TY - GEN
T1 - Information security and practice
T2 - 11th International Conference on Cyber Warfare and Security
AU - Clarke, Nathan
AU - Li, Fudong
AU - Furnell, Steven
AU - Stengel, Ingo
AU - Ganis, Giorgio
PY - 2016
Y1 - 2016
N2 - The use of Information Technology (IT) has become common practice in our everyday lives both for business and private purposes. While people enjoy the convenience that IT offers, it also poses various security threats if not used properly, including malware, hacking, and information disclosure. Unfortunately, the scale and consequence of cyber threats has increased significantly year-on-year despite various security controls having been developed and deployed. It is evident that end users play a significant role within the information security domain, as they are frequently the primary target and the main force behind incidents. Nonetheless, whilst there are annual security surveys for organisations, less effort were given regarding assessing how individuals practice information security by the research community. Therefore, this paper presents a survey that investigates user's IT security practice and behaviour. In total, 400 respondents were surveyed during a five month period (i.e. November 2014 - March 2015). Overall, the results demonstrate that end users practice better IT security than typically thought although it appears only at a relatively basic level. For example, whilst a reasonably good proportion of participants (66%) claimed that they never share their passwords with others, 76% have used the same password on multiple sensitive accounts. Almost three quarters (72%) of responders never click on links or attachments within emails from unknown sources, but this is significantly reduced (to 36%) when someone they knew sent the email. Two-thirds of users (65%) do appreciate the importance of antivirus software as they always keep their antivirus software updated; however, less care is given to other applications/systems as only 44% would do the same and more alarmingly 65% even cancel or delay the security update process. Over two thirds (68%) of participants do not always backup their data, and only half of the participants (53%) claimed that they always destroy their data before hardware disposal. The results of the survey suggest that whilst levels of awareness are improving, there is still a significant gap between existing and required levels of information security knowledge and practice. Arguably, users are currently being overwhelmed by the burden being placed upon them to remain secure. The range of technologies they use (60% using more than 3 devices), the widespread use of online services (89% using at least 5 IT services) highlight users are becoming or have become technology dependent but perhaps without being security savvy.
AB - The use of Information Technology (IT) has become common practice in our everyday lives both for business and private purposes. While people enjoy the convenience that IT offers, it also poses various security threats if not used properly, including malware, hacking, and information disclosure. Unfortunately, the scale and consequence of cyber threats has increased significantly year-on-year despite various security controls having been developed and deployed. It is evident that end users play a significant role within the information security domain, as they are frequently the primary target and the main force behind incidents. Nonetheless, whilst there are annual security surveys for organisations, less effort were given regarding assessing how individuals practice information security by the research community. Therefore, this paper presents a survey that investigates user's IT security practice and behaviour. In total, 400 respondents were surveyed during a five month period (i.e. November 2014 - March 2015). Overall, the results demonstrate that end users practice better IT security than typically thought although it appears only at a relatively basic level. For example, whilst a reasonably good proportion of participants (66%) claimed that they never share their passwords with others, 76% have used the same password on multiple sensitive accounts. Almost three quarters (72%) of responders never click on links or attachments within emails from unknown sources, but this is significantly reduced (to 36%) when someone they knew sent the email. Two-thirds of users (65%) do appreciate the importance of antivirus software as they always keep their antivirus software updated; however, less care is given to other applications/systems as only 44% would do the same and more alarmingly 65% even cancel or delay the security update process. Over two thirds (68%) of participants do not always backup their data, and only half of the participants (53%) claimed that they always destroy their data before hardware disposal. The results of the survey suggest that whilst levels of awareness are improving, there is still a significant gap between existing and required levels of information security knowledge and practice. Arguably, users are currently being overwhelmed by the burden being placed upon them to remain secure. The range of technologies they use (60% using more than 3 devices), the widespread use of online services (89% using at least 5 IT services) highlight users are becoming or have become technology dependent but perhaps without being security savvy.
KW - end-user
KW - IT security
KW - survey
UR - http://www.scopus.com/inward/record.url?scp=84969132798&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84969132798
SN - 978-1910810828
T3 - Proceedings of the International Conference on Information Warfare and Security
SP - 81
EP - 89
BT - Proceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
A2 - Zlateva, Tanya
A2 - Greiman, Virginia A.
PB - Academic Conferences Limited
Y2 - 17 March 2016 through 18 March 2016
ER -