End-users, often viewed by infosec specialists as a company’s weakest link, finally seem to understand the importance of good security and privacy practices.
Since 2019, more US consumers have taken steps like using stronger passwords for their home Wi-Fi networks, using multi-factor authentication (MFA), blocking or deleting all cookies on their web browsers, and deleting smartphone apps, who they suspect collect too much personal data or, according to a study, do not adequately protect this data [PDF] from Aspen Digital Institute and Consumer Reports.
This is all good news for companies, which are seeing more of their employees working from home and accessing more applications and data from the cloud and other locations outside of their company’s central data centers.
“Among the security habits examined, consumer privacy and security practices have improved over the years as consumers have made changes to update and protect themselves and their personal information or data,” the report’s authors wrote. “These increases vary by practice. Since 2019, a large number of people have adapted the use of multi-factor authentication against a stagnant change for people using a password manager or virtual private network.”
Consumer Reports surveyed 2,103 adults in the United States via telephone and Internet.
The right season
The report comes during National Cybersecurity Awareness Month, a program launched in 2004 by the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) to focus on what individuals can do to protect against cyber threats.
The report doesn’t elaborate on why attitudes are changing for the better, although Bruce Schneier, a fellow and lecturer at the Harvard Kennedy School, wrote in the report that some findings — such as consumer distrust of the use of Companies don’t do this with their data – shouldn’t come as a surprise.
“Surveys consistently show that people are concerned about their privacy, both from governments and from companies,” Schneier wrote. “The reason people often fail to address these concerns is because they feel powerless. There are often no easy ways people can protect the privacy of their personal information, nor are there any reasonable alternatives to the technology monopolies that make surveillance their business model.”
Dominant companies like Facebook, Google, Twitter and Amazon have long been suspected of the vast amounts of personal data they collect from their billions of users and how they use that data. As the saying goes, if a company doesn’t charge you for a product, you are the product.
Familiarize yourself with authentication
According to the survey results, US users appear to be getting the message through passwords, often the primary method of authenticating identities, despite efforts by Microsoft, Apple, Google and others to push biometrics and other options. In 2019, 74 percent used a strong password—defined as at least eight characters plus uppercase and lowercase letters, numbers, and symbols—for their home Wi-Fi networks. Three years later, that number is 88 percent.
Additionally, 85 percent of providers now require a password, PIN, or methods like touch or Face ID to unlock their smartphones — compared to 69 percent in 2019 — while 77 percent of users use MFA to log into online accounts . That number was 50 percent in 2019 (although at the time the question was about two-factor authentication).
Elsewhere – using a password manager tool, a VPN, or using the “private” or “incognito” feature on their smartphone – consumer usage improved slightly, but was still at relatively low levels and, in some cases, moving around the third range.
Fluctuating trust in data protection
Despite the improvements, however, a slim majority – 52 percent – of respondents said they were at least reasonably confident that personally identifiable information, such as their social security numbers and health and financial information, is private and will not be shared without their knowledge.
However, 75 percent said they are at least somewhat concerned about the data companies collect about them and how that data is stored.
According to the report, 33 percent said the federal government has the greatest responsibility for protecting their online privacy, about the same as three years ago. However, there has been a shift away from businesses — 32 percent said they were the most responsible this year, compared to 42 percent in 2019 — and toward consumers themselves. About 25 percent said that year that users are primarily responsible, up from 17 percent in 2019.
High profile attacks promote awareness
Darren Guccione, co-founder and CEO of zero trust software maker Keeper Security, said The registry His company saw a similar growth in security awareness among individuals, noting that the number of people who bought their secure password management software increased 11.3 percent over the past year.
The constant stream of news about high-profile cybersecurity incidents, according to Guccione, had the “silver lining” of raising awareness that people need to take proactive measures like implementing MFA and strong passwords, as well as regular software updates.
“As consumer awareness of the critical importance of cybersecurity continues to grow, cutting-edge technologies such as gesture-based controls and biometrics, as well as improved user interface design, combine security with usability,” he said. “This actually has a transformative and positive impact on enterprise-wide adoption, which in turn improves the overall security of the organization.”
Casey Ellis, founder and CTO of crowdsourcing security company Bugcrowd, shared Guccione’s perspective. While cybersecurity has long been an issue, up until seven to 10 years ago, most awareness efforts came from security experts “preaching from the street-corner soapbox.”
That has changed. Cybersecurity is now a “dinner table topic, and anything discussed around the dinner table often enough ends up in the boardroom,” Ellis said The registry.
“The consistent and increasing cadence of security breaches, along with the increasingly personal and uninsurable nature of the consequences of security breaches, is making even the most non-tech savvy consumer aware that cyberspace is an extension of their personal realm, and therefore the security and privacy of that space is something that affects them as individuals. I think the main shift here is that people who think like this are no longer seen as outliers, but as the norm.” ®
https://www.theregister.com/2022/10/10/users_security_privacy_tools/ More and more users are taking cybersecurity tools seriously • The Register