Do hackers check trash cans? Surprising answers to US, UK security survey

A survey of 2,000 US and UK citizens reveals a stark contrast between the two regarding online habits, basic knowledge of IT, and understanding of cybersecurity. While the Brits appear to grasp IT matters better than the Americans, both offer some surprising, at times worrying answers to questions about cybersecurity.

Wombat surveyed 1,000 working adults in the United States and 1,000 in the United Kingdom about online best practices fundamental to protecting privacy, data and network security.

Asked if they”ve ever been a victim of identity theft, 50% of US citizens said yes, whereas only 19% of UK respondents offered the same answer. Those who had not fallen victim to identity theft totaled 45% in the States and 71% in Britain. 5% of US interviewees and 10% of the Brits said they hadn”t a clue if someone had ever stolen their credentials.

63% in the US and 41% in the UK answered affirmative to the question “Have you or someone you know had a social media account hacked or duplicated?” If so far the answers were fairly predictable, the following will raise a few eyebrows.

Answering the question “What is malware?” respondents provided the following responses:

• Hardware that boosts WiFi signals (US 30% / UK 6%)
• Software that harms devices and files (US 61% / UK 78%)
• Mobile app that delivers real time alerts (US 3% / UK 2%)
• I don”t know (US 6% / UK 14%)

Internet users in both territories worryingly misplaced trust in WiFi networks outside their home or office, such as those found in hotels or coffee shops. Users tend to rate the network”s safety level based on how nice the place is. This was the case with 54% of US respondents and 27% of UK respondents. There”s more.

“How do cybercriminals obtain information?” Multiple responses were permitted to this question. The global averages were:

• Asking questions during a phony phone call – 67%
• Digging through trash cans – 53%
• Impersonating a service technician – 59%
• Making solicitations through the mail – 63%
• Cybercriminals only work online (or none of the above) – 13%

Asked if they were ever the victim of a phishing attack, Wombat noted a major difference between US and UK respondents (see chart below).

Another worrying aspect is what people in both countries do with company-issued hardware.

• 54% of US respondents and 36% of U.K. respondents view/post to social media on work devices
• 57% of US respondents and 28% of UK respondents stream media (e.g. music and video) on work devices
• 58 percent of US respondents and 45 percent of UK respondents shop online on work devices
• 52% of US respondents and 30%of UK respondents play games on work devices
• An alarming number of respondents allow family members and trusted friends to use email (46%), view/post to social media (43%), stream media (47%), shop online (48%) and play games (50%) on their work devices

The numbers weren”t all bad, though. Respondents in the US and the UK had similar levels of understanding about phishing scams, as 70% of workers could define phishing on basic terms. However, the remaining 30% either didn”t know what phishing was, with as many as 13% unable to hazard a single guess.

Another breath of fresh air follows the question “do you back up your important personal files?” 92% do so in the US while the UK trails it at 83%. And there is one area where the US in fact trumps the UK by a margin: password safety. Chart below.

The WannaCry epidemic, which occurred 24 hours after the end of the survey, somewhat confirmed the findings – in that major companies have a ways to go to build awareness of IT threats among employees, especially in the United States. The more-encouraging numbers coming out of the UK seem all-the-more accurate as police forensics experts in the country are actively being trained in IT security matters.

However, the survey shows that those who work in cybersecurity circles overestimate the level of knowledge the general population has about basic secure behaviors and / or malware.

“This could be giving security professionals false confidence and may be the reason why just fewer than half of organizations have a security awareness training program for their employees,” the company said.