U.K. Workers Fail 'Cyber IQ' Test

ESET study reveals British workers are dangerously lacking in cyber-awareness.

mobile security

By Duncan Macrae

Most United Kingdom workers are clueless when it comes to cyber-security, according to the results of a cyber-IQ test created by Internet security firm ESET.

Study participants were asked a range of basic to intermediate questions around cyber-crime and security awareness, but most of them were answered incorrectly.


For example, when respondents were asked if it is true that cyber-criminals attack mobile devices in the same way they attack laptops and PCs, 12 percent said 'no' and 46 percent were unsure. When respondents were asked what "vishing" is 35 percent were not sure, while 26 percent thought it was a scam delivered via text message.

Other findings from the study revealed that:

—As many as 87 percent of respondents knew what phishing is.

—23 percent thought that having antivirus software installed meant they were fully protected and could surf the Internet safely.

—Just 29 percent of respondents felt that passwords needed to be complex in order to be effective.

—16 percent thought that if they didn't visit 'dodgy' sites they had no reason to be careful when using the Internet.

—Just five percent of respondents thought that paying a ransomware fine was their only option.

—Only 28 percent of respondents know that IoT stands for Internet of things.

Mark James, security specialist at ESET, said: "Phishing is without a doubt one of the biggest threats to consumers so it is very reassuring to see that the majority are aware of the threat. However, consumers need to understand that antivirus is only part of the solution, they also need to be careful where they click. Cyber-criminals are constantly revolutionizing threats to make them even harder to detect and you can never been 100 percent secure.

"Consumers must also be aware that cyber-criminals target mainstream, popular consumer Websites just as frequently as they do illicit sites. Cyber-crime is a business and hackers know that they have a bigger return on investment hitting sites that have high numbers of visitors.

"Consumers should always treat the Internet with caution and never click on links or visit sites which seem suspicious."

The more difficult questions in the study asked if respondents could identify what a distributed denial of service (DDoS) attack was. However, only 26 percent of respondents were able to answer correctly. In addition to this, when participants were asked which WiFi standard was generally most secure, 70 percent of respondents did not know and only 18 percent chose the correct answer.

James added: "Our study has shown that consumers are still very behind in terms of cyber-awareness and could be putting themselves, and the organizations they work for, at risk. There are many security issues which are more targeted at businesses; however consumers should have a good understanding of the threats that target them.

"Cyber-criminals are constantly looking at ways to exploit mobile devices and consumers should be aware of this. By not having the proper security standard enabled on their router, consumers could be unknowingly opening their home network to threats.

"Vishing is a new phenomenon and people are losing millions of pounds through the scam, this is a particularly nasty threat which consumers should definitely be aware of."

Participants from Wales fared the worst in the survey with 31 percent of respondents thinking IoT stood for Internet of Technology, 20 percent not knowing what phishing is and only 29 percent of respondents realizing that mobiles can be targeted by cyber-criminals in the same way as computers and laptops.