Alarming Gaps in Mobile Cybersecurity in 2024: Expert Analysis

Why Trust Techopedia
KEY TAKEAWAYS

  • Consumers express concern about cybersecurity threats but lack awareness of basic security practices, leaving them vulnerable.
  • Social engineering scams, particularly through SMS, are the most prevalent mobile threat.
  • Many consumers are unaware of mobile security software, highlighting a need for education.
  • Building a strong cybersecurity culture requires a collective effort from businesses, governments, and consumers.
  • Ongoing education is critical for consumers to understand evolving threats and adopt effective security practices.

As social engineering tactics become the most popular attack vectors, consumers’ security awareness is seen as the ultimate line of defense. Users who build a strong security culture fortify their defenses against cyberattacks, better adapt to innovation, and understand digital challenges and issues while avoiding risks and building confidence.

However, Bitdefender’s new 2024 Consumer Cybersecurity Assessment Report, released this week, found that while most consumers are concerned with privacy and security, serious gaps and deficits exist, with nearly 1 in 4 consumers saying they experienced a security incident in the last 12 months — with many users breached on their smartphones.

Techopedia sat with Filip Truta, Security Analyst at Bitdefender, and other experts, to dive deeper into the findings and move the conversation forward.

Key Findings: Consumers’ State of Security

The new Bitdefender study — conducted from December 2023 through January 2024 with 7,335 general consumers across the U.K., U.S., Germany, Spain, France, Italy, and Australia — found that of those who experienced a breach in the past 12 months, half were scammed via text.

The report also concluded that those who cannot recognize scams likely have experienced one without knowing. Additionally, those surveyed said their biggest concern is that hackers access their finances.

Still, many people use their phones for sensitive transactions while exercising poor security practices. Bitdefender spoke about the importance of security cultures in the report.

“Our behavior regarding cybersecurity doesn’t always match our stated fears and concerns.

 

“Bad actors increasingly exploit complacency around cybersecurity, threatening our security and privacy online.”

Bitdefender report also found that almost a quarter of respondents did not know they can buy mobile security, more than one-third still write down passwords, around half use VPN services but only 27% use it for security, and most are concerned about artificial intelligence.

Who is Responsible For Building Consumer Security Awareness?

Truta from Bitdefender talked about the paradoxes of security awareness and culture versus real incidents and attacks.

“Cybersecurity vendors work tirelessly to inform the public about the threat landscape. Netizens (internet users) today use their phones for a wide range of activities, not least of which to conduct sensitive transactions – yet many fail to employ proper cybersecurity practices.”

“Businesses in general (services consumers interact with every day) also shoulder the responsibility of generating awareness about cyber threats,” Truta said and highlighted the vital role that the media plays as well.

Truta explained that all companies with a public-facing website or portal should enforce multi-factor authentication – and highlight why it does so, outlining the risks customers face if they solely rely on simple password logins.

“Employers should conduct periodic cybersecurity assessments and training. This helps protect the organization from an attack targeting the human layer (i.e., phishing campaigns) while also creating general awareness about cybersecurity hazards circulating online, including past work hours.”

“This is especially important because of the home/office work model for most of us,” Truta said. “Threats that impact our home network can easily traverse to the corporate network.”

Mobile Security Gaps and Deficits

The Bitdefender study shows that SMS scams are the most prevalent threat. However, the report also highlighted concerns about malware and hacking, and users’ lack of understanding of mobile multi-layered defense software and apps.

Bitdefender report found that many users (76%) still believe their smartphone or mobile device is not a potential target. Truta spoke about the issue.

“Most consumers who don’t use dedicated security seem to trust their vendor to handle the problem. The reality is no software is immune to hacks — especially in targeted attacks. Deploying a dedicated security app can help reduce the attack surface”.

Truta advised consumers to scan their devices for potentially malicious apps and to scan incoming communications for malicious links. Truta also said users should be sure to keep their devices updated as the latest security patches released by vendors are important.

“As we also highlight in the report, many Android smartphone vendors pre-install ‘security’, but these solutions typically expire after a trial period. And many users likely postpone their purchase, forget, or refuse to buy altogether.

 

“According to our survey, almost a quarter of consumers aren’t even aware they can buy security on their phones.”

Underutilization of Smartphone Security Apps

Shawn Loveland, Chief Operating Officer at Resecurity — a cybersecurity company for individuals and businesses — talked about the underutilization of mobile multi-layered defense software and apps.

“Many users may need to be aware of the extent of cybersecurity threats on mobile devices, which they often perceive as less vulnerable than computers.

 

“There’s also a tendency to prioritize convenience and usability over security, leading to a reluctance to install additional protective software that might be perceived as cumbersome or resource intensive.”

