Over the weekend, I was talking to a group of young cybersecurity professionals about the recent DDoS attacks in specific, and about cybersecurity in general. One of the things that came up in our conversation was the way people outside of the cybersecurity world bring up a topic in the news (like the DDoS attacks) but have little to no understanding of what the actual attack was about or what was at risk (like thinking a DDoS attack wipes out your bank account).
I mention this conversation because it fits well into the results of two surveys about cybersecurity awareness. End users think they are tech savvy or knowledgeable about security issues, but in reality, they aren’t as informed as they think. This lack of security education could result in otherwise preventable incidents for end users and for their employers.
The first study, conducted by Arbor Networks, found that two-thirds of consumers believe they are tech savvy but they don’t understand much about security because they think their information is being shared safely on retail websites and on social media. Nearly 40 percent said they don’t worry about their personal information being hacked because it isn’t valuable to a cybercriminal. And as eSecurity Planet added:
The lack of tech savviness goes further -- 55 percent of respondents said if they receive an email from someone they know that includes a link, they'll click on it even if they weren't expecting anything. Fifty-five percent of respondents (and 66 percent of millennials) said that if they were hacked, they wouldn't know what to do.
This does not sound very tech or security savvy to me. In fact, Christopher Gaebler, chief marketing officer at Arbor Networks, agreed in a formal statement, saying that this false sense of security is actually making the hacker’s job much easier.
Similarly, MediaPro released its 2016 State of Privacy and Security Awareness Report, which found that 88 percent of employees lack the basic security awareness IQ to avoid preventable cyber incidents. The report created three levels of security awareness – Risk, Novice and Hero – based on the ability to recognize security threats like phishing or open Wi-Fi. Only 12 percent were security savvy enough to be awarded Hero status, indicating a strong knowledge of security and privacy best practices. (The vast majority, 72 percent, are Novices who get the basics but perhaps not well enough to avoid a major security mistake.) What this means, Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance, said in a statement, is that as cybercriminals become more sophisticated, end users are struggling to keep up, adding:
The clear solution is the implementation of an adaptive awareness program that is flexible enough to adjust not only to today’s threats, but the threats of tomorrow. Without an adaptive program, you’re going to have a hard time surviving, let alone thriving, in today’s tumultuous data protection landscape.
Where do you think you and your employees rank in security awareness? MediaPro has an online quiz so you can test yourself.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.