Students and Cybercrime

At the height of an economic recession when computer security is high on the agenda the last thing we should do is to forget the future. To ensure we can address future cybercrime, now is the time to educate the next generation of computer professionals into the ways of the cyber world.

Margaret Ross, Geoff Staples, and Mark Udall of the Faculty of Technology, at Southampton Solent University, in the UK, emphasize this point in a paper in the current issue of IJESDF (see footnote for reference).

The UK team has now surveyed computing students on the potential risks of social networking and other relevant issues to get a general feel for knowledge and awareness. They asked students from undergraduates to Master students, none of whom are cybercrime or security specialists various pertinent questions and then assessed the responses in terms of what we should be teaching current students to equip them with the necessary knowledge for those headed for careers in business information systems, software development, networking, and other areas of computing.

Computing students are often made aware of the different risks, and ways to minimize these risks, associated with cybercrime. But, web-based identity theft is on the increase to the tune of billions of dollars worldwide and electronically hijacked computers, zombies, are allowing cybercriminals to operate vast bot-nets across the internet almost unimpeded. So, presumably something is lacking in education somewhere along the chain.

The survey of Southampton Solent University’s computer students focused on various aspects of computer use including involvement with social networking sites such as Facebook. The results were rather telling in this area. The majority agreed that there were risks associated with declaring too much personal data, on such sites, the researchers revealed, and potential cyber-stalking was a concern for some. However, less than half of the students surveyed thought they were personally at risk but the pages of their friends were riskier than their own.

Social networking sites really do pose a cybercrime risk. With just your name, birthday and a few personal facts gleaned from such a site someone could impersonate you, dupe an employee at a bank, gain additional info and eventually build up quite an identity – in your name.

Ultimately, such a scam would allow them to wheedle their way into your bank account. They might take months building up such a profile before you realize what has happened and then it might be too late. There’s no need for a cybercriminal to scavenge the contents of your trash left out for collection when we all give so much personal information away online. Thankfully, educators have latched on to this problem and are now beginning to teach computer students about such issues.

But, again and again, people are duped by scammers preying on the individual’s self-serving needs and greed, as in the highlighted case of a company that inserted unsolicited freebie USB sticks from an unknown company offering the chance to attend a corporate party?would you?

“It is necessary to raise awareness of cybercrime and to minimize its effect by ensuring that all computing students have a wide and current knowledge. It is then hoped that this will ensure that not only the students but also their friends, relatives and future employers would also gain from this knowledge. It is hoped that this should help them to protect their computer systems from future cyber attacks,” the researchers conclude.

Margaret Ross, Geoff Staples, & Mark Udall (2009). Cybercrime – raising awareness for future professionals Int. J. Electronic Security and Digital Forensics, 2 (2), 228-238