Most people are aware of the importance of cybersecurity and the need to take care when opening emails, browsing the internet or downloading apps on their mobile phones. If you ask anyone whether they are knowledgeable about cybersecurity and if they can recognize a malicious website or email, there’s a high chance that they will say yes.
A recent survey conducted by AT&T on 2,000 U.S. adults confirms that. 70% of the respondents to the survey said they were knowledgeable about cybersecurity, two-thirds of people said they know how hackers gain access to sensitive information on devices, and 69% of people said they were able to recognize suspicious websites at a glance.
However, despite being aware of the importance of cybersecurity, cybersecurity best practices are not always followed. People take considerable risks with email and the Internet, and the survey suggests that the confidence in the ability to recognize scams, malicious websites, and suspicious emails is misplaced.
While most people claim to be able to recognize a suspicious website, only 45% of respondents said they knew those sites carried a risk of identity theft. 46% of respondents were unaware of the difference between active and passive cybersecurity threats. Passive cybersecurity threats are those where a threat actor simply monitors communications and gathers sensitive information, whereas an active attack involves some action or modification of communications. An example of a passive attack is a malicious actor eavesdropping on a connection to a website via an evil twin Wi-Fi access point. An example of an active attack would be a malware attack.
The average person lands on 6.5 malicious websites or suspicious social media accounts every day and in many cases, those sites are accessed deliberately. Suspicious websites include those that start with HTTP rather than HTTPS, which means the connection between the web browser and the website is not encrypted. Suspicious sites include those with lots of pop-ups, or unverified sites and social media accounts.
39% of respondents said they accessed suspicious streaming websites to view major sporting events, 37% would download files from suspicious websites if they wanted to find a song or video game that they couldn’t find elsewhere, and these sites would be used to make purchases if they were offering a big discount. Considering that 70% of people said they were knowledgeable about cybersecurity, it is alarming that less than 40% of people consider common security risks when accessing the Internet. Only 32% of people considered the possibility of a network intrusion and just 31% of people considered whether an app or software could be malicious. The survey also revealed people take big security risks with passwords. 42% of people reuse passwords on multiple websites and alarmingly, 31% of people use a birthday as a password.
Businesses should take note of this survey. The survey was conducted on a sufficiently large number of people that it should be considered representative of the population as a whole and makes it clear that there is a need for cybersecurity awareness training to be provided by employers to bring the level of knowledge about cybersecurity up to scratch and be taught the importance of following cybersecurity best practices. Even people who are aware of the risks will take shortcuts for convenience, so businesses should also consider restricting access to certain websites.
If you want to improve cybersecurity, you should start with the human element and try to eradicate risky behaviors. TitanHQ offers businesses a comprehensive cybersecurity awareness training platform – SafeTitan – that covers all aspects of security and cybersecurity in the workplace. The platform can be used to improve understanding of risks and teach the best practices that should be followed at all times. The training content is gamified, interactive, and fun, and has been shown to be highly effective at eradicating risky behaviors. SafeTitan is the only behavior-driven security awareness training platform that delivers intervention training in real-time in response to risky behaviors by employees. When a risky action is taken, the platform automates the intervention and delivers the relevant snippet of the company policy and training content specific to that risk or threat.
Businesses can also take advantage of WebTitan Cloud – a DNS-based web filtering solution that prevents employees from accessing known malicious websites. When an attempt to visit a malicious website is made, the connection to the site will not be made and the user will be informed that the site has been blocked. Businesses can also use the category-based filters in WebTitan Cloud to prevent employees from accessing certain types of websites, such as those that carry a risk of malware infections. Peer-to-peer file sharing networks for example.
By educating the workforce on cybersecurity and implementing controls to restrict access to risky websites, businesses will be able to prevent more costly cyberattacks and data breaches. For more information on cybersecurity awareness training and web filtering, give the TitanHQ team a call.