SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity disconnect between digitally free and unfree countries
Wed, 20th Jul 2022
FYI, this story is more than a year old

A cybersecurity disconnect between digitally free and unfree countries persists while freedom on the net declines, according to Avast.

The Covid-19 pandemic has had an unprecedented impact on the wellbeing of internet users across the world, with an unparalleled spread of misinformation, cybercriminals abusing unaware internet users with scams and cyber attacks, and several governments implementing authoritarian tactics. Avast's Digital Wellbeing Report reveals that people living in countries with more digital freedom are less at risk of cyber attacks, yet have the same lack of transparency in privacy policies as those living in countries with a less free internet.

“Our findings indicate that where governments around the world restrict their citizens' online freedom, there is a corresponding increased risk of people falling victim to cyber attacks," says Ondrej Vlcek, CEO of Avast.

"This is often tied to a lower GDP in these countries which leads to the use of older systems which are more prone to attack, and the use of free and potentially illegal content which often is less secure,' he says.

"However, the distinction isn't cut and dried - people in countries with more digital freedom still face frequent attacks, and our findings show that there is still work to do when it comes to privacy protection - in free and in unfree countries.

“To solve the problem of digital freedom, innovation is needed in the field of cybersecurity and digital trust solutions that will create more safety and transparency for all.

For the Digital Wellbeing Report, Avast combined its own data on cybersecurity risks and privacy challenges with Freedom House's “Freedom on the Net” report 2021, which assesses how much freedom people have using the internet in a country, based on the existence of surveillance and restrictions such as blocked social networks, censorship, or deliberately manipulated online discussions and disrupted ICT networks.

Avast defines digital wellbeing as a combination of digital freedom, cybersecurity and privacy, with the ability of an internet user to utilise the internet in an open, regulated, private, secure, and informed way.

Amidst concerning global trends that include rising cybercrime and malicious activity, and governments around the world adopting increasingly authoritarian tactics, today wellbeing and free expression online are increasingly under threat across the globe. For the report, Avast compared data including risks of falling victim to cyber attacks, users' computer system age, and presence, transparency and readability of privacy policies to data of Freedom House's Freedom on the Net report, which assesses the online freedom of countries by looking at aspects such as whether their government blocked social media platforms, deliberately disrupted ICT networks, or arrested, or physically harmed a blogger or ICT user for political or social content.

Less digital freedom, higher cyber risks

The report found that people living in Free countries are at a lower risk of falling victim to a cyber attack (30%) than people in countries that are Partly Free or Not Free (both 36%). This could be related to factors that include a higher rate of violation of user rights, prohibition of encryption services, large scale state surveillance, data collection and the presence of backdoors used for state surveillance, showing an indirect correlation between the Freedom on the Net Index score of a state and the risk ratio of encountering a cyber-attack. Moreover, countries that are Not Free often have a lower GDP per capita which can lead to a higher use of torrent sites to access free content, games, movies via unsecure sources, which in turn can expose users to a high number of online risks.

Avast's researchers further observed a correlation between the age of operating systems being used and the risk of citizens to cyber-attacks. By comparing the ranking in the Freedom House Freedom on the Net Index to Avast's internal data, it can be inferred that in wealthier countries, such as those found higher up in the Index including Germany, France and the UK, users tend to have up-to-date operating systems, which can better guard them against cyberattacks.

Conversely, users in countries that scored lower on the Freedom on the Net Index, like Indonesia, Turkey, and Belarus, have on average a lower GDP per capita and tend to use more outdated operating systems, which increases the risk of a cyberattack. The researchers found that only 28% of users in Free countries are still using outdated operating systems. By contrast, 38% percent of users in Partly Free countries are using outdated systems, and this figure is even higher in Not Free countries as ranked by the Freedom on the Net Index (41%).

Research shows that privacy policies aren't enough

The report published also found that privacy policies in general can be found more often in Free countries, with websites in Free countries (as designated by the Freedom on the Net Index) more likely to have in place privacy policies (70%) than websites in countries considered Partly Free and Not Free (52% and 47%). In Australia, 86% of websites have privacy policies. However, the report also found that even though privacy policies are more prevalent in Free countries, there does not seem to be a direct correlation between the vagueness and readability of those policies and the level of online freedom in those countries. In other words, it appears that the mere presence of a robust privacy policy in a country may not be enough to guarantee enough privacy protection to its citizens.

For example, privacy policies in Free countries like the United States and Australia are rather vague and come with a lower readability, but in many European countries as well as in Japan, Taiwan and South Africa, privacy policies are easier to read and less vague.

“Privacy regulations such as GDPR in Europe and CCPA in California require that users are informed about how their data is used, which is supposed to create more transparency for the user," says Vlcek.

"However, if privacy policies are written in a vague and unreadable way, this goal is essentially missed."