​Symantec warns encryption and privacy are not the same

"Encryption and privacy is not the same thing," said Nick Savvides, Symantec APAC cybersecurity strategy manager.

Encryption is a privacy "enhancing tool", Savvides went on to explain, while privacy is more about handling what information is collected, how the collected information is handled, and what other data can be derived from it. The two are often confused because they are related: Encryption is used to maintain privacy.

Savvides said that unfortunately most websites do not use encryption, highlighting the company's most recent Internet Threat Security Report, which revealed that 97 percent of active websites do not have any basic security and 75 percent have unpatched vulnerabilities, with 16 percent of those being critical.

Meanwhile, the remaining 3 percent of active websites with security are banks and corporate businesses, according to Savvides.

He said the IT security community often blames "lazy" users for the lack of encryption. However, he said the real hindrance is the complexity that is involved with encryption, and it's often something that users expect to be provided with.

"They don't do [encryption] because it's hard; they only do it when they absolutely have to," he said.

He pointed out that iMessage, Apple's built-in instant messaging service, and more recently mobile messaging app Whatsapp, are two examples of where end-to-end encryption is provided, and not something that users have to actively go seek.

In turn, the security company has extended its partnership program, Encryption Everywhere to Australia, which is already live in North America and Europe. The program falls under Symantec's goal to achieve 100 percent encryption for all websites globally by 2018.

Under the Encryption Everywhere program, Symantec has initially partnered with WHMCS and cPanel to hand out domain-validated TLS/SSL certificates for free, before taking a multi-tier paid model approach.

"We'd like to see broader base encryption utilised across the world, across the internet. Whether it's ours or somebody else's, we'd like to see it adopted because it will make the internet a safer place, free from prying eyes," Savvides said.

Survey findings from Norton by Symantec released on Tuesday indicated that online threats will not be slowing, particularly with the proliferation of the Internet of Things.

The survey showed that while almost two thirds of Australians use at least one mobile app to manage their finances or control other connected devices, 66 percent do not have security software on their smartphones, and 33 percent choose not to have a password or PIN on these devices.

Despite this, 61 percent of Australians admitted that they would be upset if their financial information was compromised.

According to Mark Gorrie, Norton by Symantec APAC director, as the smartphone becomes a central control hub and a "gateway" to other devices, the onus is on both the vendor and the user to ensure security is top of mind. Gorrie, however, pointed out that historically, vendors have always seen security as an afterthought, but indicated that it has improved more recently.

"Vendors should be taking seriously because it is such a big issue. We see the threats just keep growing every year, and just won't give up because it's a profitable business for a lot of people. There is definitely a responsibility security should rank highly on the devices vendors are releasing, but equally people have to be proactive to help themselves," he said.

相关推荐

Paris attacks reignite debate over encryption,surveillance and privacy

WASHINGTON — Friday's terrorist attacks in Paris have revived the debate over whether U.S. tech companies should be required to build "backdoors" into encrypted phones, apps and Internet sites to let law enforcement conduct surveillance of suspected terrorists. There has been widespread speculation among law enforcement authorities and the media that the Islamic State terrorists ...

National Encryption Policy: Not just privacy, but also feasibility and security are at risk

Encryption is an important aspect which governs not just the communications but also the storage. When data is in motion there are some methods/ protocols which facilitate end-to-end encryption: 1. VPN 2. Remote Server Connectivity viz. RDP, SSH 3. Internet based Voice/ Messaging Communications 4. email communication 5. Communications between Wearables and their Host devices ...

Jeb Bush: encryption makes it too hard to catch "evildoers"

Bush, the former governor of Florida, said Tuesday that encryption "makes it harder for the American government to do its job." That job would be, according to Bush, "making sure that evildoers aren't in our midst," echoing a phrase frequently used by his brother President George W. Bush to describe the threat of radical Islamic ...

It is difficult for the FBI to crack most smartphone encryption

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers. Wray will testify at the House Judiciary Committee ...