IGF 2023 Lightning Talk #103 Strengthening Cybersecurity for a Resilient Digital Society

    Time
    Wednesday, 11th October, 2023 (03:10 UTC) - Wednesday, 11th October, 2023 (03:30 UTC)
    Room
    SC – Room H
    Subtheme

    Cybersecurity, Cybercrime & Online Safety
    Cyberattacks, Cyberconflicts and International Security
    New Technologies and Risks to Online Security

    Rakuten Group Inc.
    Feren Calderwood, Rakuten Group Inc. YuehTing Chen, Rakuten Group Inc. Clara Fecke, Rakuten Group Inc.

    Speakers

    Feren Calderwood, Rakuten Group Inc. Clara Fecke, Rakuten Group Inc. YuehTing Chen, Rakuten Group Inc.

    Onsite Moderator

    Feren Calderwood

    Online Moderator

    Feren Calderwood

    Rapporteur

    Feren Calderwood

    SDGs

    9.1
    17.16
    17.8

    Targets: As cyber threats are increasing globally, so is their threat to countries being able to develop a sustainable and resilient infrastructure (SDG 9.1). The risks from these threats if realized, have the potential of disrupting the ability to fully operationalize technology and innovation capacity building (SDG 17.8). The proposed mitigation is through multi-stakeholder partnerships (SDG 17.16) and to ensure that cyber security and privacy awareness are included in the global knowledge sharing to ensure the achievement of the SDGs in all countries.

    Format

    Presentation including engagement with the audience through an online digital platform.

    Duration (minutes)
    20
    Language

    English

    Description

    Cyber security and privacy awareness among smartphone users are becoming critical challenges as societies undergo digital transformation. Humans are always the weakest link in the cyber security chain in any country. With the increase of cyber-attacks and their diversification, so is the threat to the growth of the digital economy in both developed and developing countries and thus also a threat to SDG 9.1 ‘Develop quality, reliable, sustainable and resilient infrastructure, including regional and transborder infrastructure, to support economic development and human well-being, with a focus on affordable and equitable access for all.’ The vulnerability of developing countries is also higher due to the limited resources they have to address all the aspects of cyber security and privacy. What are the top security and privacy risks for smartphone users? What user behaviours and practices are needed for a sustainable and resilient digital society? What kind of partnerships are needed between governments, the mobile industry, the e-commerce and education sectors, and consumers to support e-society and the growth of the global digital economy? Participation from the audience is strongly encouraged. The audience will be asked to participate and after the presentation in the Q&A part, they will have time to interact with the presenters and share regional and local insights.

    Key Takeaways (* deadline 2 hours after session)

    Takeaway: 1) Provide easy and understandable ways for smartphone users to practice secure behaviours. 2) Provide education and awareness for smartphone users to enhance their privacy and security practices.

    Call to Action (* deadline 2 hours after session)

    1) To support a resilient digital society, a public-private partnership is suggested. Through policy and providing technical controls with good UX to make it easy to practice secure smartphone behaviours on people’s devices that will mitigate the increase in threats. 2) • To support citizens of a digital society, a multi-stakeholder partnership between government, business, academia and civil society is suggested.

    Session Report (* deadline 26 October) - click on the ? symbol for instructions

    In the lightning talk “Strengthening Cybersecurity for a Resilient Digital Society – Opportunities to Increase Smartphone Privacy and Security”, focusing on SDGs 9 & 17, we presented: 

    • Smartphone’s Role in a Digital Society 

    • Smartphone Privacy Risks 

    • The Evolving Smartphone Cyber Threat Landscape 

    • Promoting Safer Behaviours and Practices for a Cyber Resilient Society 

    The audience was asked to reflect on what they think is the most significant risk of using a smartphone at the beginning of the presentation. The increased global presence of smartphones is based on the information from Statista (2023), with 6.5 billion smartphone users, representing 68% of people worldwide having a smartphone. Smartphone usage has also changed, with 80 apps per user on average (DataProt, 2023); 6 out of 10 smartphone users choose finance apps over websites (Google, 2016), and 73% of online shopping comes from smartphone devices (DemandSage, 2023). The total mobile industry economic contribution currently contributes $5.2 trillion to global GDP (GSMA, 2023). 

