Relaxed Cybersecurity Could Render Consumers Accidental “Inside Actors”

A new survey from Cisco of general consumers across Europe and Middle East regions reveals interesting trends on device and cybersecurity. 

Unwitting insider threats are becoming an increasingly common part of the attack chain. Even the smallest of data leaks can lead to huge ramifications further up the business chain and poor cybersecurity at home could prove to a weak link for many. 

3 in 5 consumers are worried about their connected devices being hacked or attacked, yet 60% of users primarily use their personal phone for work tasks

Using Personal Devices for Work 

With the advent of hybrid work and against a backdrop of intensified cyber threat, the research was conducted with the aim of understanding attitudes to cybersecurity in the home. The results reveal the huge number of people who frequently use their personal device for work tasks such as sending emails (58%), make work calls (48%) and share documents (42%). Only 10% have never chatted about work task on their personal device or worked on a business document.  

Of over 8,000 respondents, 90% have two or more connected devices and 84% share at least one connected device with someone else in the house. Amid a global surge in cybercrime at all levels, respondents do appear concerned about the threat of attack, with 57% admitting they’re worried about their personal devices being hacked.

Risk is not only a factor at home, as so many people now work in public spaces or check-in on work tasks on the move. The always-on mentality of so many means people are risking shortcuts to connectivity. 76% of respondents admit to having used public Wi-Fi networks, such as bars, airports and restaurants, for work tasks.  

“On a public Wi-Fi network, you don’t know who else is sharing the connection, what their motivations are, or how much effort the owner of the network has put into securing it,” says Martin Lee, EMEA Lead at Talos, Cisco’s threat intelligence and research organization. “Using your phone’s hotspot feature (with a strong password) will be more secure than using a public network, using a VPN will always be more secure than not using a VPN.” 

Misunderstanding Security Measures 

Username and passwords have never been a particularly effective technique for keeping unwanted individuals from accessing systems. Adding multi-factor authentication (MFA) to accounts is a very simple method for adding a strong extra layer of protection to system access.  Put simply, a trusted passwordless application uses the login process as an enforcement point, considering the context and conditions of the request including device health. Security teams establishing these controls are getting ahead of multi-factor phishing and biometric spoofing.  

However, 37% do not use or do not know what MFA is. As nearly every smartphone now has a fingerprint or facial scanner, consumers are choosing to use biometrics instead of passcodes to unlock and login to applications on their personal devices. Organizations have an opportunity to leverage this technology, which is already in employees’ pockets, to drive adoption of strong MFA at work. This is also known as passwordless authentication. 

Inconsistent Education Opportunities  

A major challenge in closing the gaps in cybersecurity is educating millions of people at a consistent level. When asked where they seek advice about online and device security behavior, the answers were stacked predominantly towards asking friends and family (39%) or just using common sense (35%). This approach was fairly consistent across age categories, although the use of social media as a reference spiked among younger generations. 35% of those between 16-34 use it compared to much lower levels from older respondents. General media, providers of apps and state authorities were ranked very low on the list of reference points – all below 25%.  

Aligning Business and Consumer Mindsets 

The pandemic has accelerated hybrid and remote work. And with the line between work and home permanently blurred, the habits used for personal activity are increasingly applied to work ones. Hybrid work is the future of work and robust strategy and investment around devices, protocols and security isn’t a nice to have – it’s critical. If ever it was time for organizations to get their house in order, it’s now.  

Read next: 5 new cybersecurity safety trends to take note of