A new study conducted by CompTIA has highlighted the risks that are being taken by end users, and suggest low awareness of security threats. End users’ lack of knowledge of basic security measures continually frustrates IT security professionals. End users are usually seen as the weakest link in the security chain, and the results of this study are unlikely to see many minds changed. The study also suggested the persons most likely to take risks and jeopardize security are in their early twenties: Gen Y.
Gen Y Has Low Awareness of Security Threats
One of the tests conducted was a relatively straightforward but ingenious test of risk awareness. CompTIA researchers dropped 200 unmarked thumb drives in locations that received high volumes of foot traffic. The researchers wanted to find out how many individuals would pick up the drives and plug them into their computers.
Thumb drives can be purchased cheaply, but are extremely useful. Finding one in the street may be seen as a lucky find. However, plugging such a drive into a computer carries a huge risk. There is no knowing what software is installed on the drive, and simply plugging it into a computer could easily result in malware or viruses being installed.
In this case, doing that just resulted in a pop up message being displayed which prompted the new owner of the thumb drive to send an email to the researchers to let them know that the device had been found and plugged in. In total, 17% of the 200 thumb drives resulted in a response being received by the researchers. Not all of the individuals who picked up the thumb drive will have responded to pop-up request to send an email to the study organizers, so the number of individuals who did plug in the drive may well have been higher.
The company also conducted a survey to discover more about end user awareness of security threats. Over 1200 completed surveys were collected by the company, and the results show that many end users are taking considerable security risks. Those risks could result in laptops, computers, and mobile phones being compromised. If IT security professionals were worried about end user risk taking before, they are likely to be even more worried now.
Numerous questions were asked; however, the most worrying statistics for security professionals is the volume of individuals who use the same passwords for personal accounts as they do for their work computers. The study revealed 38% of respondents did this, while 36% used their work email address for personal accounts.
Gen Y end users were most likely to take risks, with 40% saying that they would pick up and use a flash drive they found in the street, and 94% of respondents connect either their laptop computer or mobile to public Wi-Fi networks. Nearly seven out of ten individuals said they use their laptops for work purposes or to handle work-related data and 6 out of ten employees used employer-supplied mobile devices for personal applications.
While IT security professionals reading the CompTIA’s statistics may break out in a cold sweat at the excessive risks being taken by end users, there is a solution. That is to provide more security awareness training to staff. End users may be the weakest link, but with training, risk can be managed.If awareness of security threats increases, organizations will be better protected from cyberattacks.
Less than half of respondents reported having received any cyber security training, so consequently awareness of security threats was understandably low. Employees were not aware of the level of risk they were talking. Unless end users are shown how to be more security conscious, risky behavior is unlikely to decrease.