Consumers feel stressed about cybersecurity, but many are not taking action to better educate themselves or even verify their accounts for indicators that they have been hacked.
These are the findings of a Kaspersky survey of 2,500 consumers in the United States and Canada, with 64% of respondents saying news of ransomware attacks is causing them stress.
Almost seven in ten respondents (69%) said the news of data breaches stressed them about cybersecurity, and nearly two-thirds of respondents (64%) said compromising their bank account would cause them the no more stress.
Meanwhile, nearly half (48%) of all respondents said they had experienced some type of cybersecurity incident in the past two years, up from just 28% in 2019.
In the face of an ever-changing threat landscape, more sophisticated hacking techniques, and a growing desire by cybercriminals to collect information for their own benefit, organizations need to be more aware than ever of potential breaches. To combat cyber stress, educating consumers and employees is essential, as well as increasing cybersecurity protections for applications and software.
Educating users is a major challenge
According to a 2020 Kaspersky report, phishing and social engineering attacks on accounts receivable are the top challenge, cited by half of SMBs and almost half of businesses.
âTo protect customers from phishing and other types of attacks, organizations need to educate them on the tricks criminals can use,â said Rob Cataldo, Kaspersky general manager for North America. âThis includes sending information to users on a regular basis on how to identify fraud and what to do with it. “
He noted that as privacy and data protection have become a large part of our lives, more and more people want to understand and learn best practices for this, and added that it is also positive change, because user awareness is very important.
âMany companies also have blogs where they share this information and run campaigns to educate and inform more users,â he added.
Cataldo noted that one of the main risks for organizations is the use of outdated technology: with legacy solutions still in place, organizations are more likely to be exposed to financial and reputational damage.
âWith this in mind, constant updates should be a priority and employees should be made aware of the importance of regularly updating technology and software,â he said. âFortunately, we are seeing an increasing commitment by organizations to invest in IT security, which gives hope that we will see fewer attacks against them. “
Archie Agarwal, Founder and CEO of ThreatModeler, a provider of automated threat modeling, said any industry vertical that stores or processes personally identifiable information by consumers should be fully aware of a “security-first” approach to reducing the risk of harm. cyber stress of users.
He noted that heavily regulated industries such as banking are at the forefront of securing their customers, but concerns remain about less regulated industries such as dating apps, where the consequences of a breach can in some ways be more devastating to the person than a bank account. compromise.
Fear is not a good motivation
“As fear is not necessarily a good motivator for action, organizations should be aware of using fear to motivate employee behavior regarding good safety practices and instead seek positive reinforcements,” he said. he declared.
Agarwal said the continuing wave of cybersecurity news would not slow down anytime soon and, barring desensitization, would continue to be a major stressor in our society.
“It is the responsibility of organizations to protect and educate their consumers to the greatest extent possible and to ensure that good safety practices are as fluid as possible,” he said. This can go a long way in reducing the cyber stress of the users.
Casey Ellis, founder and CTO of Bugcrowd, an outsourced cybersecurity platform, pointed out that consumer stress has become a political issue.
âFor me, that implies that this factor is not going to go away,â he said. âOrganizations have the opportunity to use this stress, and their ability to reduce it and differentiate themselves in the process, as a competitive tool that makes the Internet a safer place at the same time. “
He pointed out another factor: that consumers are tired and increasingly skeptical of âWe take your safety seriouslyâ as a categorical response. They want to understand, without getting confused by technical details, why they should feel more secure using an organization’s product rather than a competitor’s offer, he said.
âBanking and financial services have the longest history of not only being secure, but also building confidence in the actions they take,â he said.
On the design side, Ellis explained that it was about “making security easy and insecurity obvious.”
âUltimately, the responsibility lies with the product manufacturers to make ‘making a risky decision’ as difficult and as obvious as possible,â he said. âIt is one thing to tell a consumer that he must implement the AMF, it is another to reduce his friction to the point of actually doing it. “