The human factor How safe do people around the world feel on the internet?
Who has ever been hit by cybercrime? How do people protect themselves from it? A survey reveals similarities and differences between different groups around the world.
When it comes to the internet, “evil is everywhere under the sun”, as the popular quote goes. By adopting safe practices, however, we can make it more difficult for cybercriminals to steal our data or cause damage in other ways. But what constitutes safe practices? What do you have to do to protect yourself from data theft and similar crimes? “There’s a lot of confusion about this, among people from all over the world,” is what Franziska Herbert has learned. The psychology graduate is currently completing her dissertation in the CASA Cluster of Excellence. In collaboration with Professor Markus Dürmuth, Professor Angela Sasse and other researchers, she has conducted a comprehesive survey that assesses the human factor in IT security.
More than 12,000 individuals in twelve countries took part in the online survey, which focused on what people understand safe behaviour in cyberspace to be, how they approach it and what misconceptions they may have. Participants came from China, Germany, the UK, India, Israel, Italy, Mexico, Poland, Saudi Arabia, Sweden, the USA and South Africa. They represent 42 per cent of the world’s population. The questions revolved, for example, around end-to-end encryption, WiFi surfing, the https standard, virtual private networks (VPN), and passwords.
Some risks are understood by people all over the world
“It emerged that some risks are equally well understood by all participants around the world,” points out Franziska Herbert, who designed the survey together with the team. One of these is the phenomenon of shoulder surfing, where unauthorised persons obtain personal data simply by looking over a user’s shoulder.
Certain misconceptions, however, are apparently also widespread around the world. “For example, in all the countries we covered in the survey, 80 per cent of the participants believe that it is necessary to change passwords periodically to keep them secure,” says Franziska Herbert. IT security experts actually used to recommend this for a long time, until it turned out that this practice actually doesn’t do any good at all.
In addition to all the similarities, the researchers also identified differences between participants from different countries, especially with regard to the scale of the assessments. “Compared to participants from Germany, participants in all other countries were more likely to have misconceptions about malware, device security and passwords,” outlines Franziska Herbert. German participants were the least likely to agree with misconceptions – even though they still fell in the middle of the scale between "completely agree" and "completely disagree". The highest level of agreement with misleading statements came from participants from China and India.