Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/5/2020
11:25 AM
50%
50%

Online Users Feel Safe, But Risky Behavior Abounds

New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.

Most home users and workers consider their devices "sufficiently secure," but more than a third never check for updates to their security software and more than half regularly connect to unprotected Wi-Fi networks, according to a new report from the National Cyber Security Alliance (NCSA).

The research also shows a divide between younger users and older users of technology. A bit more than a third of people were working from home due to the coronavirus pandemic, but far more younger people — 47% of 18- to 34-year-olds — make up the remote-working population. Most remote employees, however, did not take additional steps to secure their devices, such as by using two-factor authentication (2FA) and updating security software.

Related Content:

Zero-Trust Efforts Rise with the Tide of Remote Working

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

The report, based on a survey of 1,000 Americans, suggests workers and home users have too much confidence in how well they have secured their devices against online threats, says Sylvia Layton, chief operating officer at the NCSA, adding that the older demographic seemed to be more cautious and more vigilant with their data when they use connected devices.

"People tend to feel more confident in their security practices than they are," she says. "We often assume that the younger generation will take more action to protect their data, but it turns out that older people seem to be a little bit more cautious than the [overall] population."

The survey, which comes at the end of October's annual National Cybersecurity Awareness month, found about eight in 10 people felt moderately to highly confident in the security of their data and devices. Companies have made securing their remote workers a priority, with more than three-quarters of firms embarking on improving remote working and more than half of security teams worried about the level of visibility they have into the security state of their company's distributed workforce, a separate July survey found.

For the most part, 18- to 34-year-olds tend to have better security practices than 50- to 75-year-olds — with 89% of the younger group at least somewhat likely to use 2FA compared with 70% of older people, the NCSA reports. In addition, 83% of younger people check their software updates at least every two to three weeks compared with 63% of older people.

Yet much of the shortfalls in security came with work-from-home habits, with only 39% of all workers using 2FA on all their devices and 38% regularly updating their antivirus, anti-malware, and firewall software, the survey found.

"There is room for additional training, and it needs to be consistent, and it needs to be on a regular basis. It's not a one-and-done type of thing," Layton says. "In a sense, everyone is their own IT guy at home. We cannot call the IT guy at work anymore and say, 'My computer is having problems.'" 

Those work-from-home habits also show older and younger people focus on different types of security. More younger users (46%) enable 2FA on their devices, for example. Yet only a third of them update their anti-malware and firewall software compared with almost half of users aged 50 to 75 years old. And younger users are almost twice as likely to use public Wi-Fi hotspots compared with older users.

The responses support the idea that younger users are just more likely to use new technology, be it the latest devices, new security measures, or ubiquitous wireless, says Layton.

"The younger generation grew up in the digital age, and they have a higher level of comfort in using technology that that older generation might not."

For organizations, the survey could inform training content for different generations of employees. Older workers may need to be introduced to the latest technologies, while younger workers will likely have to be taught to be more cognizant of the risks.

In addition, companies should make sure they are focused on creating a secure infrastructure for their distributed workforce, Layton says. 

"Always investing in the right technology upfront is always better than waiting until you have an incident, or a hack, or a ransomware attack down the road, which will cost you more money than if you had invested in the best solutions," she says.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.