Many Americans seem to fall short in understanding some of the key cybersecurity topics, according to a survey by the Pew Research Center that was released in April. According to the replies, a majority of online adults had limited knowledge of some of the basics, such as identifying phishing schemes, identifying true multifactor authentication (MFA) methods, recognizing encrypted websites and emails, private browsing, knowledge of botnets, and what are VPNs and their uses.
Of the 1,055 adults that completed the survey’s 13 cybersecurity related questions, the average person responded correctly to 50% of them. Only 20% were able to answer more than eight questions correctly, and a mere 1% were A+ students.
What is truly shocking is that even with all the warnings and discussions of phishing, it’s various forms, and the dangers it creates at home and at the office, only 54% of the respondents accurately identified phishing schemes when they were presented.
“This is very concerning,” said Jim Stickley, CEO at Stickley on Security. “By now everyone has heard of phishing, but it's clear that people still don't understand just how to detect it. As cyberattacks continue to evolve, organizations need to rethink their employee education programs." He continues to note that most organizations only spend time providing training once or twice a year, which has proven to be an outdated process. Stickley recommends moving to quarterly education training and providing continual awareness training since phishing attacks happen weekly, and even daily in nearly every organization.
Other statistics from the survey included that while 73% knew that using public WiFi to transmit secure data posed additional risk of fraud and only 13% knew that a virtual private network (VPN) minimizes risk when using public WiFi.
With regard to private browsing, 39% of users knew that their internet service providers can see the websites their customers browse even when using “private browsing” mode. Most people don’t realize that this option merely prevents information from being saved in the browser or on the device being used. Considering all of the online payments, shopping, and information that users enter into websites daily, surprisingly only 33% knew that when a web address is preceded by “https://,” the site is encrypted and it’s OK to enter sensitive information.
As for knowing what a botnet is and what it can do, 16% knew that it’s a group of networked computers that hackers use to steal data. A couple of the more popular botnets are Zeus and Confiker. Zeus is the number one botnet and has been used to steal personal information and online banking credentials. Government authorities and its tech industry partners were able to take this botnet down in 2012. However, it lives on in other forms such as Gameover Zeus. Confiker was thought to have affected over 15 million devices and was so overwhelming that a working group was created to fight it.
There is a bit of silver lining with the Pew Research survey findings; 75% knew what a strong password looks like and were able to identify the strongest one in a list. However, as other surveys have shown knowing and doing are perhaps different ideals. A January review of the worst passwords of 2016 by SplashData showed that people are still insistent upon using poorly designed ones such as “123456.”