Best practices in cybersecurity lag behind, although people are aware of the risks

The National Cybersecurity Alliance and CybSafe announced the release of a report that interviewed 2,000 people in the US and UK. The report looked at key cybersecurity trends, attitudes and behaviors ahead of Cyber ​​Security Awareness Month this month.

“The cybersecurity threat landscape is as complex and diverse as it has ever been before,” said Lisa Plaggemier, Acting Executive Director, National Cybersecurity Alliance.

“The daily headlines of data breaches and ransomware attacks are testament to the worsening of the problem, but most people are unaware of the simple steps they can take to be part of the solution. It is essential to better understand both the challenges we face and the prevailing attitudes and behaviors among the public.

“Cyber ​​security is not just about tools, it’s about people,” said Oz Alashe, CEO of CybSafe. “Too often people are overlooked in cybersecurity conversations. “

Cybercrime Is Considered More Common Among Millennials and Gen Z

Millennials (44%) and Gen Z (51%) are more likely to say they’ve experienced a cyber threat than baby boomers (21%), according to the study’s results. Additionally, 25% of Millennials and 24% of Gen Z said they had their identity stolen once, compared to just 14% of Baby Boomers. In fact, 79% of baby boomers said they had never been a victim of cybercrime.

“Despite the myth that older people are more likely to be exposed to cybercriminals and their tactics, our research has found that younger generations are much more likely to recognize that they have been victims of cybercrime,” Plaggemier said. .

“It’s a stark reminder to the tech industry that we cannot take cybersecurity awareness among all demographic groups for granted and that we need to focus on the nuances of each different group. And, it is clear that we need to rethink the perceptions that young individuals are more tech savvy and engage in cybersecurity best practices more frequently than older tech users.

The public is not adopting best cybersecurity practices

Public response and implementation of commonly known best practices, including strong passwords, multi-factor authentication (MFA) and others, are lukewarm at best, according to the report. Best practice findings include:

• Poor password hygiene: 46% of respondents say they use a different password for important online accounts, and 20% say they “never” or “rarely” do so. In addition, only 43% said they create a long, unique password, either “always” or “very often”.
• The AMF remains a mystery: 48% of those questioned declared that they had “never heard of the AMF”.
• The installation of software updates is late: 31% of respondents say they “sometimes”, “rarely” or “never” install software updates.

“There is a clear gap between the tech industry and the public when it comes to driving the adoption of best practices in cybersecurity,” said Alashe. “There is compelling evidence that simple best practices like strong passwords, multi-factor authentication, and regularly installing updates can do wonders in strengthening overall cybersecurity.

“At the end of the day, there is no one-size-fits-all approach to cybersecurity. In order to reverse this trend and engage people in safe online behaviors in a more meaningful way, we need to take a more human-centered view and understand the behavioral implications that lead to this disconnection.

Reporting issues undermine cybersecurity

According to the report, 34% of individuals have personally been victims of a cyber breach. Among these people, 51% say they have been victimized more than once. In addition, 19% of participants said they had been victims of identity theft. Of those who were victims of cybercrime, 61% said they did not report the incident.

In addition, only 22% of participants said they “always” reported a phishing attempt, one of the main types of threats deployed by cybercriminals. Interestingly, only 29% of people said they were not intimidated by cybersecurity.

“The tech industry relies on reporting as one of the key pillars in identifying and arresting bad actors, but even those directly affected by cybercrime routinely fail to inform the appropriate parties that an incident has occurred. is produced, ”Alashe said.

“In everyday life, it is second nature for people to report a crime if they see one; however, this behavior is not reproduced with cybercrime. It is crucial that cybersecurity professionals know why this is the case, as increasing reporting rates among people will be key to freeing up time for cyber professionals to help them prioritize threats and adjust their strategies.

Limited access to e-learning

According to the report, 64% of those surveyed do not have access to cybersecurity training, while 27% of those who have access choose not to use it.

“Despite a continued increase in incredibly sophisticated cybersecurity attacks, a large majority of employers and tech manufacturers are failing to equip people with the tools and knowledge they need to identify, avoid and report cyber threats,” said declared Plaggemier.

“The success of cybersecurity depends heavily on the actions of ordinary people, and unless we are able to significantly expand our training and education infrastructure, we will continue to be extremely vulnerable to bad actors. “