Shawn explained that users may incorrectly assume that built-in security measures in modern smartphones are sufficient and called to address these issues through education and user-friendly, effective solutions.

Shawn spoke about how developers and organizations can build a strong cybersecurity culture that educates consumers on cybersecurity risks and practices.

“Incorporating security awareness through reminders, tips, and alerts encourages strong authentication methods, secure passwords, and recognition of phishing scams,” Shawn said. “Software developers must make apps and services secure by default and inform users of potential risks when they attempt to make the app less secure.”

“Providing tools and resources to help protect data fosters a proactive attitude toward cybersecurity.”

U.S. Cybersecurity Culture and the Government

Ameesh Divatia, Co-Founder and CEO at Baffle — a security platform that cryptographically protects the data itself across databases — spoke to us about U.S. cybersecurity culture and the government.

“U.S. cybersecurity culture tends to be a fast follower to the E.U., which sets the trend when it comes to cybersecurity regulation, particularly subject rights. The lack of a federal mandate is the biggest challenge to being a leader in this area.”

Divatia said that recent developments, such as the White House Executive Order on Safe, Secure, and Trustworthy AI, are signs of progress but questioned how these new mandates will be enforced.

“This leads to a culture of checkbox security where U.S. entities do the bare minimum necessary to stay out of trouble with the regulators.”

Divatia added:

“Data is an enterprise’s biggest asset, but if not protected well, it can become a liability.”

Divatia said Chief Data Officers have to find ways of using their assets while Chief Security Officers have to ensure that data is used responsibly.

“Technology has progressed to the point where it is possible to balance this out so that the concept of collection and usage are not mutually exclusive,” Divatia said.

The Eternal Dilemma of Passwords

Bitdefender said in its recent blog post that password management remains a “glaring weak point”.

Bitdefender was alarmed at how consumers manage their passwords, with more than one-third (37%) writing their passwords down and 34% using the same password for two or more accounts.

Furthermore, 17.3% said they use the web browser autofill feature, and 14.4% use Apple’s strong password autofill feature.

The Passwordless Future?

Truta from Bitdefender recognized that weak password practices are a major concern. When asked about the future of passwords, biometrics, password managers, and passkeys, he spoke about the creativity of bad actors and new tech.

“Motivated actors consistently find ways to hack into people’s accounts, either by social engineering, brute forcing usernames and passwords, SIM swapping techniques, or data-stealing malware.”

Truta said that — considering the multitude of attack avenues hackers have today — the simple password is slowly becoming an obsolete form of authentication.

“Password managers help a great deal to reduce this attack surface, ensuring that netizens use unique, hard-to-crack passwords for every account they have on file. However, the least-crackable form of authentication is, and will continue to be, biometrics.”

Consumer Cybersecurity Culture and AI

The Bitdefender report found that most (67%) consumers are concerned about AI as a threat to their security and privacy. The report also revealed regional AI differences, with consumers from Spain being the most concerned (80%), while only 49% of Italians feel the same way.

As AI migrates from the cloud to everyone’s device and smartphone, serious concerns on several fronts emerge, from data storage to data usage and access. Additionally, Bitdefender says consumers expressed worries that the traditional data protection laws are not equipped to answer. Truta said that the key to AI is transparency.

“Companies capitalizing on AI can win the trust of their customers by starting with a simple, short, yet comprehensive list of terms of service – one that gives users the option to opt into a particular feature or service and opt out of another, so that anyone and everyone can start using that product in minutes, in line with their privacy demands, without fearing that they checked the wrong box.”

Truta also highlighted that those who profit from AI must also adhere to strong principles about the governance of user data routed through their servers.

“New legislation is required in this sense. It’s important to remember that pioneering technologies take time to mature. Similarly, it also takes time to ensure proper governance of such technologies.”

The Bottom Line

The Bitdefender 2024 Consumer Cybersecurity Assessment paints a concerning picture of consumer cybersecurity awareness.

While many express fear of data breaches and online threats, a significant portion fail to implement basic security practices. This disconnect between concern and action leaves consumers vulnerable to social engineering attacks, malware, and other online dangers.

The report underscores the need for a multifaceted approach to improving consumer cybersecurity culture. Businesses have a responsibility to educate users about online threats and implement strong security measures by default. Governments must establish clear regulations to protect consumer data and enforce cybersecurity best practices.

Ultimately, building a strong foundation of cybersecurity culture requires ongoing education for consumers.

Users must understand that they are responsible for their security and face the ever-evolving threat landscape by adopting security practices that safeguard their data and privacy.

Related Terms

Related Article