“Encryption and privacy is not the same thing,” said Nick Savvides, Symantec APAC cybersecurity strategy manager.
Encryption is a privacy “enhancing tool”, Savvides went on to explain, while privacy is more about handling what information is collected, how the collected information is handled, and what other data can be derived from it. The two are often confused because they are related: Encryption is used to maintain privacy.
Savvides said that unfortunately most websites do not use encryption, highlighting the company’s most recent Internet Threat Security Report, which revealed that 97 percent of active websites do not have any basic security and 75 percent have unpatched vulnerabilities, with 16 percent of those being critical.
Meanwhile, the remaining 3 percent of active websites with security are banks and corporate businesses, according to Savvides.
He said the IT security community often blames “lazy” users for the lack of encryption. However, he said the real hindrance is the complexity that is involved with encryption, and it’s often something that users expect to be provided with.
“They don’t do [encryption] because it’s hard; they only do it when they absolutely have to,” he said.
He pointed out that iMessage, Apple’s built-in instant messaging service, and more recently mobile messaging app Whatsapp, are two examples of where end-to-end encryption is provided, and not something that users have to actively go seek.
In turn, the security company has extended its partnership program, Encryption Everywhere to Australia, which is already live in North America and Europe. The program falls under Symantec’s goal to achieve 100 percent encryption for all websites globally by 2018.
Under the Encryption Everywhere program, Symantec has initially partnered with WHMCS and cPanel to hand out domain-validated TLS/SSL certificates for free, before taking a multi-tier paid model approach.
“We’d like to see broader base encryption utilised across the world, across the internet. Whether it’s ours or somebody else’s, we’d like to see it adopted because it will make the internet a safer place, free from prying eyes,” Savvides said.
Survey findings from Norton by Symantec released on Tuesday indicated that online threats will not be slowing, particularly with the proliferation of the Internet of Things.
The survey showed that while almost two thirds of Australians use at least one mobile app to manage their finances or control other connected devices, 66 percent do not have security software on their smartphones, and 33 percent choose not to have a password or PIN on these devices.
Despite this, 61 percent of Australians admitted that they would be upset if their financial information was compromised.
According to Mark Gorrie, Norton by Symantec APAC director, as the smartphone becomes a central control hub and a “gateway” to other devices, the onus is on both the vendor and the user to ensure security is top of mind. Gorrie, however, pointed out that historically, vendors have always seen security as an afterthought, but indicated that it has improved more recently.
“Vendors should be taking seriously because it is such a big issue. We see the threats just keep growing every year, and just won’t give up because it’s a profitable business for a lot of people. There is definitely a responsibility security should rank highly on the devices vendors are releasing, but equally people have to be proactive to help themselves,” he said.
Even though WhatsApp promises end-to-end encryption on all of its chats, and Telegram offers end-to-end encryption on secret chats, the truth is that messages on these platforms can still be hacked. The reason is because the messaging apps still rely on phone networks that use Signalling System No. 7, better known as SS7.