Consumers acknowledge risks in the breach era but do not take important steps to protect their data and identities
COLUMBIA, Md., A study conducted online by Harris Poll, on behalf of Tenable™,Inc., the Cyber Exposure company, has found that many consumers fail to practice basic security cyber hygiene. While nearly all Americans (94 percent) were aware of news stories about security breaches in the past 12 months, few have taken critical steps to protect their data or changed their online habits. The study, conducted among over 2,000 U.S. adults found 44 percent of Americans did not use a password to protect their personal information on their computer in the past 12 months, and 55 percent failed to use a PIN to protect their personal information on their mobile devices. When it comes to the industry recommended practice of two-factor authentication, a staggering 75 percent of Americans revealed they had not implemented this feature to protect their personal information on their devices. Just 32 percent of Americans who have heard of any news stories about security breaches in the past 12 months say they reduced their use of public Wi-Fi or unknown hotspots as a result. There were some positives as over half of Americans (53 percent) confirmed that they had made their account passwords more complicated, and 15 percent have used a password management tool to protect their personal information in the past 12 months.
“Given the recent slew of data breaches you’d expect consumers to be more aware of security incidents and potentially to have changed their habits. However, this study found quite the reverse. While nearly all the respondents were aware of recent breaches, among them almost half (43 percent) confessed they’d not changed their online habits as a result. Another surprising figure was that only 19 percent of Americans said they’d utilized biometric security options on their devices in the past 12 months, which is unexpected given Apple introduced the use of a thumbprint as a security measure in 2013,” said Amit Yoran, CEO of Tenable. “This all indicates that many consumers still fail to comprehend the role they play in accountability when it comes to taking specific actions to safeguard their own personal data. It’s basic cyber security illiteracy.”
Only 12 percent of Americans said they believed that their personal information had been stolen by hackers due to a security breach in the past 12 months. Given the Equifax breach alone exposed the sensitive data of as many as 143 million Americans, that number is statistically impossible. Add to this the Yahoo! breach and countless others, the results of this study suggest an alarming lack of understanding about the pervasiveness of recent breaches and the risks they pose. In fact, 37 percent of Americans think it’s likely their personal information will be stolen as a result of a security breach in the next six months.
Focusing on where perceived risks lie, 63 percent of Americans said they were worried that their data may be stolen when connecting to public or unknown Wi-Fi/hotspots. Fifty-eight percent are worried that their personal information may be stolen when online shopping, while half are worried when banking online, and only 35 percent are concerned when connecting with their friends/family through social media.
A popular inroad for hackers to compromise devices and steal data is when apps have security vulnerabilities, yet few people patch promptly. Fourteen percent of smartphone users wait more than a week to update apps on their smartphone after receiving a prompt, including 5 percent confessing they never get around to it. Meanwhile, 13 percent of computer users wait more than a week to update the apps on their computer, with 3 percent who wait longer than a month after receiving a prompt, and 5 percent who never update apps on their computer.
“The irony is that cyber poses an existential threat to our economy and to our very social fabric and safeguarding ourselves is therefore a shared responsibility,” Yoran said. “Enterprises must lead the way by practicing fundamental hygiene and enforcing a basic standard of care for their customers’ data; but individuals must do their part, too — both as consumers and in many cases, as employees of those same enterprises — and that starts with cyber literacy.”
Tenable’s Consumer Security Checklist:
- Where applicable, enable two-factor authentication for all online services.
- Update your apps and computers within 24 hours of receiving a notification.
- Assign strong passwords to your computer, mobile phone and tablet and don’t share them with others.
“Organizations need to lead the way in basic security practices that keep their customer and critical business data safe. It seems there is a need for a ‘top down’ approach where organizations provide comprehensive cybersecurity but also team up with customers and employees to educate them about what they can do extend their best practices across their own personal attack surface,” said Yoran. “This starts with companies being more transparent about their own security practices and holding themselves accountable for lapses. If they don’t make security a top business priority and they aren’t sensitive to these changing consumer patterns and needs, they risk losing customers. Today, being customer-focused isn’t just about making good products; it’s about listening to customers and making sure the products and services they are using don’t cause them harm.”