Ignorance is not bliss: How tech users lack basic cybersecurity knowledge

No wonder internet connectivity is at an all time high.

But – and not surprisingly – this has led to an increase in cyber-attacks: phishing and identity theft are rampant (but largely underreported).

And, nearly two-thirds of technology users lack basic cybersecurity knowledge, so adoption of best practices is lagging.

These are features of the National Cyber ​​Security Alliance (NCA) and the CyberSafe O! They are key findings. Annual Cyber ​​Security Attitudes and Behaviors Report 2022. The report, which surveyed 3,000 people across the US, UK and Canada, was released today ahead of the NCA’s Cyber ​​Security Awareness Month in October.

“Cyberattacks have grown in frequency, especially in the past few years,” said Lisa Plagemeier, NCAA executive director. However, bad actors continue to successfully solicit victims through low-tech (but still effective) methods.

Clear your passwords

One of the most troubling findings: poor password hygiene.

Although 45% of respondents said they were always online, only 16% said they created passwords longer than 12 characters. Similarly, 40% do not use a strong password combination and only 7% use a password manager.

Also, more than a third (37%) of respondents prefer to write passwords down in a notebook, 28% store them electronically, and 22% “just remember them.”

“Each of these password sanitization methods have major weaknesses that ultimately lead to passwords falling into the wrong hands, which is alarming,” Plagemeier said.

Also, according to the report:

• 43% of respondents have never heard of Multifactor Authentication (MFA).
• 37% do not have automatic software updates enabled.
• It is estimated that 35% of their devices are automatically secured.

Simply put, tech users don’t like passwords and generally “struggle with security hygiene,” Plagemeier said.

Companies should use MFA, zero trust policies and good password hygiene to protect themselves and their employees. This means mandating the use of passphrases that are at least 12 characters long. Users must create and maintain unique, multi-character-string passwords for the ever-increasing number of online accounts they log into.

“No matter how long a password is, if the passwords are predictable or have no character variations, bad actors are more likely to hack or brute force into a user’s account,” says Plagemeier.

Phishing and identity theft are the most common attacks

Of the more than 1,700 cybercrimes reported by participants, 36% of phishing attacks resulted in financial or data loss, and 24% were identity theft. The report also found the following.

• Participants in the U.S. are more likely to be victims of cybercrime on an ongoing basis.
• 20% of Millennials and 18% of Gen Z have had their identity stolen at least once.
• 27% of Millennials and 34% of Gen Z have lost money/data to malicious cyber activities such as phishing.
• In contrast, 92% of Baby Boomers report that they have never had their identity stolen, and 88% have never lost money/information due to a cyber attack.

Meanwhile, 45% of romance-scam victims and 48% of cyberbullying victims did not report incidents. And, 26% of identity theft victims and 31% of phishing victims did not report their cases directly to service providers or law enforcement.

“Phishing attacks are widespread and unfortunately successful,” Plagemeier said.

Therefore, it is vital that technology users know how to identify and report phishing attacks. If a link or attachment looks suspicious, scroll past it or delete/mark it as spam or spam. And, beware of communications that demand immediate action.

“Monitoring these types of phishing scams can help users and companies avoid interacting with malware that can harm your device, or worse, expose it to cybercriminals,” he said.

Basic cyber security knowledge is lacking

Basic cyber security awareness and adoption of tools is also a concern. According to the study:

• 62% of consumers lack cybersecurity knowledge, and one-third rely on help from friends and family.
• 78% of respondents prioritize staying safe online.
• 57% are worried about cybercrime.
• 46% feel frustrated with how safe they are online.

These findings depend on the way cybersecurity training is viewed, Plagemeier said. The outbreak and the blurring of personal and professional lives are “a big wake-up call,” she said. Access is prioritized over security.

“Businesses that put their security on the back burner to quickly give people remote access will see bad actors taking advantage of people’s general ignorance about the risks they face all the time,” she says.

“Now we have to course-correct and make defenses like MFAs and training — more important than luxuries as a culture,” Plagemeier said.

Call to action

There’s a culture change — one that needs to accelerate, says Plagemeier — as organizations fall victim to phishing and social engineering attacks.

It is vital that cyber security training is “rooted in digital culture” and emphasized that it should be proactive and helpful rather than punitive and reactive.

The key to increasing education and adopting cybersecurity best practices is implementing cybersecurity standards. Ultimately, she said, tech companies need to prioritize cybersecurity over user misunderstandings and fear of implementation.

“Our research tells us that people want to prioritize security and expect technology companies to do more,” Plagemeier said.

Instead of making MFA an option and framing it as an “as-is” protection measure, she said, it should be “table wood” for all devices that carry and store critical data. This may seem like a burden at first, but the amount of data that can reduce down the line risk is a growing pain from the start.

“Professionals in the training framework need to create an environment where cyber security awareness and education is a culture of punishment,” Plagemeier said.

Ultimately, she said, it should be incorporated into our workplace and everyday life.

“If we can change the message and make it easier for the average person to understand prevention, we can be safer together and prevent cyber attacks from spreading.”