A new report suggests that people in the UK are more aware of the terminology surrounding cyber security, and are less likely to fall victim to hacking and identity theft. Wombat Security Technologies’ 2017 edition of its User Risk Report reveals a stark difference in cyber knowledge on either side of the Atlantic.
The report is based on a survey carried out last month into knowledge of, and attitudes to, cyber security topics and best practices. While the report shows that the UK is generally more cyber security savvy, the US is shown to fare better when it comes to passwords and backing up data.
There was a marked difference in the understanding of various terms associated with cybersecurity. In the UK 78 percent correctly defined “malware”; in the US, just 61 percent. There was a better understanding of the term “ransomware” (42 and 37 percent), according to Wombat Security’s research.
The research shows that 50 percent of those surveyed in the US have fallen victim to identity theft, compared to just 19 percent in the UK. When it comes to social media accounts, 63 percent of US respondents had either had their account hacked or duplicated, or knew someone to whom this had happened. In the UK, the figure was 41 percent. When it comes to phishing attacks, 46 percent of those in the US admitted falling victim, compared to 17 percent in the UK.
Attitudes to backing up personal files have improved in recent years, and here the US leads the way. 92 percent say they backup their important files with 83 percent in the UK doing the same. There are differences in approaches to passwords on either side of the pond. In the US, there is a preference for password managers (38 percent compared to 10 percent in the UK), while UK respondents tend to use a selection of passwords. 35 percent use a different password for everything (29 percent in the US) and 36 percent limited themselves to the same 5-10 recycled passwords (21 percent in the US). Similar numbers use the same one or two passwords for everything (12 percent in the US, 19 percent in the UK).
People in the US were more likely to use a VPN (65 percent, compared to 44 percent), but this is in contrast to how they answered a question about using wireless networks when out and about. Asked “If you are in a place you trust — like a nice hotel, local coffee shop, or international airport — can you trust that location’s free Wi-Fi service to keep your information secure?”, 54 percent of US respondents said yes, compared to just 27 percent of people in the UK.
There’s slightly worrying news for employers about how corporate devices are used by their workers. A very high number of US respondents admitted to letting friends and family use their work devices for other activities. In fact, just 14 percent of those in the US would not allow friends and family to use their work device for any purpose, while in the UK the figure stands at 45 percent.
The authors of the report come to a simple conclusion: “there is still much work to be done on the security awareness training front.”
They go on to say:
Sure… it’s probable that, in the wake of the WannaCry attack, employees’ recognition of what ransomware is has increased. But it took a major global event to create that probability. Regardless, greater awareness of ransomware — or any cybersecurity threat — is not the same as knowing how to avoid that threat. To drive true and lasting behavior change, employee education programs must include regular delivery of both awareness and training activities. When organizations consider the implications of end-user-driven risks, they should also consider the opportunities to mitigate these risks and create a workforce that has the knowledge to make informed choices and has the ability to be part of the solution rather than part of the problem.