Security

“The public and cybersecurity practices and knowledge” by Lee Rainie, Director of Internet, Science, and Technology Research at the Pew Research Center

To better understand how to secure an organization’s information assets properly, one must first understand the individuals you will be protecting. In the presentation, “The public and cybersecurity practices and knowledge” by Lee Rainie, director of Internet, Science, and Technology Research at the Pew Research Center, we are presented detailed findings on the general public’s knowledge of security measures, best practices, and Internet etiquette. By utilizing the information gathered by Rainie and Fact Tank, we, as cybersecurity professionals, can further understand how to defeat the most significant threat to information security there is, the human element.

While we all already possess some knowledge of the dangers that face the general public regarding cybersecurity issues, Raine takes it a step further by providing percentages of common security threats, breaches, and attacks. Of the population surveyed, 41% had noticed fraudulent charges on their credit cards, 35% had received notice of compromised personal data, 16% reported hacked email accounts, 15% had social security numbers compromised, and 14% reported having a line of credit or a loan taken out in their name. Furthermore, 13% of participants noted of unauthorized social media account assumptions, and 6% had their tax refunds stolen. In summary of all of the abovementioned concerns, 64% of participants reported that they were victims to at least one of them (Rainie, 2017). What do such staggering numbers mean to us, as cybersecurity professionals? The public’s use of standard personal security practices is lacking, thus shining a light on the dark area that is the fight to protect both them and the companies they work for.

To understand the level of security concern we should have towards the average employee, Rainie shares, as an example, the percentages of how people keep track of their passwords. While 86% of the participants remember passwords in their head, and 65% do this often, 49% reported that they simply write them down on a piece of paper. Even more alarming is the fact that 24% noted that they save their passwords on a note on a computer or mobile device. While there are existing secure password storage methods such as password management programs, only 12% of participants reported using them, while only 3% stated that they sometimes use them (Rainie, 2017). As many companies do not have a clean-desk policy or proper password management policies and procedures, Rainie’s findings should strike fear into the heart.

                Next, Rainie explored the knowledge that the participants possessed regarding adequate security measures. In the survey’s results, 75% of individuals were able to identify the most secure password out of four options, while 8% were incorrect, and 17% were not sure. When asked if Wi-Fi traffic is encrypted by default on wireless routers, only 45% of participants responded correctly, while 11% reacted incorrectly; a shocking 44% stated they were not sure to the question (Rainie, 2017). Now is when things get interesting. Of the participants in the survey, only 10% could identify a correct example of multi-factor authentication when presented with a set of images; 71% of them were incorrect, and 18% were not sure. As multi-factor authentication is one of the best methods of securing the many logins we use daily in and out of the office, the fact that the public is so lacking in its general knowledge is reason to worry.

TL;DR

Lee Rainie of the Pew Research Center presents staggering percentages and shocking tendencies showcasing the improper knowledge of surveyed participants regarding basic security best practices and proper internet etiquette. Starting by highlighting the significant portion (64%) of users who report credit fraud, hacked accounts, and other forms of security breaches, it is imperative that we understand the human element of cybersecurity. The presentation next addresses and tests the knowledge the participants have of methods to secure their data, accounts, and online practices. To summarize, only 10% knew what a proper multi-factor authentication example was. Armed with the knowledge presented in this article, we, as security professionals, can grasp the complex process of protecting our users from their biggest threat, themselves.

                Overall, I felt that this article is essential to understanding the building blocks of security. Without a solid foundation of knowledge of common cyberattacks and known best practices to defend against them (as well as what the general user knows), every additional layer of information security is rendered useless. The author had a clear purpose to compiling the data of this article as it shows us the many dangers of the human element in security; to accomplish this, the author presented various percentages and facts about the lack of understanding of proper online security practices. I did notice some gaps in the article, as it was in the form of a presentation; it lacked a written description of how the study obtained the information, the number of participants, as well as what figures on each slide were percentages. The manner in which the author presented the data was excellent, as it, in order, shows the dangers of cyberattacks regarding the often-limited abilities and knowledge of the human element. The world is not a better place directly due to this article; however, armed with its knowledge, I believe one can begin to educate an organization’s users further and warn them of potential dangers, both in real-world, business, and personal arenas.

References

Rainie, L. (2017, May 22). The public and cybersecurity practices and knowledge. Retrieved April 8, 2020, from https://www.pewresearch.org/internet/2017/05/22/the-public-and-cybersecurity-practices-and-knowledge/.

Hadnagy, C., & Wozniak, S. (2018). Social Engineering; The Science of Human Hacking (2nd ed.). Newark: John Wiley & Sons, Incorporated.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s