Survey Finds Many Employees Don’t Care Much About Cybersecurity
Although what should be second nature for anyone working at a computer, it appears that a wide spread of employees aren’t taking the proper care regarding online security. In a 2018 survey by SailPoint, around 1,600 employees across Australia, Germany, France, Italy, Spain, the UK, and the US were quizzed on their cybersecurity habits, and the results were eye-watering to say the least.
75% (every three in four) of the responders admitted that they were reusing the exact same password across multiple accounts – sometimes even across work and personal accounts. This is a shocking figure, especially when we consider that the same test was done in 2014, and that figure was 56% – let’s hope things don’t rise substantially again by 2022.
This lack of concern or even awareness for our own cybersecurity comes at a time where the UK is being urged to do far more with regards to managing online threats. The memories of the 2017 WannaCry cyberattack are still very fresh for the NHS, for example, whereby a staggering £164m was reportedly spent in order to deal with the crushing blow received to the health service.
Despite such high profile cyberattacks to well-known institutions like the NHS, as well as corporations like Sony and Yahoo, the results of aforementioned study suggests something quite disconcerting: unless cybercrime happens to you personally, then it doesn’t really matter much.
Cybercrime is broad and ever-changing and, like a mirage in the distance, just when you think you’ve got it figured out, it evolves once again. True, cybercriminals are smart and cunning, but if no one knows or cares about cybersecurity and the current dangers going on right now, then we’re all fighting a losing battle.
Is it a little bit funny that Japan’s cybersecurity minister, Yoshitaka Sakurada, recently admitted that he doesn’t use computers and isn’t familiar with cybersecurity topics? It’s amusing, but it’s also a very telling revelation that the world, in general, is woefully ignorant and ambivalent to the apparent quiet war that is cybercrime. However, when it’s reported that bank customers in the UK lost £500m in the first half of 2018 alone, one has to wonder why no one is screaming about the sky falling already.
The Great White North Remembers
Elsewhere in the world, Canada is apparently taking the fight to cyberattackers head on. A recent ESET Cybersecurity Barometer survey of 1,000 people in the nation revealed that 9 out of every 10 Canadians believed that cybercrime was an issue more important to tackle than money laundering, terrorism, or human trafficking. Canada is not alone in thinking that more needs to be done to combat cybercrime, yet at least some banks in the country are taking things into their own hands. The Toronto-Dominion Bank, for example, has employed a team of ethical hackers to test its own online security systems in any way they can.
“We’re doing it exactly how our adversaries would do it … So if we find a weakness or something like that, we can close it or address it before a real attacker,” said Alex Lovinger, TD Bank’s vice-president of cyber threat management. Clearly then, this DIY technique is spreading fast throughout Canada and is perhaps the most cost-effective way of battling cybercrime: pay a small sum now to avoid losing a huge sum later.
“Scotiabank has used and continues to use third-parties to handle this penetration testing. However, because the volume of global cyber threats has significantly risen, the bank wanted to have its own capabilities in-house and created its own red team this year,” said the bank’s chief information security officer, Steve Hawkins. “Hackers now sit on a wealth of information … that they can now leverage to do more targeted attacks.”
Banks getting their act together is one thing, but at the end of the day, it will still come down to the user to be vigilant and savvy of how cybercrimes work and the tricks employed. The old “Nigerian Prince” scam might be made fun of to this day, but it still netted con artists millions of pounds, and similar scams, primarily through dating websites, continue to plague our online world. The occasional TED Talk helps to bring awareness in an informal setting (watch the hilarious video by James Veitch below) of the methods used by scammers, but until the day comes when everyone knows about the tricks, they will continue to work on innocent victims.
If you’re not already aware of good online security habits, then follow these ASAP:
- Stop thinking it can never happen to you
- Keep smartphone and laptop software up-to-date
- Don’t click links in an email from unknown senders
- Your friends and family’s email accounts can be hacked, so even if they appear to send a link, don’t click anything if you’re suspicious
- Phishing scams aren’t just on email, but often via the phone too
- ‘Password123’ just won’t cut it. Use strong and diverse passwords for all accounts. Password managers tools like LastPass and Dashlane can help keep track of all the