Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users

Smart mobile devices are a potential attack vector for cyber criminal activities. Two hundred and fifty smart mobile device owners from the University of South Australia were surveyed. Not surprisingly, it was found that smart mobile device users in the survey generally underestimated the value that their collective identities have to criminals and how these can be sold. For example, participants who reported jail-breaking/rooting their devices were also more likely to exhibit risky behaviour (e.g. downloading and installing applications from unknown providers), and the participants generally had no idea of the value of their collective identities to criminals which can be sold to the highest bidder. In general, the participants did not understand the risks and may not have perceived cyber crime to be a real threat. Findings from the survey and the escalating complexities of the end-user mobile and online environment underscore the need for regular ongoing training programs for basic online security and the promotion of a culture of security among smart mobile device users. For example, targeted education and awareness programmes could be developed to inform or educate smart mobile device users and correct misconceptions or myths in order to bring about changes in attitudes and usage behaviour (e.g. not taking preventative measures such as strong passwords to protect their devices). Such initiatives would enable all end users (including senior University management who use such devices to access privileged corporate data and accounts) to maintain current knowledge of the latest cyber crime activities and the best cyber security protection measures available.

[1]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[2]  K. Raza Juniper Networks , 2009 .

[3]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  Kim-Kwang Raymond Choo New payment methods: A review of 2010-2012 FATF mutual evaluation reports , 2013, Comput. Secur..

[5]  Ian Oakley,et al.  Open Sesame: Design Guidelines for Invisible Passwords , 2012, Computer.

[6]  Audrey Guinchard,et al.  Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy , 2011 .

[7]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[8]  Raheem A. Beyah,et al.  Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions , 2011, IEEE Security & Privacy.

[9]  M. Felson,et al.  Crime and Everyday Life , 1998 .

[10]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[11]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[12]  Kim-Kwang Raymond Choo,et al.  Cybercrime and Online Safety in Cyberspace , 2009 .

[13]  Kim-Kwang Raymond Choo,et al.  Enhancing User Privacy on Android Mobile Devices via Permissions Removal , 2014, 2014 47th Hawaii International Conference on System Sciences.

[14]  Enterprise Readiness of Consumer Mobile Platforms , 2012 .

[15]  Kim-Kwang Raymond Choo,et al.  Information security in the South Australian real estate industry: A study of 40 real estate organisations , 2014, Inf. Manag. Comput. Secur..

[16]  Alfredo De Santis,et al.  Do You Trust Your Phone? , 2009, EC-Web.

[17]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[18]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[19]  Kim-Kwang Raymond Choo A Conceptual Interdisciplinary Plug-and-Play Cyber Security Framework , 2014 .

[20]  M. Yar The Novelty of ‘Cybercrime’ , 2005 .

[21]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[22]  Charles Ohaya Managing phishing threats in an organization , 2006, InfoSecCD '06.

[23]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[24]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[25]  Kim-Kwang Raymond Choo Cyber threat landscape faced by financial and insurance industry , 2011 .

[26]  Gary McGraw,et al.  Interview: Software Security in the Real World , 2010, Computer.

[27]  Kim-Kwang Raymond Choo,et al.  Mobile device forensics: a snapshot , 2013 .

[28]  Pern Hui Chia,et al.  Is this app safe?: a large scale study on application permissions and risk signals , 2012, WWW.