Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Do Consumers Really Care About Security?

The Unisys Security Index (USI) provides insight into consumers’ general security concerns. One of the index measurements is online security, and although this survey is conducted world-wide, the latest U.K. and U.S. results presented a similar finding: roughly half of the respondents are “seriously concerned” about malware, shopping or banking online. Furthermore, the stats show a 35% increase compared to last year’s U.S. stats.

The Unisys Security Index (USI) provides insight into consumers’ general security concerns. One of the index measurements is online security, and although this survey is conducted world-wide, the latest U.K. and U.S. results presented a similar finding: roughly half of the respondents are “seriously concerned” about malware, shopping or banking online. Furthermore, the stats show a 35% increase compared to last year’s U.S. stats. Clearly, we are worried. Unfortunately, it seems that we do not handle our fears well. Half a year ago, a Norton study showed that 65% of Internet users globally were a victim of cyber-crime. Yet, half would continue their same online behaviors despite being victimized.

By observing our online behavior and quick adoption rate of technology, we can safely say the following: as consumers, security is considered a nuisance.

Consumers Ignore Online SecurityWhen Consumers Don’t Really Care

Take for example our password usage. Less than a year and a half ago, the NY Times featured a front page news story showing that “123456” was the most commonly-used password, followed by “12345”. Twenty years ago “12345” was also found to be the most common password. This should not come as much of a surprise since habits are hard to break – especially when we do not foresee any security incentive to change our behavior.

Does such major breaking headline news provide consumers with better education? Not necessarily. Just a week ago, LastPass, a password management system, went public with news of a possible data breach. Even though individuals who use this service are considered relatively more security-savvy than the regular man on the street to begin with, the company still chose to issue an advisory that urged users to change their passwords since not all of them have chosen strong passwords.

As customers, Web application security is considered even more annoying than passwords. We choose our applications according to two main criteria: promise of delivery, and ease of use. Twitter vulnerabilities have not had any adverse effect on its customer-base growth rate. Likewise, Facebook users have largely vetoed security concerns, and we continue to party with Evite despite security woes.

This attitude also extends to smartphones. When more than fifty of Google’s Android apps were found to be malicious, Google urged users to remove those apps. Not all users adhered, which compelled Google to turn the “kill switch” and remotely wipe those apps from the phone.

When Security Indifference Affects Others

While we may not realize it, our lackadaisical approach to security affects also other consumers. For example, if someone has a blog built upon any one of the available blogging platforms and a security update is issued for that platform, it is the blog owner’s responsibility to fix it and prevent their readers from being infected. But given the lack of security awareness, this door is sometimes left wide open. Just last week, the Pakistani programmer whose claim to fame came by tweeting the U.S. raid against Bin Laden, had his blog hacked because he was using an old version of the WordPress blogging software. The unpatched software essentially left visitors to the programmer’s blog at risk of downloading malware.

Businesses to Take the Security Reins

Businesses can cry out day and night for consumers to protect themselves, but consumers have given up on this responsibility. It is time for online retailers and banks to learn how to deal with infected customers. The stakes of a compromise are too high, including direct and indirect financial losses that range from the costs of incident investigation to brand damage and regulatory penalties. Then there is the loss of the customer base.

Part in a Series on Cybercrime – Read Noa’s Other Featured Cybercrime Columns Here

Whether companies are ready or not, the consumers have already voted hands-down that client-side security is a business problem, and customers are not afraid to take their business elsewhere. The September UK USI survey for example found that nearly 1 in 10 users have switched banks due to security concerns.

Next Column – The Role of Governments in Respect to their Netizens

For now it seems consumers are concerned, but do not yet know to deal with the security threats imposed by the hacker industry. It is therefore left for the businesses to protect and serve their customers – whether or not they are security-aware. But what about the government? Do they have any impact on the security of individuals’ online behavior? Stay tuned for next column as I discuss the roles nations play with respect to their online citizens.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.