The Odyssey of Cybersecurity Culture In the vast annals of history, tales of heroes and their epic voyages have captivated us. Today, our journey...
Cyber Security Knowledge: The U.S. “Bytes” the Dust
It’s safe to say a handful in the United States is known for offering “tech-savvy” wisdom
Heck, some of the biggest tech companies out today were created in the United States (Facebook, oh wait, right. "Meta", Alphabet/Google, yadda yadda). Thankfully, that same handful understands the importance of tech security, as well. But notice how I keep saying “handful.” Unfortunately, the average citizen doesn’t really want to grasp the severity and necessity of cyber security knowledge.
In our post-pandemic society, the usage of technology (I.E. Internet, software, and personal devices) has increased by over 100% from 2020 to 2021, a huge increase from 40% usage between 2018 and 2019. Because of this hefty increase, the inclusion of phishing, scams, and lack of protection has also skyrocketed, all because these hackers and scammers are taking advantage of a crucial component in cyber protection: Refusal to learn.
An “A” in too much Trust, an “F” in Awareness
Take, for example, this satirical look at how easy it is to gather personal information from the everyday American:
While it’s meant to be funny, it’s… kind of scary. Yes, this video was filmed in 2017, but it still highlights the dangers and simplicity of having our information taken from us by someone casually asking, as these same practices still occur to this day.
In today’s digital age, while companies like Google and Apple offer protection services, including algorithms to sort out scam e-mails and providing a stronger caller ID service, studies have shown that the number is still fairly elevated in terms of cybercriminals succeeding.
- Around 50% of people contacted by a scammer will engage with them. Of those, 23% lost money
- Through social media, 91% of people engaged with scam pages and messages, while 53% lost money.
- 38% of people contacted by debt collection fraudsters engaged, and 12% lost money.
Throughout the plethora of studies, it’s widely mentioned that while these can easily be avoided, cybercriminals use tools to exploit the level of impatience and confusion the average citizen has around their understanding of digital privacy, especially the one thing we can all, as a nation, collectively agree to hate: the user agreement.
Just SIgn On tHE dIGITAL dOTTED line
In today’s day and age of streaming, ordering online and delivery services, many criminals take advantage of the user agreement, sending, via text and/or e-mail, a duplicated version of a service you’ve used many times before.
In a recent study done by Security.org, they had sent out, to over 1,000 participants, an “agreement” to join their studies on understanding Cybersecurity. The kicker? The agreement stated this:
Once these were sent back, 98% of the users agreed to the consent, while 2% were able to catch the phony information.
During their survey, they conducted the following information:
- On average, users were only able to correctly identify the types of data their phones gathered with 54% accuracy.
- Even though all of the users agreed to read through every form presented, only 16 (out of over 1,000) caught the initial pranks that were included throughout the documents.
During the same survey, they were presented with a quiz that asked them general knowledge questions on data collection and privacy, with the end results averaging 54/100. Many (if not all) had stated that they did not realize tax information, payment information, and an internet service provider (to name a few), are in the fine print of data collection and are usually sold, and in many cases, stolen.
While the user agreement is just one example of the lack of understanding of cyber security, the data presented paints a bigger picture of the dangers of the digital world and how the average American is susceptible to getting caught in the phishing net (I had to do it!)
Cyber Criminals + Remote/Office Life = Their Version of a Steak Dinner
While we have generally focused on the average American and their personal devices, we also have to address a massive gap in awareness of office/remote life.
While this applies to both offices bringing their employees back in AND offices adapting to remote work, the bleak digital practices your employees use can still rear their ugly head into your business.
Cybercriminals bank on employees using remotely connected/in-office networks, especially if said office networks are still being used to view social media, which would be a definite case, due to the increase (and escape) that has tripled since 2021.
So the main question is; How are you helping your co-workers stay safe on all platforms, at all times, both on and off the clock?
Improvement in cyber security
(seriously, we really need it)
Looking at the numbers can give an accurate impression of what needs to be improved, but let’s cut to the chase and get the elephant out of the room: whatever we claim we’ve tried to accomplish over the past few years… it’s clearly not enough.
Over 53% of organizations currently have awareness training in place (I use the word “training” lightly), so that’s 1 in 2 companies, (Small business level drops to 1 in 4), and said awareness training is rarely retained. If only a handful (callback!) of respondents have achieved the level of cybersecurity knowledge to correctly answer a few basic cybersecurity questions, can we really say we are doing things the right way?
Sure, employees need to be able to retain the information provided in cyber awareness training (which is why once a year and "one size fits no-one" training truly doesn’t cut it). However, there is more to ‘awareness’ than knowledge acquisition.
I want You... To Understand Cyber Security
Here at the Cybermaniacs, we believe the only way to get from 2% to 100% is by focusing on positive human behavioral change, development of security valued organizational culture, and personal values and perspectives.
This change of habits, skills, and mindset needs to happen at the personal level, for you, your family, and the associates you work with. It needs to change at the board level, with your suppliers and third-party providers. It needs to be part of your corporate and personal growth strategies.
Long/short; well, we do things differently. We’re confident we will win this fight against cybercrime and malicious hackers one heart and one inspired mind at a time. So maybe it takes something as crazy as puppets to do this. But hey, if a puppet is telling you and your employees how to consider how quickly and well we need to build new digital competencies, change risky online behaviors, and establish and nurture security-aware cultures at companies and communities all over the world.*
*Yes, our puppets love to use big words like that