In a recent study, the Pew Research Center developed a brief survey designed to test user familiarity with secure cyber practices and related issues, such as strong passwords, phishing and two-factor authentication. Researchers conducted the poll online, submitting 13 questions to a random sample of adult internet users living in the United States.
Here are the key findings:
- The typical (median) respondent could answer only five of the 13 questions correctly.
- Only one in five respondents could answer more than eight questions accurately.
- Just one percent of the test-takers received a “perfect score” by correctly answering all 13 questions.
There were some nuances to the results, such as younger users and those with higher levels of education more likely to score better than the average. But overall, Pew researchers discovered that “many Americans are unclear about some key cybersecurity topics, terms and concepts.”
Unwelcome news for consumers and companies of all shapes and sizes, as personal and business networks of all types continue to weather an escalating siege of cybercrime. Earlier this year, Symantec Chief Executive Greg Clark told CNBC that as many as four in every 10 North Americans have been victims of some sort of cyberattack in the last 12 months.
And per a recent report by Osterman Research, most prevalent among those attacks are ransomware and phishing – forays focused on human fallibility rather than technological weaknesses. Osterman canvassed IT security executives at large organizations and was told that occurrences of ransomware and phishing are growing several hundred percent each quarter in some companies.
So, if basic knowledge of cybersecurity is low and instances of cyberattacks targeting human frailty are high, how can businesses hope to cope with cyber risk?
According to CompTIA’s new study The Evolution of Security Skills, a multi-faceted approach is the best protection.
“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” Seth Robinson, CompTIA’s senior director, technology analysis, said in a news release. “But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.”
Osterman analysts agree with Robinson and place “security awareness training” at the head of a list of best practices that they say also should include deploying detection systems, regularly searching for and fixing network vulnerabilities, maintaining good back-up routines and minding threat reports.
But perhaps our best advice in today’s atmosphere of “cyber-insecurity” has been not to go it alone. As what Symantec’s Clark called a “very big crisis” continues to get bigger, more and more IT Managed Services Providers (MSPs) are specializing in helping businesses deal with cyber threats. See our post “Is Your IT MSP a Cyber Security Guru?” for help finding one that fits your organization.
(NOTE: You can test your cybersecurity acumen by taking the Pew test here.)