Fatalism strong when it comes to our cybersecurity

Thursday, 25 April, 2019

When it comes to our cybersecurity, it seems we are pessimistic about our ability to protect ourselves.

According to a recent survey from the UK’s National Cyber Security Centre (NCSC) 70% of us believe we will be a victim of cybercrime over the next two years, even though 80% of us say cybersecurity is a high priority. While a significant 37% believed that losing money or their personal details was sadly unavoidable.

The survey was conducted between November 2018 and January this year and involved 1,350 telephone interviews with the general public. The survey was weighted to represent the UK population.

It has been published ahead of the NCSC’s two-day CYBERUK 2019 conference due to be held on 24 and 25 April at the Glasgow Scottish Exhibition Centre.

The findings showed that we are all well aware of cybersecurity and the risks involved but revealed a lack of understanding how to go about mitigating the risks. While 80% put cybersecurity as a high priority only 15% said they knew how to effectively protect themselves. Interestingly, 46% surveyed believed that most cybersecurity information was confusing.

The use and type of cyber protection practices varied widely and tended to be more prominent among those under the age of 54-years-old. The survey found an impressive 70% used a password, phrase or PIN to unlock their smartphones and tablets. In contrast only 55% of us used similar protection habits for their primary email account.

Likewise, only 46% patched their systems as soon as possible and just 29% regularly backed-up important data. While only a quarter of us used two-factor authentication on their email account.

The survey did not go into great detail with our password usage. But the NCSC is particularly concerned that we continue to use and reuse simple, easy to guess passwords.

We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you less vulnerable. Password reuse is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.

Using hard-to-guess passwords is a strong first step and we recommend combining three random memorable words. Be creative and use words memorable to you, so people can’t guess your password.

- Ian Levy: Technical Director, NCSC

In conjunction with the good knight of the internet Troy Hunt, the NCSC has published a list of 100,000 of the most common passwords found on Mr Hunt’s database on HaveIBeenPwned. The most common remains 123456 which according to Troy Hunt had been used and stolen 23 million times.

NCSC also warned that cybercriminals have their own lists of common passwords. So that blocking these will thwart many nefarious criminals. Of course, both NCSC and Troy Hunt recommend using multi-factor authentication and password managers as good password practice.

But it seems good, clear information on cybersecurity is what is most urgently needed – along with a little less fatalism.

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.