Digitalization is becoming more and more established in many habits of life. One of the keys to this consolidation is that society trusts the technologies that make it possible, offering total security guarantees. To what extent do Spaniards trust these digital solutions? How can this trust be increased?
It is becoming more and more common to perform online actions and procedures of various kinds. We make purchases, bank transactions, sign documents and a multitude of processes with the convenience of being able to do them from anywhere and at any time, saving valuable time.
Despite all these advantages, online transactions have, since their origins, been subject to some reluctance on the part of the general public, who were wary of providing sensitive personal or financial information, such as account or credit card numbers.
Moreover, the appearance of news related to cybersecurity conflicts and fraud do not do any favors to the normalization of online processing by those who do not yet place all their trust in the digital transformation of these procedures.
To measure the degree of online confidence of Spanish households, as well as their cybersecurity levels, the National Observatory of Telecommunications and the Information Society (ONTSI), which depends on Red.es, prepares the biannual Study on Cybersecurity and Confidence in Spanish households.
For the execution of the report relating to the period from January to June 2019, a total of 3,619 online surveys were carried out, as well as specialized software for the analysis of the equipment studied.
The purpose of this study is none other than, in addition to analyzing the state of cybersecurity and online trust, to promote knowledge on the subject so that useful and effective measures can be taken, as well as to encourage public institutions to use policies and measures that facilitate the achievement of these goals.
The following is a review of the key results of this survey concerning digital security data and habits, as well as the perception that Spaniards have in this regard, all of which shape their trust in the online world.
Security incidents in Spanish homes
With regard to security incidents, 64.8% of the participants have experienced some kind of security incident, compared to 35.2% who have not. Among those who have experienced an incident, the most significant are:
- Receipt of unwanted e-mail (spam): 86.8%.
- Malware infection: 16%.
- Interruption of services due to cyber-attacks: 13.3%.
- Loss of files: 12.6%.
- Identity theft: 7.8%.
- Device access: 6.1%.
Within the incidents related to malware, it should be noted that 60.9% of the respondents, although they stated that their computers were clean, were shown to be infected by malicious software. This percentage is lower in the case of Android device users (18.4%).
If we differentiate the main types of malware, the most common on PCs are adware of an advertising nature (54.9%) and Trojans (49.6%), the latter percentage having grown with respect to previous months. On Android, Trojans are in the majority (14.9%), while adware is at 4.9%, having fallen sharply from the last study.
The study shows an alarming result, and that is that most of the infections are high-risk, specifically 71.9% for computers and 76.5% for Android.
If we look at the operating systems, the majority of Windows devices are attacked (69.6% of those infected) compared to those that use Android as their operating system (19.5%).
Online fraud
Internet fraud is one of the main targets set by cybercriminals. In fact, the study shows that 68.2% of those surveyed have experienced some kind of fraud situation. Among these, the most common were:
- Invitation to visit a suspicious website (67%).
- Receiving an e-mail with unsolicited information (50.4%).
- Receiving products from fake sites (47.5%).
- Receive an e-mail requesting passwords (28.8%).
- Suspicious job offers (24.4%).
- Discharge in non-subscribed services (22.6%).
- Access to fake websites of banks, businesses or administrations (15.9%).
Of all these frauds, 11.5% have an economic impact on the victim, a figure that has been growing in recent months. Regarding the amount of this impact, 65.1% is up to 100 euros and 21% ranges between 100 and 400 euros.
How do we act after a security incident?
Once we have suffered an online security breach, we must learn from it and acquire habits that will prevent us from going through such an unpleasant situation again. The most common actions in this regard are:
- Password change: 46.8%.
- Updating of security tools: 23.5%.
- Backup copies: 20.8%.
- Give up downloads from unsafe sources: 14.2%.
- Leaving unauthorized software: 11.8%.
- Change security tools: 11%.
- Stop using online services, such as banking or commerce: 4.8%.
As you can see from the last point, once you have gotten into the habit of performing certain actions online, it is difficult to change back to an offline situation.
If there are some sectors in which online fraud is very present, these are banks and e-commerce. For this reason, the study places special emphasis on them.
Among those who have suffered an online banking fraud, 68.4% do not change any of their habits, while 17.1% make use of the security measures offered by the bank itself.
In the case of e-commerce, 71.4% have not changed their behavior either, and 12.4% have restricted their use.
Usage habits for greater online security and confidence
Types of security measures and uses
One of the main aspects covered in this report is the use that Spaniards make of the different cybersecurity tools available to them. To do this, first of all, these measures must be defined. ONTSI classifies them according to 4 criteria:
- Automatable measures: the user does not have to do anything for them to be executed.
- Non-automatable measures: require the direct intervention of users.
