Consumer Attitudes Toward Internet and Mobile Security Across Europe

First published: 31^st March 2008

F-Secure, has announced the results of its first annual Online Wellbeing Survey. This third-party survey of Internet users aged 20-40 in the US, Canada, the UK, France and Germany, tested respondents' knowledge of online security issues (their 'security IQ') and gauged their confidence in the safety of basic online activities. The results revealed that while most respondents have security software installed on their PCs, many remain unsure that their email is free of malware and other threats. The survey also showed that few consumers realize how frequently their security software's antivirus definitions need updating, and most respondents revealed a misplaced confidence that their definitions were up-to-date. Over three quarters of mobile phone users are aware that malware can infect a mobile device via Bluetooth - but fail to have security software installed, according to this survey.

Online

The survey showed that Internet users in North America and Europe had a basic understanding of online security issues, but still don't have confidence in the security of basic online activities. While the results revealed similar levels of security knowledge and online confidence across those surveyed, German consumers showed markedly less confidence in the security of e-commerce and online banking than respondents in other markets. German respondents also revealed a significantly better understanding of how frequently anti-virus definitions need to be updated.

F-Secure's findings included the following:

Understanding Antivirus Protection

Though most respondents believed that their antivirus software is up to date with the latest definitions, few correctly identified the frequency with which these definitions must be updated, suggesting a misplaced confidence. However, a majority of respondents correctly indicated that online security requires more than just antivirus protection. On average:

• 19% of respondents understood that antivirus definitions need to be updated many times per day
• German respondents scored highest on this issue, with 31% answering correctly, nearly twice other markets surveyed
• 76% of respondents were confident their security software's antivirus definitions were up to date
• 73% of respondents recognize that their computers can become infected with malware if they rely on antivirus protection alone, even if their security software's antivirus definitions are up to date

Email Security

Consumers across all markets showed low confidence in the safety of basic email activities. On average:

• Only 10% of respondents are confident that they can open email attachments without infecting their computers with malware
• Confidence was lowest in the US, at 7%
• Just 9% of respondents are confident that they can open links sent via email without infecting their computers with malware
• Confidence was highest in the UK, at 15%, and lowest in France, at 4%
• 24% of respondents are confident that they are safe from malware sent via email
• Confidence was highest in Germany, at 31%, and lowest in Canada at 17%

General Knowledge of Online Risks

The survey revealed that respondents have a basic understanding of online risks and the ways in which their computers could become infected with malware. Expectedly, the great majority of consumers reported having security software installed on their computers. However, with their understanding of online risks, respondents expressed a lack of confidence in the security of basic online activities. On average:

• 95% of respondents have security software installed on their computers
• 73% of respondents recognize that computers running antivirus software with up-to-date virus definitions can still become infected with malware
• 88% of respondents realize that malware can add their computers to a botnet used to send spam without their knowledge
• 16% of respondents are confident that files they download from websites are free from malware
• 18% of respondents are confident that they are safe from malware spread by Web sites

Consumers showed generally low confidence in their ability to identify phishing scams. On average:

• 37% of respondents were confident they could spot a phishing email Confidence was lowest in France, at 26%
• 27% of respondents were confident they could identify a phishing site Confidence was lowest in France, at 21%

Perceived Security of Online Transactions

Respondents showed greater confidence in the safety of online banking than in the security of credit cards used for online shopping. In both of these areas, German consumers reported significantly less confidence than other respondents.

• 50% of respondents in the US, Canada, the UK, and France felt their credit cards were secure when shopping online, in contrast to:
• 15% of respondents in Germany felt their credit cards were secure when shopping online
• 65% of respondents in the US, Canada, the UK, and France were confident in the security of their online banking, whereas:
• 28% of respondents in Germany were confident in the security of their online banking

"It's concerning to see that so many consumers believe their antivirus definitions are up to date while not understanding how frequently they need to be updated; this really shows why it's essential for consumers to make sure they acquire their security from a reliable source and make sure it includes professional service as well," said Mikko Hyppönen, Chief Research Officer at F-Secure. "Email security certainly isn't a new issue. Email remains one of the most popular ways to spread malware, and users understandably remain concerned that attachments may infect their computers. While malware is still being spread via email attachments, we've also seen an increase in the use of other techniques, like 'drive-by-downloads', and it's important that consumers be aware that email attachments aren't the only way malware is spread. Security software should empower users to take full advantage of the Internet and their email without worrying about vulnerabilities or security risks - it should provide true online wellbeing."

Mobile

On average, 28 per cent of all respondents said they use their mobile device to access the Internet. A large majority, 86 per cent admitted to having no mobile security. Out of all the countries questioned, the UK had the highest percentage (47%) of users accessing the Internet through their mobile device, while at the same time being the least likely to have a security product installed on their mobile phone. Most users are aware of the security risks involved with using the connectivity features on their phone: only 21 percent regarded Bluetooth connections safe, and a mere 15 per cent were under the impression WiFi connections are safe.

Over half of those questioned felt it was up to the individual user to ensure their phone was protected. A third expected this to be taken care of by their mobile phone carrier, with the US putting the greater emphasis on third-party responsibility. Only 11 per cent of Germans believed their mobile phone provider should be in charge of security, compared with over 32 per cent in France.

"While the mobile threat is low at present, it's only a matter of time before Internet criminals start utilizing the growing potential that smartphone usage presents to them," warned Mikko Hyppönen, chief research officer at F-Secure. "So far there have been about 400 mobile viruses detected, but as smartphones replace PC's as the dominant Internet platform, we can expect this figure to rise."

Geographically the sources of mobile threats are spread around the globe with activity originating for instance in South-East Asia, Russia and South America. While the threat from mobile viruses remains low, there has been increasing activity with spyware applications for mobile phones. Such applications make it possible to get covert access to all the functions of the affected phone, including recording of phone calls, access to messages and switching on the phone's microphone for listening.

The low amount of security software installed on smartphones coupled with the rapidly increasing volume of these devices make them a very vulnerable target for hackers.

The survey was carried out by a third party in January 2008 across 1,169 Internet users aged 20-40 across the US (225 respondents), Canada (228 respondents), the UK (227 respondents), France (256 respondents) and Germany (224 respondents). F-Secure asked respondents a series of basic online security questions and, using a Likert scale, asked them to rate the extent to which they were confident in the security of given online activities.