This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Earlier this year, we conducted a survey to discover consumers’ major concerns when shopping online. The answers were not surprising. A whopping 77.6% of respondents worry about websites being hacked.
But are these same consumers also concerned about their own devices getting hacked? And do they do enough to protect them? In the same survey we asked consumers about how they use their personal devices. Here are the results.
Are Consumers at Risk of Cyber Attacks?
The answer, unfortunately is a resounding yes. Eighty percent of our respondents admitted doing things online that put them at risk. The most popular were:
- Using open, unsecured wifi networks
- Clicking on social media links that are not familiar
- Using the same password for all logins
- Using weak passwords
Are Consumers Protecting Themselves?
Even though many consumers take risks, 85% of respondents said that they also take actions to protect their privacy and their data. For example:
- 46% said they deleted their history and cookies when using a public computer
- 38% of the respondents turn off location services on their phones
- 19.4% tape over their laptop camera (but they should visit our booth at events we attend, where we give out web cam covers for free!)
Are Any of The Respondents Paranoid?
Considering 80% of the respondents take risks online, this one is quite a surprise! Twenty-three percent of respondents said that when they book a property via Airbnb, they go through every room to check for cameras and electronic devices!
Do People Use the Same Password for All Online Logins?
85.5% of the respondents claim that they request a new password each time they need to login to a website. That’s a bit unpractical, but also unnecessary since the advent of password management software. However, it's just as silly to use the same password for all online logins. Here are some interesting statistics on that point. It's more than a little worrying to see that 84.8% of respondents use the same password, or a limited number of passwords, for their online logins.
What Services and Data Are Respondents Most Concerned About?
One of the most eye-watering statistics we uncovered was the 15% who said that they were not at all concerned whether hackers accessed any of their data or services! We have to conclude that these consumers simply do not understand the implications of having their data hacked. As for the rest, most were concerned about their email accounts, not surprising as it is one of the services regular consumers use most – for signing up to online services of all kinds, opening bank accounts, contacting lawyers, applying for jobs or even arranging mortgages, for example. The statistics in this category were as follows:
- 57% Email accounts
- 40.4% Files
- 30.2% Browser history
Here is the graph with all the possible responses and figures.
How Often Are Smart Home Devices, Computers and Mobile Gadgets Updated?
There are many security best practices consumers can follow to ensure their online security. One of the most crucial, and easiest, is to maintain updates on the devices and software you use. So, do people keep their phones, computers and tablets up to date?
- 20.25% never update their smart home devices
- 7.4% never update their computer's operating system
- 7.2% never update their mobile phone or tablet
These numbers are pleasingly low, indicating that more and more people are aware of the need for regular updates. However, check out the other side of the coin:
- 24.5% don’t know that smart home devices need to be updated
- 6.1% don’t know that their computer's operating system needs to be updated
- 5.5% don’t know that mobiles and tables need to be updated
Clearly, work is needed to raise awareness on smart home devices (also known as 'the Internet of Things' or 'IoT'). Now comes the really worrying part.
Who Should Be Held Responsible for Hack Attacks That Happen Because the Software Was Not Up to Date?
While 52% of respondents believe that the device owner should be held responsible for the hack attack (and we agree!), many others have other ideas:
- 33% believe the device provider should be held responsible
- 21% believe a third-party security company should be held responsible
- 14.2% believe that the government should be held responsible
It seems that many neither inform themselves well enough on what they are going to purchase, nor read the fine print. It also could be the case that vendors are not doing enough to explain things to consumers, who, it could be argued, cannot be expected to keep up to date with the myriad and finer points of web vulnerabilities.
Which Technologies Are Most at Risk of Future Hacks?
We left the most important question for last. If you are involved in the IT security industry, it is an easier job to keep yourself current with what security risks exist, which ones enable hacks and how protect yourself. You probably also have a very good understanding of which technologies, devices and software are targeted most, and why.
But what about consumers? What about those who do not work in the IT security industry? Which technologies do they think are most at risk of future hacks? The answers are not surprising because they are basically a reflection of what people hear in mainstream media:
- 53.1% think that web applications and online services are at most risk. I guess everyone heard about the Equifax hack and data leak or the Uber and Yahoo! data leaks.
- 45.2% think that smart home technology (IoT) devices are at risk. We're not surprised. Our security researcher hacked a smart TV from his bed!
- 44.7% think that ATMs are mostly at risk.
Web Applications Are at Most at Risk of Being Hacked
Could this answer be the result of everyone hearing about web application hacks, as reported in mainstream news? Or do consumers think that web applications are most at risk because they are more exposed to them (online services)? It's difficult to tell, though there is certainly room for improvement on both the part of companies who build web applications and consumers who use them.
So How Can We Reduce the Risks of Being Hacked?
Hackers are clever; consumers need to be clever too. As consumers, couldn't we all become more active in helping to secure our own data? We've all bought products without researching them and signed up to services without examining the terms. We use the same or similar passwords for multiple logins and don't change them regularly. We enable features that we don't understand. And we fail to update our devices. This article sets out some really simple steps consumers can take to chip away at the ease with which hackers exploit one of the biggest web vulnerabilities of all – indifference.
Web application development companies in turn can do three things to reduce the risks to both them and the data of those who buy and use their products:
- Cultivate a development environment where building more secure web applications becomes a central part of the SDLC
- Educate and update uninformed consumers on the significant risks they are subject to, and some very basic steps they can take to reduce them
- Take advantage of the web application security solutions available on the market and scan their web applications for vulnerabilities, before malicious attackers do!
Your Information will be kept private.