Security: Users show more paranoia than practical skills

Users are still clinging to hopes for the best without preparing for the worst, even with two-factor authentication and identity management advancements.


Most users store sensitive data across the range of their computing devices, yet are not taking enough steps to protect that data and themselves, according to a recent report.

In the survey by Kaspersky Labs released earlier this year, 58 percent of respondents were concerned their personal data may be stolen. Given recent hacks over the past 12-18 months, including the recent iCloud theft of celebrity photos , the other 42 percent may be living in a digital fantasyland. Hacks or not, 60 percent of users worry they are being spied on via their devices using such features as Webcams.

Given this data, one might think an inevitable change of strategy may be taking hold among end-users enamored with devices and apps, but in the survey 38 percent of respondents admit to storing highly sensitive data on their devices and are afraid of that practice.

The survey paid particular attention to protection of digital identity and privacy, valuable financial and personal data in the modern Internet.

It may be that a sense of cause and effect — theft begets protection — is somehow deadened in the virtual world. Or it could be users are looking for some digital help. In the survey, 75 percent of respondents believe that banks, payment systems and online stores should provide them with special solutions for secure transactions on their endpoints.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

Read More

Even if that were the case, would those resources be used if they required any extra effort or knowledge to activate or implement. A number of vendors, including the likes of  Apple , LinkedIn, Facebook, Salesforce, Twitter, Yahoo, Google and others are starting to offer, or even require, the use of two-factor (2FA) or multifactor authentication (MFA), some of which will be updated in the near future. Both offer a measure of additional security against password hacks including brute force or replay of the same credential across other sites.

An organization of vendors and companies called the FIDO Alliance, that includes Google, Salesforce and Twitter, is working on a standards-based layer of plumbing for authentication that would allow a more streamlined activation and deployment of multi-factor authentication that would move security closer to the everyday actions and applications of computer and device users. Samsung and PayPal have already rolled out a payment scheme under this initiative.

In the survey, the highest number of victims are young people between 16 and 24 (18 percent) years of age, which may show that the younger generation of computer users may not be as savvy as their parents once thought. And it might foreshadow that the state of end-user security remains stuck in the battle with its arch enemy, convenience.

The question then remains can or will behavior change. Users like Jennifer Lawrence have clearly received powerful messages about the consequences of their behavior and lack of use, or understanding, of adequate security.

Will the behaviors highlighted in this survey change anytime soon, even under the glare of recent hacks? The historical answer has been no.

Or will those behaviors morph into a catalyst of change? What will it take for users to put more value on the sensitive transactions and personal data stored in their digital lives?