    So smartphones bring many benefits, from enabling citizens in mobile-first countries to other places to offering 24/7 connectivity as a versatile all-in-one product. The benefits range from increased access and efficiency, reducing the necessity to travel, enabling commerce, payment, learning and photography

    At the same time, if we look at the threat landscape based on data from 2022, we can see that it is rising with cyber criminals starting to focus on mobile devices, malware for smartphones being everywhere, including advanced malware that may be used to target specific valuable individuals, an increase in vulnerable mobile devices that lead to security incidents and mis-configurations of app. back-ends that expose users personal data.

    The risks to smartphone users include data breach, data leakage, identity theft, device loss, privacy violation and surveillance. Based on a report from the US (Lookout, 2014), the consequences of phone theft led to 12% experiencing fraudulent charges to their account, 9% having their identity stolen, 47% reporting a loss of time and productivity, and 10% reporting a loss of confidential company data.

    Thus, digital societies must build resiliency by raising cybersecurity and privacy practices. 

    To fully understand the importance of why, we asked the audience to consider privacy risks, explaining how apps may collect personal data and connect it to individual behaviours and how often users may not know what data is leaving their devices even when it is not done maliciously.

    We shared information about the evolving smartphone cyber threat landscape, showing that both the ratio of exposed mobile devices and the ratio of successful attacks have increased in recent years. This is worrying, considering all the possible vulnerable data assets stored on smartphones (passwords and other credentials, location history, sensitive documents, personal medical information, communication with assistant apps, and phone call history). 

    We shared an example of how a smartphone cyber-attack can be conducted using smishing and malware, as in the case of the SpyNote campaign. The phishing attack was done through mobile text messaging or email with a malicious URL to a malware file. Once the user downloads and installs the file, their device will be infected, and the attacker can explore or steal data or even control the whole device.

    We propose a multi-stakeholder partnership approach to promote safer smartphone behaviours and practices. Governments and industry can support this by ensuring that devices come with technical controls that are easy to understand and use by smartphone users. A multi-stakeholder partnership between the education sector, industry and civil society can support increasing formal education and awareness and influence society to gain safer security and privacy behaviours and practices.

    While creating safety measures for a smartphone and digital society may be more complex, we must start. Governments can mandate the industry and education systems to play an active role in building a digital community. The mobile industry (manufacturers and network providers) can further promote their brand value by developing and providing easy privacy and security functionality and education.

    In summary, we can mitigate the many smartphone threats by using a multi-stakeholder partnership and partnering for the goals (SDG 17). This will allow us to protect the development of a sustainable and resilient digital infrastructure globally (SDG 9). There was active engagement during the presentation and the audience provided thought-provoking questions during the Q&A session which truly enriched the discussion. The diverse perspectives and regional insights that were shared were invaluable, and we are thankful for everyone’s contributions. As we move forward, we hope that these discussions and insights will be brought into our daily lives and that we can work together to make the digital world a safer and more secure place for all. 

     

    References: 

    DataProt https://dataprot.net/statistics/how-many-apps-does-the-average-person-have/  

    DemandSage https://transition.fcc.gov/cgb/events/Lookout-phone-theft-in-america.pdf  

    Google https://www.thinkwithgoogle.com/marketing-strategies/app-and-mobile/finance-app-user-statistics/  

    GSMA https://www.gsma.com/mobileeconomy/wp-content/uploads/2023/03/270223-The-Mobile-Economy-2023.pdf  

    Lookout https://transition.fcc.gov/cgb/events/Lookout-phone-theft-in-america.pdf  

    Statista https://www.statista.com/forecasts/1143723/smartphone-users-in-the-world