Malaysia and Singapore are the top two most cyber-savvy nations in Asia, according to the Eset Asia Cyber Savviness Report 2015.
But although both countries, along with other Asian countries, have large numbers of internet users, those users tend to take unnecessary risks when they are online, which leaves them vulnerable to cyber attacks, said the report.
The report found users labour under the misconception that their personal accounts and activities are not likely to be a target for hackers; and some may be trading security for convenience – partly due to a lack of awareness.
Many of the 1,800 respondents – polled from Association of Southeast Asian Nations (Asean) countries such as Malaysia, Singapore, Thailand and Indonesia – commit basic mistakes, such as using passwords with easy-to-access personal information, such as their date of birth or surname. They also store passwords and credit card details online and connect to unsecured public Wi-Fi networks.
The Eset report found 93% of online users in Asia worry about cyber security – but only three in five consumers can answer basic cyber security questions correctly.
The study also found that cyber-savviness does not equate to being secure. For example, users in Indonesia and India take the highest number of precautions, despite having the lowest levels of cyber security awareness. On the other hand, countries such as Malaysia, Singapore and Thailand – which ranked among the top in the savviness survey – came in near the bottom in protecting themselves.
“Hackers are like predators in a jungle – they look for easy targets and the path of least resistance. The survey results show that, while consumers are adopting technology quickly, they are unwittingly putting themselves at risk by not appreciating the need to secure their new devices, which can be done very easily,” said Parvinder Walia, sales director Apac at Eset.
This disconnect is unsurprising, said Simon Piff, associate vice-president, enterprise infrastructure, at IDC Asia Pacific.
“Many Asean users are getting online with highly user-friendly smartphones or tablets, the level of formal training required to get online is significantly lower than ever before. Tie this to the growing level of public Wi-Fi availability, social media use and the demands of access over everything else, then there will obviously be more users who are less educated about the issues,” said Piff.
“Most organisations are aware of the issues of not patching public facing systems – and yet many go unpatched for a variety of reasons. If commercial entities cannot maintain high levels of cyber security, why would individuals?”
Another challenge is that cyber attacks are also becoming more complex, even as the barriers to entry for internet access are reducing.
“It’s almost impossible to deny access to a hacker who is sufficiently motivated to break into your systems. Most security has focused on the perimeter. In reality this is no longer a realistic expectation and security strategies need to evolve move away from this approach to more to a defence in depth strategy,” said Piff.
An area that needs to play catch-up is adequate training for users. The lack of formal cyber-security education is a significant issue and the study found that four in 10 online users said they gained most of their information about online security through unofficial sources, such as doing their own online research or from their families and acquaintances.
Piff added that commercial organisations are only just beginning to use formal training, so consumers who are not part of such organisations may not have access to such knowledge.