Do you know what a botnet is? Can you spot a “phishing” attack? Is there a difference between a URL that begins with https:// as opposed to http://? Can Internet Service Providers see what you are looking at when you are in “private browsing” mode?
If you answered yes to all these questions, then you likely have a reasonable understanding of cybersecurity topics and concepts. And you would also be in the top 20% of U.S. residents who know how important it is to protect themselves—and by association, their companies—in the digital economy.
The problem is that most people are still unsure of many of the so-called technical aspects of cybersecurity.
A recent survey of adult Internet users by the Pew Research Center said the majority of Americans struggle to understand core cybersecurity concepts or the basic rules of online protection. According to Pew’s “What the Public Knows About Cybersecurity” report, practical understanding of cybersecurity is lacking, irrespective of how often the topic is mentioned in the mainstream media.
“In an increasingly digital world, an individual’s personal data can be as valuable (and as vulnerable) to potential wrongdoers as any other possession,” said the authors of the report.
The survey consisted of 13 multiple-choice questions that covered general concepts and the basic building blocks of online security. Around 1,055 adults were interviewed by Pew for the survey, which was designed to demonstrate how much (or how little) the average person knows about cybersecurity. For the most part, actual knowledge varied depending on the topic or level of technical difficulty.
Pew calculated the median score as five correct answers out of the 13 questions posed, but the majority of people only got two questions right. Only one in five people got more than eight questions correct, with just 1% of people claiming a perfect score.
For example, 75% of people could work out the strongest password out of four options. A similar amount of people (73%) knew that public Wi-Fi was probably not the best place to do sensitive stuff like online banking or anything financial. Around 54% could identify phishing attacks but only 10% knew what a multi-factor authentication screen should look like.
“A majority of online adults can identify a strong password when they see one and recognize the dangers of using public Wi-Fi,” said Pew. “However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or determine if a webpage they are using is encrypted.”
Cybersecurity Knowledge Depends On Topic And Technical Difficulty
Public knowledge of the recommended best practices for secure Internet activity differed with each question.
Pew said that 39% of people knew that ISPs could “see” the websites being visited while in private browsing mode. Around 33% said the “s” in a URL that started with “https” indicated the traffic on the website was encrypted. On the flip side, only 16% knew what a botnet did while the benefits of a Virtual Private Network (VPN) was a mystery to 86% of people.
People with high levels of education were more likely to get a cybersecurity question right, Pew said. Younger Internet users also scored above the median range, especially on questions that addressed so-called hot topics such as tracked online activities or the increase in malware. Older users demonstrated a reasonable amount of cybersecurity knowledge but those aged between 18 and 29 scored a mean of six out of 13 questions right.
The number of people who supplied an incorrect answer to any of the questions was low, but a common response was “not sure.” Questions about default levels of encryption were the ones that elicited this response the most, although cybercrime definitions also generated a level of uncertainty.
“Although the share of online adults who can correctly answer questions about cybersecurity issues varies from topic to topic, in most cases the share providing an actual incorrect answer is relatively small,” Pew said. “Rather, many users indicate that they simply are not sure of the correct answer to a large number of the questions in this survey.”
When you consider that around 64% of the American public have personally suffered a major data breach (according to a separate Pew Research report), then it is not surprising that people showed a reasonable level of cybercrime knowledge irrespective of age. Add into the mix a continuous media drip-feed of “cyber” headlines and it becomes clear that even a basic level of public understanding is crucial.
Prevention Is Better Than Cure In The Digital Economy
The level of understanding becomes even more important when you take into account just how connected society is.
CNBC reported in February that cybercrime cost the global economy around $450 billion in 2016, according to specialist insurer Hiscox’s CEO Steve Langan. In an interview timed to coincide with the launch of the Hiscox Cyber Readiness Report 2017 [PDF], Langan cited the human element as one way to limit the reach of the cyber criminal. For example, people should be trained to recognize suspect—and increasingly sophisticated—emails or be aware that encryption is not always a default setting.
“It is an old saying, but a true one: prevention is better than cure. In the age of e-commerce and the connected business, it has a particular ring to it,” said Langan, in his foreword to the Hiscox report. “Robust defenses against cyber intruders and strong processes for eliminating careless or rogue behavior internally are now the keys to business continuity and consumer trust. Without investment in prevention, detection and training, firms leave themselves exposed to costly business interruptions and possible brand impairment.”