People lack basic knowledge in three key areas — the scope of the cyber threats that exist, the way digital technologies are used to inflict harm and the role humans play in the process, the report said.
Canadians are inclined to focus on viruses or cyber-attacks that affect them individually, but fail to realize the online actions could impact the corporations they work for or even the governments of their home country, the report said.
People still engage in risky online behaviour, such as downloading suspicious attachments from dubious emails, Neily said.
Those simple clicks could spread destructive software throughout a technology infrastructure and cause untold accidental harm, he said.
The rapid pace of technological evolution also poses a problem, he added, as people struggle to keep up with new programs on the market. The safeguards put in place today may no longer be effective a few weeks later.
The fact that most technology is relatively easy to learn only adds to the problem, he said.
“You don’t need to have a certain level of knowledge in order to work with technology,” he said.
“Anyone can use it. As a result, that in and of itself can allow a person to get into areas that are otherwise difficult to manage.”
The human element cannot be underestimated, Neily said. Some of the most aggressive threats are delivered through less than modern channels such as a con artist tricking a victim into providing a password over the phone or a thief rifling through the garbage to obtain personal information.
“These are old-age tricks that have been around for years, and they still work very successfully because we just tend to focus on the technology and forget about human behaviour,” he said.
People can also cause harm inadvertently when they use social media to spread false news reports or help propagate deliberate hoaxes, he said.
The widespread ignorance of cyber threats extends well up the chain of command at most companies and government institutions, said Neily. The knowledge gap ensures people in a position to take protective steps often fail to act as decisively as they should, he added.
Canadian government agencies fell victim to cybercrime earlier this year when hackers infiltrated the Treasury Board and the Department of Finance. Officials were forced to limit Internet access for employees in both departments while they cleaned up after the attack, which was launched through emails containing malicious links.
_ By Michelle McQuigge in Toronto