Highlights
The 2017 Norton Cyber Security Insights Report reveals common traits of cybercrime victims in the country
People in the UAE may feel safe online, but hackers have proven anything but. They stole Dh3.86 billion from 3.72 million consumers in the country over the past year, according to the recently released https://www.symantec.com/about/newsroom/press-kits 2017 Norton Cyber Security Insights Report. More than half (52 per cent) of the 1,059 UAE respondents experienced cybercrime, with each victim losing an average of Dh669 and 47.9 hours (about six working days) dealing with the aftermath of a cybercrime. Globally, 21,549 individuals over the age of 18 were surveyed across 20 markets.
The cybercrime victims surveyed share similar traits: they are everyday consumers who confidently use multiple devices at home and on the go. The Norton report found that cybercrime victims were twice as likely to own a connected home device. Consumers with an internet-connected gaming console, wearable device or a smart device that streams content were also more likely to fall victim to cybercrime.
"While small variations for the most costly forms of cybercrime do exist from one market to the next, identity theft and credit card fraud generally appear in the top three most costly forms of cybercrime for a majority of the twenty markets polled," says Tamim Taufiq, Head of Norton Middle East. "It’s important to note, as well, that some of the most common forms of cybercrime are not always those that are the most costly.
"Globally, credit card theft is the second most costly form of cybercrime when we look at the findings across the 20 markets. There are many markets wherein we saw that credit card fraud was the cybercrime that incurred the most cost for consumers."
The report found that cybercrime victims are more likely to use the same online password across their accounts (24 per cent of victims versus 20 per cent of non-victims), or use different passwords but save them on their computer’s web browser (16 per cent versus 10 per cent). They’re also more likely to save their passwords to a file on their device as non-victims (24 per cent versus 18 per cent). Equally concerning, 45 per cent of UAE cybercrime victims – despite their experience – had a higher trust in their own ability to protect their data and personal information from future attacks, while a third (32 per cent) believed they were at low risk for becoming a cybercrime victim.
Consumer trust
The survey revealed interesting insights into cyber-confidence. Despite high-profile cyberattacks such as Petya and WannaCry making global headlines, 81 per cent of people surveyed gained or maintained trust in banks and financial institutions, 79 per cent placed faith in their security software, and 77 per cent were comfortable that identity theft protection providers could take care of them.https://gulfnews.com/news/americas/usa/uae-tra-warns-users-as-fast-moving-cyberattacks-wreak-havoc-worldwide-1.2026329
“While consumers were not asked why they’ve gained or maintained trust in these particular entities as part of the survey, the UAE government has done a great job in setting cybersecurity regulations to improve the standards in which these entities have to abide by,” says Taufiq. “Financial institutions, security software companies and identity theft protection providers are at the forefront of data management and protection, so consumers tend to place higher levels of trust with them.”
Nearly half (44 per cent) of consumers said they’ve lost trust in credit reporting companies that gather information without their consent, and 34 per cent lost trust in social media platforms. Conversely, 44 per cent of UAE consumers gained trust in themselves to manage their data and personal information.
“Consumers’ actions revealed a dangerous disconnect – despite a steady stream of cybercrime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves,” explains Taufiq. “This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cybercrime.”
Generation gap
Interestingly, millennials were far more likely to experience cybercrime than other generations. While millennials are a digital-first generation and rather tech savvy, they also make similar mistakes such as using the same password across accounts and sharing their password with others. One in five millennials also admit to not having any protective measures in place for at least one of their devices.
“In this year’s report, we found that 58 per cent of millennials in the UAE became victims of cybercrime, compared to only 46 per cent of generation X and 28 per cent of baby boomers,” explains Taufiq. “Further analysis showed that 28 per cent of millennials were using the same passwords across devices and accounts, compared to only 9 per cent of boomers. Another interesting statistic that came up was that 45 per cent of millennials were sharing their password with somebody they trusted or knew, compared to 29 per cent for boomers.”
Ransomware
A term added to the Oxford English Dictionary in its most recent update, more than one in ten UAE consumers (13 per cent) have experienced ransomware, and the consequences have been expensive. Ransomware victims reported losing an average of 89 hours dealing with the aftermath, and nearly one in five (18 per cent) paid the ransom and got nothing in return. With half of UAE consumers (49 per cent) admitting they never backup all their devices and one in 13 admitting they don’t bother with software updates, a significant number are at risk of losing their digital property for good.
“Paying the ransom may seem like a natural response to get your personal files back,” says Taufiq. “However, handing the hackers money simply continues to fund their efforts with no guarantee that you’ll personally be able to regain access to your digital life. In the case of ransomware, crime pays, and we can all take some simple steps to thwart [hackers’] efforts.”
Cybercrime: A grey area
Though 77 per cent of UAE consumers believe cybercrime should be treated as a criminal act, when pressed, contradictions emerge. When presented with examples of shady online behaviour, more than two in five (42 per cent) UAE consumers believed at least one questionable act was always or sometimes acceptable, including: Putting software on someone else’s device to spy on them (more than one in five); using someone else’s credit card without permission to shop or book online (one in seven); accessing someone’s financial accounts without their permission (one in seven); and more than one in five (22 per cent) stated stealing information online was not as bad as stealing property in real life.
“The lines are greying for consumers when it comes to what is and is not acceptable and appropriate,” says Taufiq. “Today, more consumers are aware of the impact of cybercrime, but not all engage in smart online behaviour. In fact, those who claim to be security conscious are more likely to practice risky or questionable online behaviours and fall victim to a cybercrime. Three out of four consumers believe cybercrime should be treated as a criminal act, but 42 per cent caveat that the instances are circumstantial.”
Interestingly, victims of cybercrime were more likely to think it’s OK to invade privacy or access information without permission; 26 per cent say reading someone’s emails without their consent is sometimes or always acceptable, compared to 13 per cent of non-victims; and 19 per cent believe that accessing someone's financial accounts without their permission is sometimes or always acceptable, compared to 8 per cent of non-victims.
“This is precisely why Norton by Symantec commissioned the Norton Cyber Security Insights Report, a global omnibus survey, to understand consumers’ views and experiences with cybercrime and their digital safety behaviours,” explains Taufiq. “The report looks at consumers’ views and experiences with cybercrime and how they influence their digital safety behaviours. We release the report each year to help increase consumers’ awareness of cybercrime so they can take action to protect their identity, data and devices.”
To learn more about the real impact of cybercrime and how consumers can protect their digital information, go here for more information.
