More than 50 per cent of consumers say they've been victimised by bad apps

37 per cent said they had been targeted in a phishing attack

More than half of consumers have been victimized by malware or a computer virus and more than a third have been targeted by phishing emails.

Those were two of the findings in a survey released by Impermium, a maker of Cloud security software.

Some 56 per cent of more than 2000 adult consumers told Impermium that they'd been a victim of a malware or virus attacks on a computer, while 37 per cent said they'd been targeted in a phishing attack and 20 per cent revealed they'd been in the cross-hairs of social media phishers.

More than a quarter of the consumers (26 per cent) said they'd had an online account compromised -- hacked, breached or passwords stolen.

Although many consumers have personally felt the pain of online threats, they remain reluctant to embrace two-factor authentication (2FA) to help secure their accounts, the researchers discovered. As commonly implemented by online service providers, 2FA requires the use of a code -- sent via SMS message or automated voice call -- in addition to a user name and password to access an account in certain circumstances.

Three quarters of the those surveyed by Impermium said they'd never used 2FA. In addition, more than a quarter (27 per cent) said they'd shied away from a website offering 2FA because they didn't want to disclose their mobile number or the process was inconvenient.

"Two-factor authentication has been held up as this magic panacea over the last few months and yet, it doesn't solve the problem, in part, because the adoption rates are so abysmally low," Impermium CEO and former Yahoo spam czar Mark Risher said in an interview.

The convenience factor is a big barrier to adoption, Richer added. "It's a real hassle. It's a real usability pain."

2FA's appeal might be improved by offering methods for delivering codes other than SMS messages, but that can have additional security consequences. "More choices would increase adoption," Richer said, "but choices, too, can be a hassle for innocent users and can be circumvented by the bad guys."

What's more, he added, "The more choices, the more options the bad guys have."

Both human nature and commercial concerns are currently working against broad adoption of 2FA. "[H]umans seem to have a tendency to do minimal work," AlienVault lab manager Jaime Blasco said in an email. "That means if they have to perform two different tasks to login to a site, they probably won't."

Meanwhile, online vendors are concerned that boosting authentication requirements will lead to abandoned shopping carts and lost purchases. "Vendors want a seamless purchasing experience," Eset senior researcher Cameron Camp explained in an interview.

"If a one-click experience becomes one-click plus something else plus something else, it can affect impulse purchases," Camp observed. For example, you might go to Amazon to buy a book and leave with a book, a CD and gym shoes. That might not be the case if additional authentication were required for each purchase.

A deeper issue uncovered by the Impermium survey that could affect any online authentication scheme going forward is trust. In addition to not trusting online sites with their cell phone numbers, 39 per cent of the participants in the poll blame websites for account compromises.

"Four out 10 people are saying we don't trust people doing things the right way from a back-end systems standpoint," Phil Dunkelberger, CEO of Nok Nok Labs, said in an interview.

Meanwhile, another 37 per cent of the respondents tagged weak passwords and consumer gullibility as the primary cause of account breaches. "There's plenty of blame to go around," Dunkelberger said. "One area that can be blamed is the addiction to user names and passwords. They don't work for people, especially in mobile cases."

Moreover, consumers are becoming more skeptical of what online services are doing with their data, even when they say they need it for security reasons. "Users are beginning to push back against e-marketers and this, unfortunately, is a symptom of that," James Fenton, CSO of OneID, said in an interview.

Consumer attitudes toward trust and convenience will rapidly change as cyber criminals step up their game, contends Berk Veral, senior marketing manager for fraud action and cyber crime intelligence for RSA, the security division of EMC.

"It will reach a point, as consumers face sophisticated malware attacks, that giving up a mobile number to protect your email account isn't going to be an issue," Veral said in an interview. "It's going to be a no-brainer."

That can already be seen in one highly targeted area: mobile gaming. The makers of World of Warcraft have had "incredible success" converting users to 2FA, noted Richard Henderson, a researcher at Fortiguard Labs.

Not only is a free mobile app used for 2FA, but a paid hardware token is also offered. "In fact," Henderson said, "the paid hardware token has been very successful. People have shown a willingness to pay for that kind of solution."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationslegalsoftwarevirusdata protectionmalwareImpermiumcybercrimeImperium2FAData Protection | Malwaresecurity

More about Amazon Web ServicesCSOEMC CorporationEsetFentonRSAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts