J030-Content-US-Cyber-Security-Survey_SQ2014 could go down in history as a highlight year for cybercriminals. Cybercriminals have shown that no organization is safe, regardless of size or reputation. The victim list now boasts the likes of Sony, Apple, eBay, JP Morgan and DIY giant Home Depot to name just a few. To finish 2014 with a bang, cybercriminals brought down both the PlayStation Network and Xbox Live at Christmas, just “because they could”. Just a few weeks into 2015, the US’s second-largest insurer, Anthem, suffered a major breach.

Businesses are concerned. End-users are worried.

An independent study commissioned by GFI Software examining the business and societal impacts of cyber security issues, reveals stark concerns over the increasing personal and business risks posed by cybercrime and the growing likelihood that cybercrime acts will escalate to physical retaliation. With multiple recent high-profile attacks targeting household names and large employers the survey shows that individuals increasingly fear cybercrime and its resulting consequences at work as well as at home.

The blind, independent study was conducted by Opinion Matters and surveyed 1,008 US adults, working for companies with up to 5,000 staff that use a computer or mobile computing devices.

According to the survey, 46 percent of respondents have been victimized by at least one cybercrime in the last year alone. Credit card fraud was the most prevalent form of such with 24 percent of respondents hit in the last year, followed by 16 percent having at least one social media account breached or defaced.

Key findings from the survey include:

  • 43 percent see banks as the main target for cyber criminals in the coming year
  • 17 percent fear that large business institutions will be targeted for crime and cyber espionage, but only 12 percent believe retailers will be a major target, despite the potential for high levels of credit card data theft
  • With healthcare data increasingly digitized, 10 percent are concerned that cyber criminals will target hospitals, HMOs and health insurers in the coming year
  • The perceived threat from cyber attacks is hurting adoption of Internet of Things (IoT) technology, with almost 60 percent either viewing Internet-connected home devices as too risky to own, or hesitating to purchase more devices
  • 57 percent of respondents believe malware still poses the biggest threat to both individual and business information security

The business impact of cybercrime

The research revealed that almost all cybercrimes have a noticeable, detrimental impact on businesses, with 88 percent of respondents believing that a cyber attack against their employer would have measurable financial and productivity implications. An additional six percent believe that a single cyber attack against their employer could easily put the organization out of business permanently.

Impact of cybercrime on public services

Until recently, companies and individuals rarely thought of hackers accessing everyday public and utility services to wreak havoc. Such services are at much greater risk, however, with everything from traffic lights and CCTV cameras to power stations and smart meters being increasingly computerized and networked to improve efficiency, centralize management and reduce cost. This new vulnerability was highlighted in November 2014, when the NSA reported that hackers successfully accessed the US power grid.

As a result, nearly three quarters (71.5 percent) of those surveyed now believe the hijacking of major services (utility services, traffic management, transport etc.) by cyber criminals is a genuine threat to US national security.

In addition, 50 percent believe that increased cybercrime is making life harder, by making it more challenging to access everyday services, and 37 percent believe the heightened cybercrime environment hinders productivity. Our reliance on digital devices makes us more of a target, according to 28 percent of respondents who believe that our everyday use of technology has left individuals and businesses more exposed than ever to virtual crime. Most worrying is that more than one third (35.3 percent) believe that acts of cybercrime and cyber terrorism are likely to spill over into physical acts of crime and terrorism.

The key message here is that cybercrime is not a victimless activity – virtual acts of criminality affect real people, put jobs at risk and have lasting consequences for everyone impacted by them.

Taking steps to improve online security

The survey also revealed that growing cyber security concerns have prompted people to take more aggressive steps to protect themselves and their online footprint, both at work and at home:

  • 63 percent now regularly change passwords for web sites and online services
  • 56 percent have taken steps to strengthen their antivirus protection
  • 51 percent have activated PIN or password protection on tablets and smartphones
  • 50 percent now avoid duplicating passwords across multiple sites and services
  • 32 percent have, where supported, activated two-factor authentication for logging in

however,

  • 5.5 percent have done nothing to improve their online security

On a positive note, it’s encouraging to see that one-third of those surveyed use two-factor authentication. People are not only using it to protect online banking access but social networking, email, e-wallet and other online services as well.

Comparison with the UK

The same survey, conducted among a parallel demographic in the UK, produced broadly similar results – with one interesting difference: US respondents were between four and five percent more security conscious with regards to the steps taken to secure personal data and prevent unauthorized access to online services.

In the UK, just over one quarter (27 percent) of those surveyed have begun creating dedicated email addresses for use with specific online services in an effort to minimize the impact of a security breach. In the US, the site of several high-profile username and password thefts, this number is as high as one third.

Commenting on the results, GFI’s general manager, Sergio Galindo, said cyber attacks have profound consequences for the business community, whether companies are the target, or the victim of an attack elsewhere.

“In the last few months alone we’ve seen major corporations targeted in systematic acts of espionage and geopolitical retaliation, as well as hundreds of thousands – potentially millions – of individuals affected by the fallout of data being stolen and misused. Usernames, passwords, credit card data and health records – malicious use of this data by criminals can quickly create financial hardship and significant stress for affected individuals, while the negative fallout for organizations the data was stolen from can range from loss of reputation to fines, falling sales, civil and criminal legal proceedings and more,” Galindo said.

A copy of the survey results for the US and UK can be found here.

To learn more how GFI is helping businesses protect their networks and users, visit the GFI website.