In spite of expanded familiarity with cybercrime and potential repercussions of online security, Australians keep on having a carefree demeanor towards online security, as indicated by review of more than 1000 nearby purchasers. This state of mind continues into the working environment and can put organizations at hazard.
Surprising that the individuals who have endured a cyberattack in the past frequently keep on engaging in dangerous online practices, for example, sharing passwords. Here are the full subtle elements of the study.
Security merchant Norton by Symantec directed a worldwide review crosswise over 21 nations and accumulated reactions from 1005 purchasers in Australia. The goal was to gage the demeanor of Australians with regards to ensuring themselves on the web. Considering Australia is a standout amongst the most famous target nations for cybercriminals, particularly with regards to ransomware, the discoveries are not empowering.
“Australians are generally becoming more aware of the risks when going about their business online, they’re just not taking basic steps to address that,” Symantec technology strategist Mark Shaw told Lifehacker Australia.
Around 76% of Australian consumers know they need to actively protect their information online, but most of them are still engaging in risky online behaviour. These include sharing passwords with other people (presumably family members) for online accounts such as Facebook, email and banking. One in four Australians can’t tell the difference between a real message and a phishing email which makes it more likely for them to click on malicious links. Those who have been victims of cybercrime within the past year are also more likely to be repeat offenders, often continuing their unsafe online behaviour, according to the report.
It’s troubling because these people know the dangers they face online; the awareness is there. For example, almost two-thirds (65 percent) of respondents said they believe entering financial information online when connected to public WiFi is riskier than reading their credit or debit card number aloud in a public place.
The problem is complacency. Despite knowing the dangers, consumers seem to have a false sense of security and innately trust technology vendors to secure their products, especially with internet-of-things (IoT) devices. Around 26% Australians that use connected home devices are relying on safety in numbers; they don’t think their devices are worthwhile for hackers to attack. But as we’ve seen in the recent massive Mirai DDoS attack that took down a portion of the internet, insecure IoT devices can indeed be ‘weaponised’ by cyber criminals.
Globally, 62% of consumers said they believe connected home devices were designed with online security in mind, according to the Symantec research. That’s clearly not the case. In recent years we’ve found out that a number of low-end connected device manufacturers don’t really pay a lot of attention on security. Many produce devices with default login credentials which are often left unchanged by their customers.
As security expert Bruce Schneier recently said at a US congressional hearing:
“Our computers are secure for a bunch of reasons. The engineers at Google, Apple, Microsoft spent a lot of time on this. But that doesn’t happen for these cheaper devices. “…These devices are a lower price margin, they’re offshore, there’s no teams. And a lot of them cannot be patched. Those DVRs are going to be vulnerable until someone throws them away. And that takes a while. We get security [for phones] because I get a new one every 18 months. Your DVR lasts for five years, your car for 10, your refrigerator for 25. I’m going to replace my thermostat approximately never. So the market really can’t fix this.”
Risky Online Behaviour In The Workplace
While the Norton By Symantec Report didn’t dig deeper into how consumers behave online at work, the research does imply that risky online practices of Australians can extend into the workplace and put businesses at risk, according to Shaw.
“For example, phishing scams which have been around for over two decades, have become so sophisticated that Australians still have a hard time identifying fake emails from legitimate emails. According to the research, one in four in Australians cannot detect a phishing attack, and another 15 percent of Australians have to guess between a real message and a phishing email. If phishing emails come through on company connected devices, then clearly this behaviour can put businesses at risk too. “The reality is most people aren’t truly sure how to tell a real email from a fake email. Only half are doing it the right way by looking to see if the email is asking them to take a compromising action, like downloading attachments or sharing their passwords.”
Ransomware is also known to spread through phishing email and cyber criminals are increasingly targeting businesses..
In 2014, a study by security vendor McAfee showed that 80 per cent of office workers were sucked in by phishing emails.. The situation has improved since then but earlier this year, a study by Duo Security found that one-third of employees are still falling for phishing attacks, putting their organisations at risk.
Last week, BAE Systems worked out the average cost of a cyber attack on Australian is over $622,000.
To help end-users avoid falling victim to email phishing scams, we have a quick 10 step guide here.
Here’s a question for our readers: Has your organisation ever suffered a cyberattack because of a mistake by an end-user? Let us know in the comments.