Application security, Malware, Network Security, Phishing

Consumers’ poor cyber hygiene costs them billions

The fact that cybercrime impacts hundreds of millions of people, has cost its victims more than $100 billion and most people know of the danger has done little to limit the general complacency and unsafe behavior still prevalent among internet users.

Symantec's 2016 Cyber Security Insights Report noted that the vast majority of consumers realize dangers exists, most still act in an unsafe manner when it comes to operating online. This has resulted in 689 million people in 17 separate countries being victimized at a cost to them of $128 billion.

This includes not learning to spot a phishing email, connecting to unsafe public networks or have the false belief that their connected device is somehow safe from cybercriminals.

“Unfortunately, many consumers are not motivated to take even simple steps to stay safe online. Seventy-six percent of consumers they must actively protect their information online, but they still share passwords and engage in other risky behaviors,” the report stated.

A subset of the general population is even more likely to be victimized by cybercrime. Symantec noted that millennials are the most common victim with 40 percent having suffered an attack in the last year. As would be expected poor security habits were the primary reason with 35 percent of millennials saying they would be willing to share their passwords.

The primary reason millennials are so susceptible is due to the amount of time they spend online and the fact that many have the incorrect notion that cybercriminals simply won't bother attacking their device, Kevin Haley, Norton's director of security, told SC Media via email.

Despite consumer's lackadaisical attitude toward protecting their data, in some ways their actions are no better than corporate workers, many of whom have been trained to have excellent cyber hygiene. That is being susceptible to phishing attacks. The report found about 40 percent cannot detect or have to guess whether an email is part of a phishing attack. On the bright side just over half did know that an email is likely part of a phishing scam if it asks the recipient to do something compromising.

Making poor choices resulting in being compromised is a theme throughout the report. When using public WiFi 61 percent said they had entered financial information into their device and 39 percent reported having read out loud credit and debit card numbers while speaking into their phone.

“Considering that 71 percent of consumers say public Wi-Fi is useful for checking emails, sending documents and logging into accounts on the go, this is concerning. If a hacker is able to access an unsecured Wi-Fi network, they can see the information people using the network are sending and receiving from their devices. This means hackers can steal user names, passwords and other personal information they intercept over the unsecured network, putting consumers at risk for identity theft,” the report said.

"Consumers in today's world feel the need to be constantly connected, but most don't understand the risks associated with it. Nearly a quarter of respondents plainly said they don't know the best way to protect their personal information while using public Wi-Fi.  As a result, Norton found that while nearly 90 percent of Americans use public Wi-Fi, only 20 percent use a VPN to protect their information, and many have entered sensitive information while using public networks by logging into their personal email (58 percent), checking bank information (22 percent) or entering credit card details (17 percent)," Haley said.

The report is based on a survey of 20,907 device users ages 18+ across 21 markets, commissioned by Norton by Symantec and produced by research firm Edelman Intelligence.

Updates includes Kevin Haley, Norton's director of security, comments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.