{"id":84554,"date":"2017-06-29T17:54:00","date_gmt":"2017-06-29T21:54:00","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-08-14T15:31:12","modified_gmt":"2021-08-14T19:31:12","slug":"dont-know-much-security","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/dont-know-much-security\/","title":{"rendered":"Don\u2019t Know Much Security"},"content":{"rendered":"

\"Don\u2019tWith apologies to Otis Redding<\/a>, Americans don\u2019t know much about security<\/strong>. They don’t know much privacy or the SPAM they took. A new Pew Research Center<\/a> survey, “What the Public Knows About Cybersecurity<\/a>” quizzed 1,055 adults about their understanding of concepts important to online safety and privacy. The results of the Pew survey are unsettling.<\/p>\n

\"questions<\/a>The Pew Research survey<\/a> asked 13 questions about cybersecurity. The median score was five correct answers. Just 20% answered eight questions correctly<\/strong>. A relatively large percentage of respondents answered “not sure” to questions rather than providing the wrong answer.<\/p>\n

Most Americans don’t know how to protect themselves. Only 10% were able to identify<\/strong> one example of multi-factor authentication<\/strong><\/a> when presented with four images of online log-in screens.<\/p>\n

Most Americans still unknowingly allow themselves to be tracked across the web. 61% of those surveyed were not aware that Internet Service Providers can still see the websites<\/strong> their customer visit even when they’re using “private browsing” on their search engines.<\/p>\n

<\/a>A slight majority (52%) of people<\/strong> recognized that just turning off the GPS function<\/strong> on smartphones does not prevent all tracking of the phone’s location. Mobile phones can be tracked<\/strong> via cell towers or Wi-Fi networks.<\/p>\n

Only 54% of respondents correctly identified a phishing attack<\/strong>. For cybercriminals, phishing remains a favorite trick for infecting computers with malware. Phishing schemes usually involve an email that directs users to click on a link to an infected website.<\/p>\n

\"phishing<\/a>Computer security software does a good job of blocking most phishing schemes, Stephen Cobb, security researcher for anti-virus software firm ESET<\/a> told<\/a> Phys.org<\/em><\/a>, including many advanced spear-phishing attacks<\/strong> targeting people with personalized information.<\/p>\n

Retired Rear Adm. Ken Slaght, head of the San Diego Cyber Center of Excellence<\/a>, a trade group for the region’s cybersecurity industry told KnowB4<\/em><\/a>.<\/p>\n

It is probably our No. 1 concern and No. 1 vulnerability … These attackers keep upping their game. It has gone well beyond the jumbled, everything misspelled email.<\/em><\/p>\n

<\/a>2\/3’s<\/strong> of Americans tested, could not identify<\/strong> what the\u00a0what the ‘s’ in ‘https<\/strong>‘ meant.\u00a0The article explains that the ‘s’ stands for secure, with website authentication<\/strong> and encryption<\/strong> of digital traffic. It is used mostly for online payments. Security researchers often suggest computer users check the website addresses – known as the URL – as a first step before they click on a link.<\/strong> ESET’s Cobb said,\u00a0“You wonder if people know what a URL is … Do they know how to read a URL? So there is plenty of work to be done<\/em>.”<\/p>\n

In the most puzzling finding to me,\u00a075% of participants identified the most secure password from a list of four options. And yet followers of Bach Seat<\/em><\/a> know that year<\/a> after<\/a> year<\/a>\u00a0passwords suck<\/strong>. Could it be that Americans just don’t care about online security?<\/p>\n

\"\"<\/a>Fortunately, some Americans also recognize that public Wi-Fi hotspots aren’t necessarily safe for online banking or e-commerce. The mixed security results highlight that staying secure online is not a priority for Americans at work or at home.<\/p>\n

The Wall Street Journal<\/em><\/a> also covered the Pew findings<\/a> and quoted Forrester<\/a>: “The percentage of security and risk professionals citing \u201csecurity awareness\u201d as a top priority rose to 61% last year, from 56% in 2010<\/em>.”<\/p>\n

In the enterprise, Heidi Shey, a senior analyst at Forrester, told CIO Journal<\/em><\/a> that security awareness training isn\u2019t always effective, since it\u2019s often conducted once a year as a compliance issue and involves lists of dos and don\u2019ts.<\/p>\n

The human element is important in safeguarding a firm against cyberattack, since it\u2019s both a first line of defense as well as a weak link. Successful awareness efforts are focused on enabling behavioral change, and typically customized and specific to an organization, its workforce, and relevant risks.<\/em><\/p>\n

rb-<\/em><\/strong><\/p>\n

The data from Pew says that enterprise and home users need to be more security-aware. Technology can’t solve stupid so users have to be the last line of defense.<\/em><\/p>\n

Related articles<\/strong><\/p>\n