The State of Security on the Internet of Things
Most IT organizations are not doing much to protect networked computing devices.
Many users harbor misconceptions when it comes to Internet-related security and effective measures that can prevent security breaches. This was the picture gleaned by a new study commissioned by G Data Software, which surveyed 15,559 Internet users with their own PC and Internet access. Participants were between ages 18 and 65, and drawn from 11 countries including the United States, the United Kingdom, Russia, Switzerland and France.
Titled "How do users assess threats on the Internet?" the study asked questions surrounding the Internet, surfing behavior, use of security solutions, as well as users' awareness of security on the Internet. It is understood that G Data suggested 11 plausible, but false, statements to the respondents, yielding some pretty interesting results.
I went through the report and have listed what the researchers dubbed as the "11 assumptions of Internet security" below:
While it can be argued that some of the questions are ambiguous or even slightly misleading (the report says the paid-for packages identified in Question 2 are superior because purchased security software includes a range of additional security components, which, while typical, is not always the case from my experience), it is obvious from a cursory glance that users suffered from potentially dangerous misconceptions based on outdated or irrelevant information.
A significant portion of malware today is spread through drive-by downloads, either by hackers breaking into reputable websites or purchasing legit online advertisements and then swapping them with exploit code. It used to be that refraining from opening executable files was adequate protection against infections, but malware exploits are routinely hidden within Flash files, PDF documents and other popular document formats today. And as noted by the report, visiting a (paying) porn site may ironically be safer than a horseback-riding (hobbyist) site given the far greater profit motive of the former to keep its site secure.
The report concluded:
... the majority of Internet users, regardless of age, sex or nationality, are aware that there are threats on the Internet. Unfortunately with most users, this awareness is somewhat out of date, as only a small percentage of respondents can give correct answer to current threats on the Internet. Knowledge of how users can effectively protect themselves against computer malware is also quite limited among respondents.
So while the survey was not geared specifically towards small- and mid-sized businesses, it does reinforce the message that security is for all - a point that I emphasized in a blog on SMB Tech almost a year ago. Does your SMB routinely conduct, or send employees for, general security training?
For those who are interested, the detailed 29-page report can be accessed here (pdf).