Survey results: What cyber security issues scare people most?
"There is a time to take counsel of your fears," General George S. Patton once famously said. Halloween marks the end of National Cyber Security Awareness Month (NCSAM). Let’s make this the time to take counsel of the cyber security fears that keep us up at night.
We asked more than 250 business professionals from across the country to share their concerns. Their answers seem influenced by recent headlines, the pending election, and the coming shopping season.
Biggest concern for business: hackers
More than half (52 percent) of respondents pointed to foreign hackers and domestic "hacktivists" as the greatest threat to US businesses. Recent discoveries and headlines about Russian and Chinese hackers feed an already charged atmosphere heading into the November elections.
What we should worry about: insiders
Do malicious outsiders really pose the biggest IT risk to companies? Numerous data breach reports and studies indicate otherwise.
According to a recent study conducted by Ponemon Institute [PDF], negligent insiders are more than twice as likely to cause a data breach as external culprits.
Biggest concern for consumers: identity theft
Heading into the holiday shopping season, three of the top four cyber security worries for individuals who responded to the Authentic8 survey were related to criminals stealing their identity: identity theft (80 percent), credit cards theft (78 percent), and phishing (66 percent).
Even an emotionally charged topic like surveillance seems to be less of a concern for business professionals. 59 percent were concerned about privacy violations and only 33 percent worried about government surveillance.
What we should worry about: malware
ID theft or phishing are merely abstract concepts for many consumers. Such schemes are hard to spot, which is exactly why they are so successful.
Malware is what makes them all work. Cyber criminals rely on malicious software, such as password-stealing keyloggers, to pull off their scams and heists. Malware like Zeus or Dyre can steal banking usernames and passwords. Such stealthy programs can cause major data breaches that result in millions of credit cards being stolen over the course of months or years.
Most at risk: government, banks?
60 percent of respondents think the government and banks are the biggest targets for hackers -- 30 percent see Government agencies, another 30 percent the Finance sector most at risk of a cyber attack.
Makes sense, doesn’t it? The government runs the country and controls vital information, and banks are where the money is, to paraphrase "Slick" Willie Sutton. The data breach at the federal Office of Personnel Management (OPM) alone affected more than 22 million federal employees and their families.
What we should worry about: healthcare and retail
Banks and government agencies make it increasingly difficult for hackers to infiltrate their IT. Because of the efforts required, healthcare organizations and retailers are a much more lucrative target.
That means that health insurance networks, hospitals, retail chains and restaurants are much more likely to experience major data breaches, with often devastating impact for patients, customers or patrons.
Highly visible consumer brands are frequently targeted by cyber crime syndicates, because they have access to the credit card information of tens of millions of people. Recent examples include Target and Wendy’s. Personal health information (PHI) stolen from healthcare providers can be used for medical identity theft and insurance fraud.
Such incidents can lead to financial losses for the victims, and even damage their health.
Victims of medical ID theft have to pay more than $ 13,000 on average to get their life back. Some are even denied medical care, due to unpaid bills run up by someone else in their name.
What can you do? Fight back based on facts, instead of fear.
Which brings us to the second part of the General Patton quote:
"...and there is a time to never listen to any fear."
Now that Cyber Security Awareness Month is almost behind us, with ample opportunity to take counsel of our fears, let’s take action.
It’s okay to be scared on Halloween. But when working away at your computer, don’t listen to diffuse fears of data vampires lurking in the Dark Web, or digital zombies.
Instead, push back Patton-style, based on the facts.
As pointed out earlier, the real threats are often mundane and overlooked. The good news is that they, unlike some bogeyman in the shadows, can be dealt with.
Professionals should take to heart the basics: upgrade your passwords, monitor your accounts, and keep your software up-to-date, especially your browser.
About the author: Scott Petry is Co-Founder and CEO of Authentic8. Before Authentic8, Scott was the founder of Postini.
Did you find this post helpful? Check out earlier National Cyber Security Awareness Month posts on this blog: