The question of ordinary users\u2019 awareness of cyber threats and the scope of their knowledge about them may seem philosophical or rhetorical, but only at first glance. The results of studies and surveys show that ordinary people\u2019s awareness of threats unrelated to strictly \u201cconditional\u201d viruses or Trojans is very low. Meanwhile, the understanding of problems that network users may encounter now directly affects the well being of his\/her employer. That is without mentioning the comfort of a user whose computer would have been crippled, or a bank account compromised by attackers via a user\u2019s mobile device.<\/p>\n
Here are the most common examples. If an employee who has just joined the company does not know the basics such as not running email attachments without checking if they are forbidden.\u00a0 Such behavior may threaten the entire company. In most cases, there are various foolproof solutions enabled in corporate networks, but it does not mean incorrect user actions can be absolutely dismissed, and that there is no more need to teach employees the basics of IT security.<\/p>\n
According to the survey<\/a> of user attitudes to IT security, which Kaspersky Lab and B2B International conducted in August 2013, the awareness of end users on topical IT threats leaves much to be desired.<\/p>\n Most users have a common understanding of threats, i.e. know that they exist at all. About 50% of the respondents in our study indicated that regardless of the operating system a mobile device or a computer can be considered safe only with the installed means of protection against information threats.<\/p>\n Nevertheless, too few are willing to take any additional security measures. For example, as much as 17% of users do not take any steps to ensure more safety of their passwords to financial and\/or billing services accounts<\/a>, while 39% of people in the whole world prefer to use one or just a few passwords for the whole range of resources they visit. At the same time 63% of respondents admitted that their passwords are not hard to guess, and only 9% of users take extra measures to secure their passwords.<\/p>\n But if the majority of users generally know about such threats as malware \u2013 viruses and Trojans, the degree of awareness of the more exotic phenomena is very low.<\/p>\n For example, the information about cyber espionage campaigns like Red October<\/a> and cyber weapons such as Mini Flame and Gauss is being closely followed by 3% of respondents at best. 21% have heard something about Red October, 12-13% have heard something about Mini Flame<\/a> and Gauss<\/a>.<\/p>\n But let us say that an average user is not very endangered by messing with that kind of stuff, if he or she is not engaged with banking or governmental organizations.<\/p>\n The same \u201cgraceless ignorance\u201d is demonstrated by users en masse when it comes to much more common threats. For example, only 6% of the respondents know about zero day vulnerabilities and exploits. 21% \u201chave heard something\u201d and 74% have no idea what they are.<\/p>\n A similar pattern is observed in the case of botnets: 6% know what they are, 24% have heard something, 69% are totally unfamiliar with the notion.<\/p>\n