Cyber-unsavviness: users reluctant to protect themselves

October 1, 2015

Kaspersky Lab recently launched an online quiz “Are you cyber-savvy”, and the first results are in. While oriented towards end-users, this quiz’s results may serve as another alert for businesses, especially those that are online-based.


About 18k people from 16 countries participated in the survey. It looks like a considerable portion of those people have somewhat substandard skills at identifying threats online and a vague understanding of cyber-safety.

  • 14% of those surveyed always use only one password everywhere. Have they not read stories about how reusing one password can be dangerous?
  • 35% of respondents continued private correspondence in all applications available; 13% of them did this from any available device. Well, here we “thank” manufacturers and their marketing campaigns promoting availability of data “everywhere, every time”, disregarding any possible safety setbacks.
  • 29% of respondents believe that no precaution measures are necessary when buying online, as the websites of major companies are well protected. Simply put, they think that it’s up to their bank to protect them from any kind of security failure, fraud included. Banks have a little different POV here.
  • 34% of users, instead of an audio file, were ready to download a file with an exe. extension, i.e. most likely, a malicious program. No comments.
  • 19% of respondents would prefer to disable antivirus software if it prevents them from installing a program. No comments as well.

A few extra details:

12% of users are ready to add friends on social networking sites indiscriminately (only people older than 18 were surveyed, so it’s not about inexperienced children adding every one they meet on Facebook) and 26% of respondents click on the link received from a friend with no question.

On the brighter side, it looks like the “ostentatious lifestyle” online is almost over: the majority of people surveyed (61%) only make their full names and profile pictures available for public viewing on social networks. Other information (posts, private pictures, etc.) is kept under wraps. Only 8% say they don’t care at all about their privacy settings.

This carelessness may become very problematic – we’ve touched on this topic a couple of years ago: a laborious and motivated cybercriminal can obtain enough data from disparate personal publications of a certain person to carry out a successful spearphishing attack against his or her colleagues at work. And at this point “parading” your life online becomes unhealthy career-wise.

So you think you can tell…

A more troubling finding of the survey is that three quarters of users are unable to tell an original webpage from a fake one: Only 24% of users could identify an original webpage without selecting a fake webpage as well.

This means that there are vast possibilities for phishing – and a lot of easy prey for phishers. Combined with the fact that only half (51%) of users really check whether the website address is correct and if the website is authentic when making a purchase online, the overall picture looks troubling. Businesses working with finances lose huge sums annually to fraud online, while users seem to stay either careless or undereducated about phishing and fraud and how to counter it. Moreover, they expect to have all the necessary protection at the service’s side as much as they expect banks and payment services would reimburse the losses in a case of a fraudulent transaction.

An earlier survey showed that at least one-in-five users don’t do enough to protect their financial data online.

While it is certainly necessary to encourage end-users to educate themselves about cyberthreats and use the appropriate protective tools (such as Kaspersky Internet Security – Multi-Device and Kaspersky Total Security – Multi-Device) businesses should also take the reigns.

The Kaspersky Fraud Prevention platform allows banks and other organizations to protect financial data and prevent fraud even if users are careless when dealing with money online.

The bank has the option of installing a protection solution directly on customer devices, including mobile devices, or using platform components that can remotely detect if a device is infected by malware designed to steal money.

Take a look at the quiz here.