Hackers targeting young Britons might find it easier than they think. According to the most recent UK government Cyber Awareness Campaign, over half of British citizens between 18 and 25 reuse a password for multiple accounts, including social media and online shopping networks. Some respondents used the same password for 21 online accounts, the survey found, most often including names of their pets, family members or personal identifiable information that can be easily collected from social media.
As if that wasn’t bad enough, some 79 percent confirmed they use messaging apps to transfer sensitive data, including bank statements and details, and passport copies. No information sent online is ever deleted, but instead remains in the cloud or an inbox, ready to be manipulated by third-parties.
Such careless behavior widely displayed by young people is not an issue security experts have come across recently. Only in the UK, the government has been spending millions of pounds on awareness campaigns, hoping to educate of the risks they are exposing themselves to and show them how to fight off data breaches. So far, young people are the most careless online, overlooking data theft and fraud risks and neglecting the installation of two-factor authentication when available.
Despite security experts’ efforts to change users’ behavior and improve cybersecurity practices, only the threat landscape has changed – for the worse. According to the UK government, users have a hard time understanding risks and argue it won’t happen to them.
If they don’t understand the severity of their actions or threats, they are not motivated to apply security best practices. If a user is advised to have 21 strong unique passwords for their 21 online accounts, they have to understand that the instructions create a win-win situation. Otherwise, attacks will keep happening, especially as IoT integration makes us more connected. Sure, awareness and training programs might help, provided they focus on the why factor and train the user to prevent security fatigue.