Survey: Americans have shallow understanding of cybersecurity

April 9, 2017 by Mike Freeman, The San Diego Union-Tribune
Credit: George Hodan/Public Domain

When it comes to cybersecurity, Americans recognize the need for strong passwords and know that public Wi-Fi hotspots aren't necessarily safe for online banking or e-commerce.

But U.S. adults are not as good at recognizing email "phishing" schemes or determining if the website where they're entering is encrypted.

That's according to a new Pew Research Center survey titled "What the Public Knows about Cybersecurity." It tallied responses from 1,055 adults last year about their understanding of concepts important to online safety and privacy.

The results were mixed, highlighting that public awareness of online security measures remains a potential weak link in thwarting cyberthreats.

"It is probably our No. 1 concern and No. 1 vulnerability," said Retired Rear Adm. Ken Slaght, head of the San Diego Cyber Center of Excellence, a trade group for the region's cybersecurity industry. "These attackers keep upping their game. It has gone well beyond the jumbled, everything misspelled email."

Digital security firm Gemalto recently said that 1,792 data breaches occurred worldwide in 2016, with 1.4 billion digital records compromised - up 86 percent from the prior year.

Gemalto, based in The Netherlands, did not include the 1.5 billion record exposed in the Yahoo! breach because it technically occurred in 2013-2014. It was discovered last year.

"One of the biggest problems is people have become numb to this," said Slaght. "We all have had our hacked. You just get a new one and life goes on."

The Pew Research survey asked 13 questions about cybersecurity. The median score was five correct answers. Just 20 percent answered eight questions correctly.

A relatively large percentage of respondents, however, answered "not sure" to questions rather than providing the wrong answer.

Participants had a good understanding of some security basic practices such as the importance of strong passwords and less knowledge of others - particularly more technical aspects of web safety such as multi-factor authentication and virtual private networks.

"One of the things you see from the Pew study, as you drill down in security knowledge, the numbers really do drop off," said Stephen Cobb, security researcher for anti-virus software firm ESET. "I was disappointed that only 33 percent were aware of what the 's' in 'https' meant."

It stands for secure, with website authentication and encryption of digital traffic. It is used mostly for online payments. Security researchers often suggest computer users examine the website addresses - known as the URL - as a first step before they click on a link.

"You wonder if people know what a URL is," said Cobb. "Do they know how to read a URL? So there is plenty of work to be done" in terms of .

Only 54 percent of respondents correctly identified a phishing attack. For cybercriminals, phishing remains a favorite trick for infecting computers with malware. Phishing schemes usually involve an email that directs users to click on a link to an infected website.

Computer software does a good job of blocking most phishing schemes, said Cobb, including many sophisticated spear phishing attacks targeting individuals with personalized information.

Even so, cybersecurity technology can't yet deliver a "completely automated response to phishing," he said. "So we have to proceed with user education and with attempts to make a poor career choice" by prosecuting those who do it.

Other findings in the Pew survey include:

-75 percent of participants identified the most secure password from a list of four options

-52 percent of people knew that turning off the GPS function on smartphones does not prevent all tracking. Mobile phones can be tracked via cell towers or Wi-Fi networks.

-39 percent were aware that Internet Service Providers can still see the websites their customer visit even when they're using "private browsing" on their search engines

-10 percent were able to identify one example of multi-factor authentication when presented with four images of online log-in screens.

Explore further: Can better advice keep you safer online?

50 shares

Related Stories

Can better advice keep you safer online?

April 4, 2017

Many Americans are worried about their online privacy and security. And rightly so: Nearly half of Americans have encountered at least one serious problem with online safety.

Phishing scams are becoming ever more sophisticated

March 16, 2017

Companies are bombarded with phishing scams every day. In a recent survey of more than 500 cyber security professionals across the world, 76% reported that their organisation fell victim to a phishing attack in 2016.

Ten ways to stay safe while shopping online

November 25, 2014

As the holiday shopping season gets underway, the importance of avoiding hackers, phishing scams and phony websites while buying online becomes increasingly important.

US tax season fuels surge in email scams

April 4, 2016

As the US tax season draws to a close, authorities are warning of an alarming rise in "phishing" scams designed to steal sensitive personal and financial information.

Recommended for you

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.

Dutch open 'world's first 3D-printed bridge'

October 17, 2017

Dutch officials toasted on Tuesday the opening of what is being called the world's first 3D-printed concrete bridge, which is primarily meant to be used by cyclists.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.