Attack and defender landscape When asking people about their

Attack and defender landscape

When asking people about their opinion on whether more cyber education would help avoid

cybercrime from happening, it turned out to be quite a divisive subject among the respondents.

Many people believed that cyber education is the way forward to keep cybercrime from

happening. At the same time, many others thought the opposite and believed that cybercrime,

as any other crime will keep on happening regardless of education. In order to find a common

ground, argumentation from both sides will be brought forward to come to a conclusion on the

issue.

As the answers to question about the necessity of cyber education showed, one of the main

arguments for cyber education keeping away cybercrime was that prevention is the key to

fighting against any type of crime. Many people believed that either trust or ignorance makes

people vulnerable subjects to cybercrime, and that the only way over this is to have a wider

awareness about cyber. As one of the respondents put it, "people do not take cyber threats

seriously and many still believe that cybercrime is something against states and/or

enterprises" indicating they might not even know what they should be protecting themselves

from. "people simply might not think about the possibility that their data might be stolen, used against them, get bugged or similar" . It was also mentioned in the responses that education could act as a "vaccine" that would at least make the crime execution more complicated for cyber criminals.

As the organization security experts mentioned , more awareness creates caution and caution might lead to better cyber hygiene and people learning how to protect themselves against possible threats.

For example, one of the respondents explained the necessity of cyber education as: "The

development of technology cannot be stopped and awareness-raising should be able to keep

up; the same way as once people were needed to explain why doors should be locked" . People

should be able to "lock the door" in in the cyber sphere too, or otherwise for example exploit

kits might find vulnerabilities and security holes , as explained earlier. There will always be

large-scale cyberattacks that cannot be predicted, such as the WannaCry,Remote shell,Router RV320/R325 incident.However, everyone should at least be able to keep away from the smaller scale-threats, such as email phishing and spam.

Most of the reasoning against cyber education among respondents did not necessarily mean

that people believed cyber education is not needed, but rather did not expect it to help against

cybercrime. For instance, there is a belief among a few respondents that cybercrime, as any

other crime, will always happen, no matter of people's readiness or knowledge. The cyber

sphere is a fast-changing environment and one of respondents explained how "the attackers are

constantly looking for new options and they are always one step ahead" . Cyber attackers are

expert innovators in the online world with malicious purposes . This means that will not be possible for all internet users to be on the same level of knowledge and, as one respondent argued, "educating people sufficiently and efficiently probably only works in institutions where people are constantly faced with cybercrime issues" .

Although respondents considered themselves to be above average in terms of being aware of

cyber threats, and more than 80% of people wished to learn more about cyber space, then they

did not feel very threatened about cybercrime - almost 50% of the people felt moderately

intimidated, and 30% just slightly. Less than 20% of the respondents actually felt threatened

by cybercrime, which is a relatively small percentage. Either people consider themselves aware

enough for recognising the threats or they have just not had severe exposure to cybercrime.

The following figure would explore which kind of experiences employees had the cybercrime,

Just 10 people (6%) claim to have never been exposed to any cybercrimes

The three most common cybercrimes the respondents have been subjected to are spam (86%),

malware (80%) and phishing (almost 50%). Although most of the people have been exposed

to spam, it was considered the least worrisome to people based on the questionnaire; rather a

nuisance than an actual threat. Many people were surprised spam would be even considered a

cyber threat. Malware, on the other hand, is also one of the most commonly experienced

cybercrimes, and consequently, one of the most disruptive. Malware was also considered "to bridge" to other cybercrimes by some of the respondents, like data breach or information leakage. Phishing is believed to be spotted easily by most of the respondents,although one did express the concern of "phishing emails getting more sophisticated, so that it is becoming more difficult to figure out whether the email is from a client, friend or from a malicious actor" . Their few employees/companys had very bad experiences with the phishing attacks , like a comprising the application on computer and some attacks made to pay money.Few employe respondents told the information of how "the phishing email

really had seemed from a dear friend and the message had been very accurate".

Remaining 3 threats have already been experienced a lot less - data breaches, DDoS and web-

based attacks, all between 15-20%. Web-based attacks can be connected to the distribution of

malware. Most common reason for being attacked/exposed to Malware is from crawling malicious websites that in-terms act as Bot/attackers.. The year 2018 was been seen ,has most data breach by Cisco Annual security report released by cisco for the employees awaeraness . Many big online appliactions platforms companys had huge data leaks in the past years, like LinkedIn in 2012, Yahoo in 2013, Sony in 2014, etc.