Safety in Situ

March 31, 2010 - 2 Comments


According to a recent press release from Symantec, some cities in the U.S. are more “vulnerable” than others, with Seattle at the top of list. Their methodology “analyzed data for each city including the number of cyberattacks and potential infections (data provided by Symantec Security Response), level of Internet access, expenditures on computer hardware and software, wireless hotspots, broadband connectivity, Internet usage and online purchases.”

While an argument could be made about a potential conflict of interest for a press release of this nature, I’d like to focus on what greater access to Internet connectivity means in terms of best practices, regardless of whether you are in Seattle or Shishmaref. As noted in a recent Cyber Risk Report, the study’s real conclusion has little to do with your actual location.

It’s been true for centuries that the likelihood of malicious activity increases in tandem with population density — it’s rather unlikely that you’ll be robbed standing on a quiet glacier in Alaska. So why is Seattle ranked first in Symantec’s study? I gave a bit of thought to Seoul (South Korea), whose bandwidth per capita far exceeds even the most wired cities in the United States. Had Seoul been included in the findings, would the results have been different? Interestingly, if we focus on one vector — spam (a consistent source of malware infections) — the answer is “no.”  Spamhaus lists the United States as “The World’s Worst Spam Producing Country” as of this writing. South Korea is eighth; their spam output represents only 8% of what emanates from the United States. For comparison purposes, the population of South Korea in 2008 was 48.6M people; the United States was 303.8M. Roughly speaking, the United States produces twice as much spam per capita, including variances for population density. So generally speaking, I am not convinced that geographic location has much to do with the level of risk for malicious activity.

Symantec also associates the potential for cybercrime to the density of Wi-Fi hotspots, citing Boston and Washington D.C. as examples. It also lists San Francisco as fourth, noting it is one of “the most tech-savvy cities in the nation, proving that even skilled and experienced Internet users are at risk when it comes to cybercrime and online insecurity.” Again, the metrics for why this is true are not easily ascertained.

The real conclusion here is that online security is best achieved through a multi-pronged strategy to protect your data: end-user education, best practices at the end points as well as the network, and a threat correlation strategy that accounts for the ever-changing landscape in exploits. Vendors and customers alike share in this responsibility. Your own personal computer may be “safe” owing to how it is configured, e.g. you have installed software that detects malicious activity and your connection is through a more controlled environment (e.g. your home broadband). But when you use a Wi-Fi hotspot in any location (hint: it need not be Seattle or San Francisco), you are potentially putting yourself at greater risk. Whose Wi-Fi is it? What does it route through? Whose DNS is it using? For the latter, it may appear that you have connected to “ABC Bank” but were in fact routed to a rogue, lookalike site whose sole purpose is to harvest login credentials. I’m sufficiently paranoid that I have a nifty program called Little Snitch that warns me of any outbound connections that seem the least bit suspicious, depending on how the user configures it. (Sorry, available on Mac OS only.)

The “anywhere, anytime” connectivity many of us have come to take for granted is equally available to the miscreants, and you can be sure that they are taking advantage of it. This means that each of us make a risk-based decision when we “go online,” regardless of where we choose to do it. As always, protect what you can control first.

Should the Wi-Fi that is increasingly being made available on airlines become a significant vector, I’ll be interested to see where it lands on this list of “riskiest online cities.” In the interest of your safety, please continue to observe the Fasten Seat Belt sign.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Kathy,Thank you for your comments. I’m not the developer of Little Snitch but agree that it is a great program. It takes a bit of network knowledge (i.e. IP fundamentals) to tune it properly — it’s definitely a ‘nerd knob’ program and requires that you have some idea of what is ‘proper’ behavior for an end user application. As I run Windows 7 in VMware I still benefit from Little Snitch, so I haven’t gone looking for a native Windows equivalent.

  2. With my profession I always take an interest in cyber theft. I think this is going to be a much larger issue as the world becomes more and more wireless. That’s a neat little program you have there. Any idea when there will be a version released for Windows?