Growing threats from hacking groups, terrorists and government-sanctioned retaliation has individuals fearful of attacks and losses, GFI Software commissioned research shows.
GFI Software has released the findings of an independent study examining the business and social impacts of cyber security issues, revealing stark public concerns over the increasing personal and business risks posed by cyber crime and the growing likelihood that cyber crime acts will escalate to physical retaliation. With multiple recent high profile attacks targeting household names and large employers – including the major attack against multiple parts of Sony, the leaking of user data stolen from video streaming service Netflix and health insurer Anthem being hit for valuable healthcare customer and employee data – the survey shows that individuals increasingly fear cyber crime and its resulting consequences at work as well as at home.
The survey revealed that 47% of respondents have been the victims of at least one cyber crime in the last year alone. Credit card fraud was the most prevalent form of cyber crime, with 20% of respondents having been hit in the last year, followed by 16.5% having at least one social media account breached or defaced.
The blind, independent study was conducted for GFI Software by Opinion Matters and surveyed 1,008 UK adults, working for companies with up to 5,000 staff that use a computer or mobile computing devices.
Key findings from the survey include:
• 41% believe banks will be the main target for cyber criminals in the coming year
• A quarter (23%) are concerned that large business institutions will be targeted for crime and cyber espionage, but only 9.5% believe retailers will be a major target, despite the potential for high levels of credit card data theft
• With growing volumes of healthcare data being digitised, 9% are concerned that cyber criminals will turn their attention to the NHS and private health insurers in the coming year
• The perceived growing threat from cyber attacks is hurting adoption of Internet of Things (IoT) technology, with nearly two-thirds (64%) either viewing Internet-connected home devices as too risky to own, or having reservations about making further purchases
• 55% of respondents believe malware still poses the biggest threat to both individual and business information security
The Business Impact of Cyber Crime
The research revealed that almost all cyber crimes have a noticeable, detrimental impact on businesses, with 88 per cent of those surveyed believing that a cyber attack against their employer would have measurable financial and productivity implications. A further 3.5 per cent believe that a single cyber attack against their employer could easily put the organisation out of business permanently.
“Cyber attacks have profound consequences for the business community, whether organisations are the target, or the victim of an attack elsewhere. In the last few months alone we’ve seen major corporations targeted in systematic acts of espionage and geopolitical retaliation, as well as hundreds of thousands – potentially millions – of individuals affected by the fallout of data being stolen and misused,” said Sergio Galindo, general manager of GFI Software. “Usernames, passwords, credit card data, health records – malicious use of this data by criminals can quickly create financial hardship and significant stress for affected individuals, while the negative fallout for organisations the data was stolen from can range from loss of reputation to fines, falling sales, civil and criminal legal proceedings and more.”
Impact of Cyber Crime on Public Services
Until recently, the thought of hackers gaining access everyday public and utility services in order to cause havoc and disrupt society was the stuff of movies, such as the film Die Hard 4.0. However, with everything from traffic lights and CCTV cameras to power stations and smart meters being computerised, automated and networked to improve efficiency, centralise management and reduce cost, these services are at greater risk. This was highlighted in November 2014 when the NSA reported that the US power grid was successfully hacked.
As a result, two thirds of those surveyed now believe the hijacking of major services (utility services, traffic management, transport etc.) by cyber criminals is a genuine threat to UK national and infrastructure security.
In addition, 43% believe that increased cyber crime is making life harder, by making it more challenging to access to everyday services, with 30% believing the heightened cyber crime environment is a hindrance to productivity. Our reliance on digital devices makes us more of a target, with 21% believing that our everyday use of technology has left individuals and businesses more exposed than ever to virtual crime. Most worrying is that a third of those surveyed believe acts of cyber crime and cyber terrorism are likely to spill over into physical acts of crime and terrorism.
“Cyber crime is not a victimless activity – virtual acts of criminality affect real people, put jobs at risk and have lasting consequences for everyone impacted by them,” Galindo added.
Taking steps to improve online security
The survey also revealed that growing cyber security concerns have prompted people to take more aggressive steps to protect themselves and their online footprint, both at work and at work:
• 57% claim to now change passwords for web sites and online services on a regular basis
• 52% have taken steps to strengthen their anti virus protection
• 49% have activated PIN or password protection on tablets and smartphones
• 46% now avoid duplicating passwords across multiple sites and services
• 28% have, where supported, activated two-factor authentication for logging in
• 6% have done nothing to improve their online security
“It is particularly encouraging to see that over a quarter of those surveyed have embraced two-factor authentication. While some banks and building societies now insist on this technology to protection online banking access, people are increasingly activating two-factor to protect social networking, email, ewallet and other online services”, said Galindo.
Comparison with the US
The same survey, conducted among a parallel demographic in the US, produced broadly similar results – with one key difference: US respondents were between four and five per cent more security conscious with regards to the steps taken to secure personal data and prevent unauthorised access to online services.
For example, in the UK, just over a quarter (27%) of those surveyed have begun creating dedicated email addresses for use with specific online services in an effort to minimise the impact of a security breach. In the US, the site of many more high-profile instances of username and password thefts, this number is as high as a third.
A copy of the full survey results and infographic can be found at: http://www.gfi.com/documents/gfi_cyber_security_2015.zip