Menlo Security: Most Consumers are Confident in Ability to Identify Threats, but Fail to Implement Basic Precautions

MOUNTAIN VIEW, Calif., October 19, 2022 – The FBI is trying to contact you. Your Microsoft device has a virus (but you own a MacBook). There’s a warrant out for your arrest for tax evasion (though you filed well before April 15).

Since the advent of the internet, bad actors have taken to creative ways to prey on consumers. Research released today from Menlo Security, a leader in cloud security, revealed that consumers have:

• Received a message from their CEO offering payment in gift cards (22%)
• Were offered a fortune by a Nigerian Prince (37%)
• Were offered a free cruise (49%)

Not all cyber threats are quite this obvious – receive an email from PayPal or Zelle that you’ve received a payment? Better check that email address to make sure it’s legit. Is that really your Aunt Karen texting you a link to her Amazon wish list? She’s never been a texter. Even as threat actors become more sophisticated and launch personalized attacks designed to manipulate individuals, most consumers are confident they can identify, and report suspected malicious cyber activity (77%). Despite this, 56% are still worried they may fall for a threat (and 30% reported that they had) – and that number jumps to 72% when it comes to concerns about a similar fate for a parent, child or loved one.

Most alarming, most consumers still fail to implement basic best practices when it comes to protecting their devices, despite nearly a third (31%) reporting receiving spam emails multiple times per day.

• Only 21% use email security software
• Only 33% consistently use two-factor authentication (2FA)
• Only 28% don’t use repeated passwords
• Only 20% use a password manager

Generational divides

Perhaps the most obvious and easiest way to protect yourself from online security threats: don’t click links you don’t trust. Gen Z, the generation that has never know life without internet, email and texting (and the least likely to have received any offers from the Nigerian Princes of the world), are the least likely to not click on suspicious links (59%) compared with Baby Boomers (88%), Gen X (82%) and Millennials (73%).

The younger generations – Gen Z (38%) and Millennials (35%) – are more likely to implement practices like consistent 2 Factor Authentication (2FA) use when compared to Baby Boomers (31%) and Gen X (33%).

What is consistent across generations: most are not implementing basic cyber safety practices.

It’s not just personal information we should worry about

It’s not just consumer’s personal bank info or PayPal account that’s at stake. 56% of people report doing personal business on a work device (raise your hand if you enabled iMessaging on your work laptop or sent that report to your personal email to work on later) or logging into work systems from a personal phone (who doesn’t have their work email on their personal phone these days?), putting their employer’s data at risk as well.

“For cybersecurity leaders, it’s harder now than ever to secure company data,” said Mark Guntrip, senior director of cybersecurity strategy at Menlo Security. “This goes beyond the challenges of ensuring employees have access to the data they need regardless of their physical location, it’s about educating people on the steps they need to take to not only guard against threats, but learn to identify increasingly sophisticated, personalized threats – look no further than Uber’s recent data breach – design to appeal to individuals.”

Looking into 2023, threats and attacks, including Highly Evasive Adaptive Threats (HEAT) – which are used as beachheads for initiating ransomware, extortionware and other endpoint breaches – are only going to continue rising. While just over half of consumers had heard of phishing (68%), password attacks (55%), trojan horses (51%), or malware/ransomware (66%), most had not heard of other attacks such as smishing (11%). It’s perhaps not realistic to expect the everyday consumers to keep up with the latest threat vectors; but in our “work from anywhere” world with increased usage of SaaS apps that are accessible via any browser, anywhere, these highly evasive adaptive threats (HEAT) are only going to continue rising. This means the burden often falls on corporations to defend against the weakest link in the security chain: people.

How to protect your data

According to Guntrip, there are basic steps everyone should take to ensure their data – personal and company – are protected:

• Enable 2FA
• Use strong passwords (random combinations of letters and numbers are best) and store them securely in a password manager
• Don’t use repeated passwords
• Report suspicious communications
• Install security software and ensure all your devices are running the latest software
• Back up your files to a cloud or offline location regularly
• Don’t respond to, click on links or open/download attachments from any number or email you don’t know (we promise your CEO isn’t really texting you about how your bonus will be paid via gift card you can download by clicking on that weird looking link).

For corporations, additional steps that should be taken include:

• Have cloud security that spans web and email to prevent ransomware and other attacks
• Set up systems to require 2FA for all employees
• Ensure employees review security protocols as part of training and development
• Enforce strong password requirements for email and other applications

Survey Methodology

In partnership with Dynata, Menlo Security conducted a consumer survey, targeting 1,000 adults across the United States, age 18+, during October 2022. Figures for age, gender, education, income, employment and region were weighted to bring them into line with their actual proportions in the population. Because the sample is based on those who agreed to participate, no estimates of sampling error can be calculated.

About Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. Menlo Security is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California. www.menlosecurity.com.