- Proactive measures: are those that focus on the prevention of possible security incidents.
- Reactive measures: are those taken once the cybersecurity incident has materialized in order to eliminate it and/or mitigate its effects.
It should be noted that a particular measure may belong to more than one of these groups. For example, the encryption of a file is both proactive and non-automatable, or an antivirus simultaneously meets the requirements of a proactive and reactive measure.
Among the automatable measures, the most commonly used are antivirus (68.6%), operating system updates (58.1%) and firewalls (36.6%).
Among the non-automatable ones, we find passwords (58%), deletion of temporary files and cookies (43.9%), backups (36.5%) and the use of digital certificates for electronic signatures (22.3%).
Security and WiFi networks
One of the most important avenues for malicious attacks on devices is through wireless networks, so we must pay special attention to the security aspects related to them.
Here we note a worryingly high number of respondents whose WiFi networks are not protected or who are unaware of their protection status (45.7%).
In addition, the use of increasingly secure standards, such as WPA2 (39.2%) and WPA (11%), as well as the decrease in the use of protocols that are becoming obsolete, such as WEP (4.2%), are in the majority.
Nor should we ignore other habits related to WiFi networks, specifically those of an open nature, whose security level is much lower. Users of public networks have shown a downward trend in recent months, currently standing at 15.2%.
Within the users of open networks, there is a considerable percentage (34.2%) of those who do it anywhere whenever they need to.
The survey also reveals a low number of users who suspect that they have been victims of intrusions through their WiFi networks, their percentage being 12.6%.
Direct download on the Internet
Downloads are also a common entry point for malware. Regarding the behavior of Internet users in relation to these downloads, the study highlights the following actions:
- Verification of the veracity of downloaded content: 51.7%.
- Analysis of the device or file after download: 49.5%.
- Use of programs for on-demand downloading from the web: 40.1%.
After downloading, the next logical step is the installation of the downloaded program. In this aspect we must also consider further security measures, such as:
- Pay attention to installation steps: 80.4%.
- Check in detail that you are installing what you really want: 63.4%.
- Read the license and terms of use: 34.6%.
Why are security measures not used?
One of the questions raised by the authors of the study is why users do not adopt any measures to strengthen their digital security. The main arguments put forward are related to lack of knowledge, lack of need and lack of interest.
If we look at digital certificates for electronic signatures, their non-use is essentially due to the following reasons:
- Lack of need or interest: 43.5%.
- They do not know what it is: 22%.
- Does not provide them with confidence or security: 10%.
- Dulls device operation: 6.3%.
- Does not provide sufficient protection: 3.7%.
Conscious adoption of risk behaviors
Often, users themselves, despite knowing the dangers of certain digital behaviors, consciously put them into practice, constituting a fraction of 41.6%. Although this is still a worryingly high figure, there has been a decrease compared to previous surveys.
All this despite the fact that 51.1% know that their actions online have cybersecurity consequences.
Among the reasons given for taking these risks, 45.2% say that they have to take them in order to use the Internet, 67.2% think that security tools are very expensive and 80% think that they require a lot of effort on their part.
What is the online confidence level of Spaniards?
Up to this point we have reflected statistics that reflect the level of cybersecurity of Spaniards, either through figures related to incidents or their digital habits. In this section we will take a look at their perception of online trust.
In general terms, 42% of the participants express a great deal or quite a lot of trust, 43% rate this trust as sufficient and 14.3% show little or no trust online. In addition, 46.4% believe that the Internet in Spain is becoming increasingly secure.
Regarding trust in their own devices, 70.9% believe that they are adequately protected against digital threats.
In terms of providing personal information, there is greater confidence in doing so in public services, either physically or digitally.
In such sensitive aspects as banking transactions, there is a high degree of confidence in them, being very or fairly high for 45.4%. For e-commerce, the same degree of confidence is 45.7%.
Regarding the perception of incidents, over 60% believe that the number of incidents has not changed in the last six months, as well as their severity.
As far as risk perception is concerned, those of greatest concern are those related to privacy and economic fraud, both accounting for 85.2%.
As you can see, online trust affects everything and everyone on the Internet. Society is becoming more and more aware of this and is taking appropriate measures to enhance its security. Despite this, there is still a long way to go, an improvement to which education and the use of appropriate solutions can contribute greatly.
Within these tools, those related to signature and authentication are an enormous reinforcement for the online trust of citizens. Thanks to these we can unequivocally verify the identity of the person, greatly reducing the risk of fraud and adding an important legal support in the event of having to resolve any litigation in this regard.
For our part, we will continue to develop products that offer all possible confidence to our customers, complying 100% with the legal frameworks of the countries in which we are present and, of course, we will continue to monitor the evolution of these levels of online confidence to keep you as informed as possible.