In a recent study, the Pew Research
Center developed a brief survey designed to test user familiarity with
secure cyber practices and related issues, such as strong passwords,
phishing and two-factor authentication. Researchers conducted the poll online,
submitting 13 questions to a random sample of adult internet users living in
the United States.
Here are the key findings:
typical (median) respondent could answer only five of the 13 questions
- Only one
in five respondents could answer more than eight questions accurately.
one percent of the test-takers received a “perfect score” by correctly
answering all 13 questions.
There were some nuances to the results, such
as younger users and those with higher levels of education more likely to score
better than the average. But overall, Pew researchers discovered that “many
Americans are unclear about some key cybersecurity topics, terms and concepts.”
Unwelcome news for consumers and companies
of all shapes and sizes, as personal and business networks of all types
continue to weather an escalating siege of cybercrime. Earlier this year,
Symantec Chief Executive Greg Clark told CNBC
that as many as four in every 10 North Americans have been victims of some sort of cyberattack in
the last 12 months.
And per a recent report by Osterman Research, most prevalent among those attacks are ransomware and phishing – forays
focused on human fallibility rather than technological weaknesses. Osterman
canvassed IT security executives at large organizations and was told that occurrences
of ransomware and phishing are growing several hundred percent each quarter in
So, if basic knowledge of cybersecurity is
low and instances of cyberattacks targeting human frailty are high, how can
businesses hope to cope with cyber risk?
According to CompTIA’s new study The
Evolution of Security Skills, a multi-faceted approach is the best protection.
“Building an impenetrable defense is no
longer practical and the mentality of preventing all breaches is outdated,”
Seth Robinson, CompTIA’s senior director, technology analysis, said in a news
release. “But a new, proactive approach combining technologies, procedures and
education can help find problem areas before attackers discover them.”
Osterman analysts agree with Robinson and
place “security awareness training” at the head of a list of best practices
that they say also should include deploying detection systems, regularly
searching for and fixing network vulnerabilities, maintaining good back-up
routines and minding threat reports.
But perhaps our best advice in today’s
atmosphere of “cyber-insecurity” has been not to go it alone. As what
Symantec’s Clark called a “very big crisis” continues to get bigger, more and
more IT Managed Services Providers (MSPs) are specializing in helping businesses
deal with cyber threats. See our post “Is Your IT MSP a Cyber Security Guru?” for help finding one that fits your
(NOTE: You can test your cybersecurity
acumen by taking the Pew test here.)