A recent BT survey shows that 60% of people fear a home break-in more than a digital crime. The survey of 2,000 people looked at attitudes around cyber security. BT has decided to keep the details of the survey such as questions and responses secret. Despite this the results are broadly in line with other consumer surveys conducted over the last year.
Alex Dewdney, NCSC Director for Engagement, said: “New research from BT suggests a mismatch between ‘awareness’ and ‘action’ when it comes to cyber security. People say they see the effects, but are finding it hard to take the steps needed to avoid on-line fraud. Most people say they are as confident in their home’s digital security as they are its physical security.
“In reality we think more support is needed to help people understand how they can stay safe on-line. The government’s new National Cyber Security Centre is working with BT and other key partners to meet this challenge and find ways of enhancing cyber security for all.“
Consumers just don’t understand the risk
The survey results show a startling lack of awareness among consumers around digital attacks. But are they accurate? This is a very good question. One response says that only 10% of people think their Wi-Fi or smartphone could be the source of a crime. Until the recent Mirai malware attack on routers, router security had been good. As we now know, there are flaws in the software of several routers that leave users at risk.
Consumers are also making increasing use of online services such as banking and shopping. To save time they store their passwords on computers and mobile devices. This makes them important targets for hackers. Once they take control or gain access to a device they can steal digital identities.
The problem, as shown by the survey, is that the majority of people do not use effective security products. The press release states: “Only a third of parents and guardians (36 per cent) take advantage of parental control technology to manage web access. This is despite the fact that almost half (49 per cent) of parents are concerned about their children falling victim to cybercrime and 39 per cent admitting that their child has accidentally seen inappropriate content online.”
There is also an increase skills gap between the generations. Tech savvy younger generations are capable of working around a lot of the security software used by parents. Despite this they are also much less security and privacy aware than their parents. 40% admit to password reuse. They also give away a lot of personal data via social media and click on links without checking them.
Mark Hughes, CEO, BT Security, said: “People must ensure that they are protecting themselves and their family from increasingly sophisticated cyber threats such as phishing emails, malware, and inappropriate web content. Customer protection is a top priority for BT. We are continually developing our security portfolio to ensure our customers have best-in-class, built-in internet security across all web-connected devices, through solutions such as BT Web Protect, BT Virus Protect and BT Parental Controls.“
Consumers not the only ones with dubious security skills
It is not just users that seem to misunderstand the issue. When Talk Talk customers were hit last week hackers gained access to user passwords. The security advice from the company was to do nothing unless you really felt you had to. This shocked experts and shows that the risk to the home is not just from consumers lack of knowledge.
There is also a significant risk to the home from Internet connected devices. Many of these have little to no security yet are connected to home systems. This is because manufacturers in their race to be part of the Internet of Things have often ignored security. Weak security allows hackers to take control of those devices and use them in cyber attacks.
Attackers are also quick to take advantage of weak network security to use a consumers Internet. They use that connection to upload and download copyright protected material and even illegal material. As the connection is not registered to them then the homeowner are the ones initially investigated. With media and content companies stepping up campaigns to recoup monies lost to illegal downloads this causes problems.
Internet security is a mess. From businesses to consumers security awareness is weak. One of the causes of this is security fatigue. Rather than create more secure devices the industry tends to focus on victims errors. This naming and shaming does not help. It will be interesting to see if the government plan to force ISPs to block porn is successful.
The new National Cyber Security Centre wants to see ISPs do more rather than leave it to customers. It might want to start by improving the security advice issues by ISPs such as Talk Talk. There is also a need to get consumer legislators involved. Mandating a minimum level of security for Internet connected devices in the home would be a good start. Without fixing that efforts to educate consumers will have limited success.