RSA CONFERENCE 2019 – San Francisco –When it comes to data privacy, users' practices fail to align with their values. Most claim to value privacy and don't fully trust businesses to protect their information, yet they aren't taking the necessary steps to put their own privacy safeguards in place.
The data comes from a new Malwarebytes survey, entitled "The Blinding Effect of Security Hubris on Data Privacy," released here this week at the RSA Conference. Between Jan. 14 and Feb. 15, 2019, researchers polled nearly 4,000 people to learn about their confidence in their own privacy and security practices, as well as their trust in organizations to protect data.
As it turns out, participants do care about security – but only enough to do the bare minimum. Their perceived confidence in their privacy practices is higher than reality, researchers report.
Most (96%) people across generations, and more than 93% of Millennials, say they care about privacy. Nearly all take steps to secure their information online. Most (93%) use security software, nearly 90% say they regularly update software, and about 85% verify websites are secure before purchasing. Ninety-four percent avoid sharing personal data on social media.
People largely distrust social media platforms with their data. Researchers asked participants to rate, on a scale of 1-5, how much they trusted social media to protect their data. The average response: 0.6. Baby Boomers are most distrustful of social media (96%), followed by Gen X (94%), Gen Z (93%), and Millennials (92%). In total, 95% say they distrust for social media platforms.
Search engines are considered more trustworthy. When asked to rank their trust of search engines on a 1-5 scale, the average response was a little over 2. Gen Z (75%) is the most distrustful of search engines, followed by Gen X (65%), Millennials (64%), and Baby Boomers (57%).
"One of the things that caught me by surprise was how much you trust social media versus search engines," said Marcin Kleczynski, CEO of Malwarebytes, in an interview with Dark Reading. "From a social media perspective, you're already giving up the data pretty willingly."
It's no surprise, given Facebook's privacy scandals and tech giants' advertising practices, that users feel skeptical to share information. "How much you're willing to share with Facebook is also how much you're willing to lose in terms of privacy," Kleczynski pointed out.
Eighty-seven percent of respondents aren't confident in sharing personally identifiable information (PII) online. Those who are willing to share are most likely to share contact information, payment card details, and banking and health-related data with those sites.
Despite their distrust in tech giants and confidence in their privacy practices, people aren't likely to go out of their way to safeguard their information: One-third of respondents claim to read end user license agreements (66% either skim through or ignore them entirely), 47% know which permissions their applications have, and about 53% use password managers. Twenty-nine percent reuse the same passwords across websites; for Millennials, that number was 37%.
"This kind of behavior is what criminals want users to do," experts say in the report. The practice makes it easy for attackers to steal credentials from one place and use them elsewhere – a practice easily prevented with password managers, they continue.
"These are pretty concerning trends," Kleczynski noted, adding that using a password manager is "the biggest thing you can do as a citizen online." The common thread of unfollowed practices is they're tough to do correctly. License agreements are long and packed with technical and legal jargon, for example, and many users don't care about app permissions.
What can businesses take away from this data? Identity is key, Klecsynski said. Password managers and single sign-on services are critical to protect the credentials that grant access to data. Security software and patching are the next most important factors to protecting people in the enterprise.
- Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
- Care and Feeding of Your SIEM
- Cybercriminals Target Young Gamers
- Axonius' 'Unsexy' Tool Wins RSAC Innovation Sandbox
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.