Consumer Cyber Stress Requires Focus on Security

Consumers are feeling stressed out about cybersecurity, but many aren’t taking measures to better educate themselves or even check their accounts for indicators they’ve been hacked. 

These were the findings of a Kaspersky survey of 2,500 consumers in the U.S. and Canada, with 64% of respondents stating that news of ransomware attacks causes them stress.

Nearly seven in ten of respondents (69%) said news of data breaches caused them stress about cybersecurity, and nearly two-thirds of respondents (64%) said having their bank account compromised would cause them the most stress.

Meanwhile, almost half (48%) of all respondents said they had experienced some type of cybersecurity incident in the past two years—up from just 28% in 2019. 

In the face of an ever-changing threat landscape, more sophisticated hacking techniques and a growing desire among cybercriminals to harvest information for their own benefit, organizations need to be more aware of potential breaches than ever before. To address cyber stress, education for consumers and employees is key, as well as increasing cybersecurity protections for applications and software.

Educating Users is a Key Challenge

According to a 2020 Kaspersky report, phishing and social engineering attacks on customer accounts is the top challenge, cited by half of SMBs and nearly half of enterprises. 

“To protect customers from phishing and other types of attacks, organizations need to educate them on possible tricks malefactors may use” explained Rob Cataldo, managing director of North America for Kaspersky. “This includes regularly sending the users information on how to identify fraud and what actions to take in this situation.”

He noted that as data privacy and data protection have become big parts of our lives, more people want to understand and learn the best practices for it, and added that this is also a positive change, as user awareness is very important.

“Many companies also have blogs where they share this information and launch campaigns to educate and inform more users,” he added. 

Cataldo noted one of the key risks for organizations is using outdated technology: With legacy solutions still in place, organizations are more likely to be exposed to suffering financial and reputational damages.

“With that in mind, constant updates should be prioritized, and employees should be educated on the importance of regularly updating technology and software,” he said. “Fortunately, we see that organizations are becoming more committed to investing in IT security, and this brings hope that we will see fewer attacks on them.”

Archie Agarwal, founder and CEO at ThreatModeler, an automated threat modeling provider, said any vertical that stores or processes consumer personally identifiable information must be fully cognizant of a “security-first” approach to reducing user cyber stress.

He noted heavily regulated industries such as banking are at the forefront of securing their customers, but concerns remain over less regulated industries such as dating applications, in which the consequences of a breach can, in some ways, be more personally devastating than a bank account compromise.

Fear is Not a Good Motivator

“As fear may not necessarily be a good motivator to action, organizations should be mindful of using fear to motivate employee behavior regarding good security practices and look for positive reinforcements, instead,” he said. 

Agarwal said the continual slew of cybersecurity news would not slow down anytime soon and, barring desensitization, would continue to be a major stressor in our society.

“It is the responsibility of organizations to protect and educate their consumers to the maximum extent possible and to ensure good security practices are as frictionless as possible,” he said. Doing so can go a long way toward reducing users’ cyber stress.

Casey Ellis, founder and CTO at Bugcrowd, a crowdsourced cybersecurity platform, pointed out that consumer stress has risen to the point of being a political issue.

“To me, this implies that this factor isn’t going away,” he said. “Organizations have an opportunity to use this stress, and their ability to reduce it and differentiate themselves in the process, as a competitive tool that makes the Internet a safer place at the same time.”

He pointed out another factor: That consumers are tiring and growing skeptical of “We take your security seriously” as a pat response. They want to understand, without being bamboozled by technical detail, why they should feel safer using one organization’s product rather than a competitor’s offering, he said.

“Banking and financial services have the longest history of not only being secure but creating confidence in the steps they are taking,” he said.

On the design side, Ellis explained it’s a problem of “making secure easy, and insecure obvious.” 

“Ultimately, the responsibility falls to the product manufacturers to make ‘making a risky decision’ as difficult and as obvious as possible,” he said. “It’s one thing to tell a consumer that they should implement MFA, it’s another entirely to decrease their friction to the point where they’ll actually do it.”

 

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 242 posts and counting.See all posts by nathan-eddy