Survey: Americans have shallow understanding of cybersecurity

We are part of The Trust Project.

SAN DIEGO — When it comes to cybersecurity, Americans recognize the need for strong passwords and know that public Wi-Fi hotspots aren't necessarily safe for online banking or e-commerce.

But U.S. adults are not as good at recognizing email "phishing" schemes or determining if the website where they're entering credit card information is encrypted.

That's according to a new Pew Research Center survey titled "What the Public Knows about Cybersecurity." It tallied responses from 1,055 adults last year about their understanding of concepts important to online safety and privacy.

The results were mixed, highlighting that public awareness of online security measures remains a potential weak link in thwarting cyberthreats.

"It is probably our No. 1 concern and No. 1 vulnerability," said Retired Rear Adm. Ken Slaght, head of the San Diego Cyber Center of Excellence, a trade group for the region's cybersecurity industry. "These attackers keep upping their game. It has gone well beyond the jumbled, everything misspelled email."


Digital security firm Gemalto recently said 1,792 data breaches occurred worldwide in 2016, with 1.4 billion digital records compromised — up 86 percent from the prior year.

Gemalto, based in The Netherlands, did not include the 1.5 billion record exposed in the Yahoo! breach because it technically occurred in 2013-14. It was discovered last year.

"One of the biggest problems is people have become numb to this," said Slaght. "We all have had our credit card hacked. You just get a new one and life goes on."

The Pew Research survey asked 13 questions about cybersecurity. The median score was five correct answers. Just 20 percent answered eight questions correctly.

A relatively large percentage of respondents, however, answered "not sure" to questions rather than providing the wrong answer.

Participants had a good understanding of some basic security practices such as the importance of strong passwords and less knowledge of others — particularly more technical aspects of web safety such as multifactor authentication and virtual private networks.

"One of the things you see from the Pew study, as you drill down in security knowledge, the numbers really do drop off," said Stephen Cobb, security researcher for antivirus software firm ESET. "I was disappointed that only 33 percent were aware of what the 's' in 'https' meant."

It stands for secure, with website authentication and encryption of digital traffic. It is used mostly for online payments. Security researchers often suggest computer users examine the website addresses — known as the URL — as a first step before they click on a link.


"You wonder if people know what a URL is," said Cobb. "Do they know how to read a URL? So there is plenty of work to be done" in terms of public awareness.

Only 54 percent of respondents correctly identified a phishing attack. For cybercriminals, phishing remains a favorite trick for infecting computers with malware. Phishing schemes usually involve an email that directs users to click on a link to an infected website.

Computer security software does a good job of blocking most phishing schemes, said Cobb, including many sophisticated spear phishing attacks targeting individuals with personalized information.

Even so, cybersecurity technology can't yet deliver a "completely automated response to phishing," he said. "So we have to proceed with user education and with attempts to make phishing a poor career choice" by prosecuting those who do it.

Other findings in the Pew survey include:

• 75 percent of participants identified the most secure password from a list of four options

• 52 percent of people knew that turning off the GPS function on smartphones does not prevent all tracking. Mobile phones can be tracked via cell towers or Wi-Fi networks.

• 39 percent were aware that Internet Service Providers still can see the websites their customer visit even when they're using "private browsing" on their search engines


• 10 percent were able to identify one example of multifactor authentication when presented with four images of online log-in screens.

What to read next
Fred Gommels has been able to use his agility as a small business owner to build two successful businesses.
Looking back at my career in staffing, I can say with certainty that I was ghosted quite often. Countless interviews were skipped with no communication from potential candidates; no phone calls to cancel or reschedule. Just silence.
Dr. Elaine and Nick Stageberg's Black Swan Living housing firm has been growing dramatically in the last few years. In 2022, they more than doubled their rental units in Rochester and Byron with the expectation of ending the year with 970 local units under their ownership and management.
Business has been flourishing in the three months since the business moved into the former Toys R Us, but more hands are needed on staff for the store be open more than two days a week.