Greater uptake of 2FA but room for improvement in password management habits - CSA's annual survey 2017
The Cyber Security Agency of Singapore (CSA) has released key findings from its annual survey for 2017. The survey seeks to measure public awareness and adoption of cyber hygiene practices in Singapore, so as to better aid in developing initiatives to bridge knowledge gaps.
Data was collected from 2,035 respondents via an online survey and it was weighted against the demographics of Singapore’s general population by gender, race and age.
The resultsreveal improved uptake in good cybersecurity practices by respondents, namely in enabling Two-Factor Authentication (2FA), and exercising caution when it comes to online transactions and app downloads. But there is scope for improvement in password management habits and updating desktop and mobile software.
Improved awareness and adoption of 2FA
A greater proportion of respondents are now aware of what 2FA is, as seen from a six percentage point drop in the proportion of respondents who are “not sure” of this authentication process, from 10 percent in 2016.
This could also be a reason why more respondents indicated that they had enabled 2FA for either some or all accounts, resulting in a significant increase of 13 percentage points from 66 percent in 2016.
More respondents are exercising caution when it comes to online transactions and app downloads. The proportion of respondents who proceeded with online transactions without first checking the authenticity of the websites dropped from 38 percent in 2016 to 20 percent in 2017. Fewer respondents are also connecting to open, non-password protected Wi-Fi networks in public places, with a decrease from 37 percent in 2016 to 25 percent in 2017.
Furthermore, there are fewer respondents who indicated that they had never scanned for viruses before opening or using downloaded files or external devices - a 30 percentage point drop, from 41 percent in 2016 to 11 percent in 2017.
The findings also showed a 7 percentage point increase in the number of respondents who downloaded mobile applications from official app stores (such as Google Play Store and Apple App Store), from 83 percent of respondents in 2016 to 90 percent in 2017.
Need for improvement in password management and software update habits
No improvement was observed in password management habits in 2017 as compared to 2016. About one-third of respondents continue to store their passwords in their computer or write them down, or use the same password for work and personal accounts.
From a given list of passwords, only 45 percent of respondents are able to identify a strong password of at least eight characters comprising upper and lower-case letters, numbers and symbols in 2017. Over six in ten respondents do not change their passwords regularly, or did so only when the system prompted them.
While 94 percent of respondents indicated that they update their Personal Computer (PC) software, 41 percent do not update it immediately or as soon as possible. Simiarly, 97 percent of respondents with apps on their mobile devices update their mobile software, but 38 percent do not update it immediately or as soon as possible.
Less than half feel they could fall victim to cyber threats
Respondents’ levels of concern towards cyber threats – i.e. having their devices infected by viruses or malware, their financial or personal information extracted without their consent, and falling victim to a scam or fraud – witnessed a slight dip (3 percent – 5 percent).
Moreover, while seven in ten are concerned about these threats, less than half of them (31 percent – 44 percent) feel that the scenarios will happen to them. When asked if they would agree that all Singaporeans have a role to play in cybersecurity, seven in ten respondents agreed with the statement.
General tips on cyberecurity and information on privacy and data protection emerged as the top two categories of information respondents are keen to know more about (21 percent and 19 percent respectively). Another 21 percent indicated that they are not sure, while 18 percent indicated that they do not want to see any security information.
CSA to launch second cybersecurity public awareness campaign
To continue to encourage adoption of good cybersecurity practices, CSA will launch its second cybersecurity public awareness campaign - “Cyber Tips 4 You” - on 23 April 2018, with a series of online videos, advertisements and posters, featuring local celebrities Suhaimi Yusof and Jae Liew from the cast of television drama “Tanglin”.
The two celebrities will provide four simple cyber tips to viewers, namely (1) use an anti-virus software, (2) use strong passwords and enable 2FA, (3) spot signs of phishing, and (4) update your software as soon as possible.
A launch event will be held on 5 May 2018 at Bedok Mall where visitors can get tips on how to create strong passwords as well as information on anti-virus software and how it works.
Mr. David Koh, Chief Executive of CSA, said, “It is heartening that a majority of respondents recognise that everyone should be concerned about cybersecurity. However, we need to translate this recognition into action. Cyber threats show no sign of abating. While we will continue to provide cybersecurity understanding and know-how to the community, we must recognise that we all have a part to play to protect ourselves online and not fall prey to cyber criminals.”