Cybersecurity IQ: Americans Have Trouble Recognizing Phishing Attacks



phishing-mcshark.jpgA new Pew Research Center survey titled "What the Public Knows about Cybersecurity." tallied responses from 1,055 adults last year about their understanding of concepts important to online safety and privacy. The results are troublesome.

The Pew Research survey asked 13 questions about cybersecurity. The median score was five correct answers. Just 20 percent answered eight questions correctly. A relatively large percentage of respondents answered "not sure" to questions rather than providing the wrong answer.

Regarding cybersecurity, Americans recognize the need for strong passwords and know that public Wi-Fi hotspots aren't necessarily safe for online banking or e-commerce.

However, they not very good at recognizing phishing schemes or determining if the web site where they're entering credit card information is encrypted or not.

These mixed results highlight that employee awareness of staying secure online remains a weak link in blocking cyberthreats.

"It is probably our No. 1 concern and No. 1 vulnerability," said Retired Rear Adm. Ken Slaght, head of the San Diego Cyber Center of Excellence, a trade group for the region's cybersecurity industry. "These attackers keep upping their game. It has gone well beyond the jumbled, everything misspelled email."

Other findings in the Pew survey:

  • 75 percent of participants identified the most secure password from a list of four options
  • 52 percent of people knew that turning off the GPS function on smartphones does not prevent all tracking. Mobile phones can be tracked via cell towers or Wi-Fi networks.
  • 39 percent were aware that Internet Service Providers can still see the websites their customer visit even when they're using "private browsing" on their search engines
  • 10 percent were able to identify one example of multi-factor authentication when presented with four images of online log-in screens.

Angus Loten at the Wall Street Journal also covered this, and quoted Forrester: "That general lack of online security awareness isn’t lost on chief information security officers and other senior IT managers. The percentage of security and risk professionals citing “security awareness” as a top priority rose to 61% last year, from 56% in 2010, Forrester Research reported in November.

“The human element is important in safeguarding a firm against cyberattack, since it’s both a first line of defense as well as a weak link,” Heidi Shey, a senior analyst at Forrester, told CIO Journal Monday. She said security awareness training isn’t always effective, since it’s often conducted once a year as a compliance issue and involves lists of dos and don’ts.
“Successful awareness efforts are focused on enabling behavioral change, and typically customized and specific to an organization, its workforce, and relevant risks,” .


I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users which frankly is a fun thing to do! If you don't, the bad guys will, because your filters never catch all of it. Get a quote and you will be pleasantly surprised.

Get A Quote

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat_get_a_quote_now

 




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews