Cyber security is an increasingly major issue and it is likely that businesses are more than aware of the risks and threats that face their company from hackers. However, with cyber threats now increasing and insider threats from employees now accounting for 70% of data breaches in companies, cyber security has become everyone's problem. While tech teams may be ahead of the game in terms of understanding the risks, recent data shows that the public's cyber security knowledge is worryingly poor, with American adults only being able to correctly answer an average of 5 out of 13 questions about cyber security issues.
What we know
The research, carried out by Pew Research Centre, tested over 1,000 adults on issues and terms to gauge their understanding of cyber security, and highlighted major knowledge gaps amongst the participants. While most people could correctly identify the most secure password from a given list, 17% still answered incorrectly, suggesting that they would be unable to protect their activity and data effectively with even the most basic level of authentication, leaving themselves and their employers at risk.
Public knowledge gaps surrounding more complex terms was more widespread, with 71% of participants unable to identify an example of multi-factor authentication. This highlights an inability to recognise the correct security procedure, therefore leaving them vulnerable to cyber attacks using fake authentication processes or fake screens to gain valuable information.
The dangers of uncertainty
Equally as concerning as the incorrect answers was the amount of uncertainty demonstrated by the participants, with many responding to the questions with 'unsure'. 70% used this response when asked if 'a VPN minimises the risk of using insecure Wi-Fi networks' and 73% admitted they were also unsure what a 'botnet' was. These responses are surely a sign that the language and terminology used around cyber security has not filtered into public knowledge, leaving people confused and lacking in understanding. From this, it means that when they hear or read about cyber security, the public are not getting the full picture, so the issue does not feel real for them.