"Passwords are like underwear: don't let anyone see them, change them often, and don't share them with strangers." This quote comes from Chris Pirillo, founder and CEO of the LockerGnome blogging and forum community, and refers to something that, in theory, we all know very well in the digital society: passwords are sacred. However, the reality is quite different from how it should be: often they are not remembered, not changed regularly, or poorly managed.
And that's not the only mistake we continually make in an area as fundamental to the digital divide as cybersecurity. The insurance company Chubb, in collaboration with the research firm Dynata, recently published its third annual Cyber Report, compiled last May from data obtained from 1,223 surveys in the United States, stratified by gender, age, region, and socioeconomic status. The results hold up a mirror to some practices that should have been eradicated but, for whatever reason, continue to exist.
Both users and companies
And it is striking because, according to the data, 8 out of 10 respondents are concerned about cyberattacks, but barely more than half (41%) use security software. The figure is even lower, at 31%, when asked specifically about regularly changing passwords. These last two figures, software and password changes, remain flat year after year, so awareness campaigns on the subject do not seem to be having much effect.
From the behavior of the average user, we must extract the answers found for the case of companies. It is possible that in this segment, the homework has been done better. But no: training of some kind for employees remains stagnant, with a third (33%) of affirmative responses, almost the same proportion as in the 2018 data (31%). Virtually the same number of companies (32% in 2018 and 33% in 2019) mitigate access to social media in some way, and a slightly higher number (38% and 40%) have some form of online content filtering system in place. The risk lies not only in the low figures, but also in the lack of awareness of the issue, as the vast majority (75% in 2018, 70% in 2019) rate their companies' cybersecurity practices as nothing less than "excellent" or "good."
Another significant contradiction can be found in the medical data. Although, as we have seen, 8 out of 10 respondents are concerned about cybersecurity in general, only 1 in 4 (27%) consider the breach of medical records to be something to pay attention to. "If people knew that a compromised medical record often provides enough information to completely steal one's identity, they would probably be more concerned," states the Chubb report. This finding probably reflects a lack of information about the nature of medical identity fraud and the increase in such attacks, which has risen by no less than 1,800% since 2009.
Young people and success
Another surprise in this report comes from the age segmentation. Apparently,millennials and digital natives should come out on top in this survey, yet the data tells a completely different story when it comes to basic cybersecurity actions. For example: deleting suspicious emails. Who does this most often? Debunking myths: people over 55, 77% of whom do so, compared to 55% of those aged 35 to 54, and a meager 36% of those aged 18 to 34.
However, this data must be considered in relation to socioeconomic segmentation. It is striking that those profiles that we might consider "successful" due to their status are also the most "lazy" when it comes to these and other practices. Thus, only 4 out of 10 (43%) delete these suspicious emails, 6 out of 10 (59%) monitor their bank accounts (78% in the total sample), 5 out of 10 take precautions with their medical identity (76%), and 1 out of 4 review their online purchases (36%).
However, these profiles pay more attention than average to the reputational impact of their online activity or information about their businesses and properties. In some ways, it seems that successful profiles are more in tune withmillennials and digital natives, who also care about their reputation. In fact, one of the biggest concerns of thispremium segment is related to the age they project compared to their actual age. A "Peter Pan complex" that ties in well with younger generations.
We like risk
This brings us to another relevant point in this cyber health check: social media. Only a small percentage consider the main platforms to be "very secure," ranging from 24% for YouTube to 15% for LinkedIn. However, there does not seem to be much awareness about the personal information that is shared: photos of pets (37%) or children (36%) are more or less the norm, largely because that is what people expect to see in other people's content. What people enjoy most is precisely looking at photos of babies (45%) and travel (43%), despite the fact that informing others about one's travels is particularly inadvisable due to the potential risks involved.
All these contradictions between concerns and actual actions regarding cybersecurity represent precisely the greatest opportunity for those who want to and know how to take advantage of them. Whether as citizens or as businesses, it never hurts to keep in mind the words of Stéphane Nappo, Chief Information Security Officer (CISO) at the server company OVH: "It takes 20 years to build a reputation, and just a few minutes of cyber incident to ruin it."
Photo byNahel Abdul HadionUnsplash
