Threat Intelligence

3/5/2019
07:10 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Consumers Care About Privacy, but Not Enough to Act on It

People claim to value data privacy and don't trust businesses to protect them - but most fail to protect themselves.

RSA CONFERENCE 2019 – San Francisco –When it comes to data privacy, users' practices fail to align with their values. Most claim to value privacy and don't fully trust businesses to protect their information, yet they aren't taking the necessary steps to put their own privacy safeguards in place.

The data comes from a new Malwarebytes survey, entitled "The Blinding Effect of Security Hubris on Data Privacy," released here this week at the RSA Conference. Between Jan. 14 and Feb. 15, 2019, researchers polled nearly 4,000 people to learn about their confidence in their own privacy and security practices, as well as their trust in organizations to protect data.

As it turns out, participants do care about security – but only enough to do the bare minimum. Their perceived confidence in their privacy practices is higher than reality, researchers report.

Most (96%) people across generations, and more than 93% of Millennials, say they care about privacy. Nearly all take steps to secure their information online. Most (93%) use security software, nearly 90% say they regularly update software, and about 85% verify websites are secure before purchasing. Ninety-four percent avoid sharing personal data on social media.

People largely distrust social media platforms with their data. Researchers asked participants to rate, on a scale of 1-5, how much they trusted social media to protect their data. The average response: 0.6. Baby Boomers are most distrustful of social media (96%), followed by Gen X (94%), Gen Z (93%), and Millennials (92%). In total, 95% say they distrust for social media platforms.

Search engines are considered more trustworthy. When asked to rank their trust of search engines on a 1-5 scale, the average response was a little over 2. Gen Z (75%) is the most distrustful of search engines, followed by Gen X (65%), Millennials (64%), and Baby Boomers (57%).

"One of the things that caught me by surprise was how much you trust social media versus search engines," said Marcin Kleczynski, CEO of Malwarebytes, in an interview with Dark Reading. "From a social media perspective, you're already giving up the data pretty willingly."

It's no surprise, given Facebook's privacy scandals and tech giants' advertising practices, that users feel skeptical to share information. "How much you're willing to share with Facebook is also how much you're willing to lose in terms of privacy," Kleczynski pointed out.

Eighty-seven percent of respondents aren't confident in sharing personally identifiable information (PII) online. Those who are willing to share are most likely to share contact information, payment card details, and banking and health-related data with those sites.

Despite their distrust in tech giants and confidence in their privacy practices, people aren't likely to go out of their way to safeguard their information: One-third of respondents claim to read end user license agreements (66% either skim through or ignore them entirely), 47% know which permissions their applications have, and about 53% use password managers. Twenty-nine percent reuse the same passwords across websites; for Millennials, that number was 37%.

"This kind of behavior is what criminals want users to do," experts say in the report. The practice makes it easy for attackers to steal credentials from one place and use them elsewhere – a practice easily prevented with password managers, they continue.

"These are pretty concerning trends," Kleczynski noted, adding that using a password manager is "the biggest thing you can do as a citizen online." The common thread of unfollowed practices is they're tough to do correctly. License agreements are long and packed with technical and legal jargon, for example, and many users don't care about app permissions.

What can businesses take away from this data? Identity is key, Klecsynski said. Password managers and single sign-on services are critical to protect the credentials that grant access to data. Security software and patching are the next most important factors to protecting people in the enterprise.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/6/2019 | 8:17:07 AM
Most users don't understand the subject
It's technical as Dr. Venkman said in GHOSTBUSTERS.  Users want it but don't know how to get it and education may be a nice thing but WHERE to get it?  I have often thought of conducting local seminars in my area for users and cover the basics.  Password complexity, safe browser view, credit card usage.  (I have always thought a low-limit credit card for INTERNET ONLY is a wise thing, a $500 limit so theft cannot buy a Jaguar.)  Things to watch for but ..... that covers a small portion of the population.   As security pros, we should spread the word whenever we can to whomever.  At least we are doing something of value.  But users per se are a lacking group and resources difficult to locate.  
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Looks like Jayne is having sushi for lunch again.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.