Impermium Study Looks at Consumer Attitudes on Internet Security

Unfortunately, many if not most of us have been victims of a virus or malware problem. This is not just at work where are talented IT professional can help us, but also at home and when we are out and about. Help can be problematic in those cases, and such problems can render our ability to interact useless. 

One would think that the growing assault by bad actors on our ability to experience all of the benefits of being connected would make us more cautious and proactive about availing ourselves of the protections we need. In an attempt to learn more about American’s limited adoption of two-factor authentication, levels of worry related to account compromise, and preferences for sites to offer less disruptive forms of protection, Internet security firm Impermium had Harris Interactive (News - Alert) conduct a study in June. The results are out, and they show that we all need to become better educated and better armed.


Image via Shutterstock

We are leaving ourselves vulnerable

As Impermium notes, the current state of cyber security, “has left U.S. Internet users anxious about hacks and password theft.  Despite constant victimization, the majority are not using two-factor authentication and are left without a widely accepted or deployed method of protection.”

Key findings from the survey, conducted June 7-11, 2013, among 2,046 adults ages 18 and older, are insightful and somewhat disturbing.  

When asked about the overall concern related to account compromise:

• 79 percent indicated at least some level of worry around e-mail account compromise
• 55 percent around social media compromise
• 71 percent around bank account compromise

Surprisingly, consumers remain reluctant to adopt two-factor authentication, with 16 percent of Americans saying they have not signed in with this process in the past because it was inconvenient. 

The granularity of the survey is also real food for thought. It found that while a majority of Americans have never signed into a website using two-factor authentication (75 percent), 77 percent of those who have not yet been a victim of account compromise are at least somewhat unlikely to continue using a site if their account were compromised. Additionally, while 65 percent of Americans have been victims of viruses, malware, and/or phishing attacks, only 25 percent have ever signed in with two-factor authentication as a preventive security measure.

Other key findings

And there was more. 

• 75 percent of Americans have not used two-factor authentication in the past
  • 27 percent decided against signing onto a website with two-factor authentication because they did not want to disclose their mobile number and/or because they found it inconvenient
  • 30 percent say that they have never needed to do this
  • 20 percent did not want to disclose their mobile phone number
• Respondents were split in terms of determining who is primarily to blame for account compromises
  • 39 percent believe websites are to blame by not offering or maintaining sufficient security features
  • 37 percent believe the consumer is to blame due to weak passwords or falling for scams like phishing
• When asked which types of accounts they are most worried about getting hacked, Impermium learned e-mail account compromise results in the most anxiety
  • 79 percent are at least somewhat worried about having their e-mail account compromised
  • 71 percent are at least somewhat worried about having their online bank accounts compromised
  • 55 percent of consumers are at least somewhat worried about having their social media accounts compromised
• When asked how worried they are about cloud data compromise, 43 percent of Americans responded they are at least somewhat worried
• A majority of consumers have been a victim of a listed online threat:
  • 56 percent of consumers have been a victim of a virus or malware infection on a computer
  • 37 percent have been a victim of a phishing attack
  • 26 percent have been a victim of account compromise (e.g., hacked, broken into, password theft)
  • 20 percent have been a victim of a social media phishing attack
  • 5 percent had a phone lost or stole that resulted in unwanted access to sensitive information

In commenting on the survey, Mark Risher, CEO of Impermium, explained, “Despite heightened awareness of cyber threats and a clear demand for account protection, Americans are still hesitant to adopt new prevention techniques…Two-factor authentication has been held aloft as a ‘silver bullet,’ but a security system that isn’t turned on provides no security. Only with intelligent, risk-based authentication mechanisms can service providers effectively protect users from account hijacking. Consumers and websites need an intelligent solution that is secure yet simple.”

While obviously a pitch for two-factor identification the survey does speak to a broader issue in general about how seemingly unknowledgeable all of us are about the risks we are exposed to and our apparent belief that bad things will happen to somebody else and not us, despite our refusal to obtain protection or use it when it is offered as has been done recently by Twitter (News - Alert), Gmail and Dropbox.  

Reality is that two-factor identification is not a complete “silver bullet” for preventing the bad guys from compromising our accounts and engaging in other malicious activities, but it certainly can mitigate a substantial amount of risk and if you are not using it you should be. You should also be using and keeping updated your anti-virus protection including for your mobile devices, and as point out in a posting I did recently about Juniper Networks Mobile Threat Report, if you are an Android (News - Alert) user you need to make sure you are running the very latest version of their OS. 

To quote what was always the last line of the opening police bullpen briefing that started each episode of the popular 1980s TV show Hill Street Blues, “Let’s be careful out there!”