57% of IT workers who get phished don't change their password behaviors

Despite the wide-ranging effects of the Facebook data privacy scandal, only one-fifth of people are concerned over privacy issues related to social media use, according to a Yubico study.

Hackers impersonate these 10 brands the most in phishing attacks Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.

Despite being part and parcel of computing for decades, everyone—including IT workers— continues to fall short on proper password hygiene, according to a Yubico/Ponemon Institute study released Monday. The report finds that 57% of IT workers who have experienced a phishing attack have not changed their password behaviors, according to a survey of over 1,750 of such professionals in the US, UK, Germany and France.

Of the respondents who said they did change their password behavior, 47% reported using stronger passwords, 43% reported changing passwords more frequently, and 41% added two/multi-factor authentication when possible, though only 17% reported using unique passwords for every account.

SEE: Password Policy (Tech Pro Research)

Oddly, privacy concerns of end users are prompted less by the threat of cyber criminals attempting to steal user credentials for fun and profit, as 59% of respondents indicated they "have growing concerns about government surveillance." Respondents indicated that they are most concerned (62%) about protecting their Social Security number, which, as it is a government-issued form of identification, would be information that a government already has about you.

Some 35% of respondents said they know someone who has become a victim of data breaches, while 33% report becoming victims of data breaches themselves. Only 8% report becoming victims of identity theft.

Only 18% of organizations require the use of a password manager, according to respondents. In organizations in which password managers are not required, 53% rely on human memory, while 26% rely on either spreadsheets, or sticky notes of manually written passwords.

Worries about corporate misuse of information are relatively low, as 40% of respondents report concerns over privacy due to the increased use of connected devices such as smart car or smart assistant speakers like Google Home or Amazon Echo, while 21% report using social media more often.

Passwords, fundamentally, are a weak link in security. Researchers continue to invent creative ways of theoretically stealing passwords, with a report last July finding it possible to recover passwords by using an infrared camera on a keyboard. Meanwhile, phishing attacks continue to increase, with Microsoft being the most impersonated brand in Q4 2018. For more, check out TechRepublic's cheat sheet to phishing and spearphishing.

The big takeaways for tech leaders:

  • More people cite privacy concerns from smart device use over social media use. — Yubico/Ponemon Institute, 2019
  • 53% of respondents rely on their own memory to remember passwords. — Yubico/Ponemon Institute, 2019

Also see

istock-975274852.jpg
Getty Images/iStockphoto

By James Sanders

James Sanders is a technology writer for TechRepublic. He covers future technology, including quantum computing, AI, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on Asia.