Cyber Risk News
People with proper guidance are 40% more likely to create a secure password.
According to research led by the University of Plymouth, in one experiment 300 users creating an internet account were offered either no advice or a range of advice, including a standard password meter, emojis or an emotive feedback message. The results showed the number of choices rated "weak" falling from 75% when users received no guidance to around a third when they were shown more emotive messages.
In the second experiment, 500 participants were presented with more specific security-related advice, including suggestions of how long it would take a hacker to crack their password. Those users had a significantly greater understanding of the risks and created passwords that were longer and up to 10 times stronger as a result.
The research was conducted by the University's Centre for Security, Communications and Network Research (CSCAN), in conjunction with the Desautels Faculty of Management at McGill University and the Department of Computer Sciences at Purdue University.
Steve Furnell, professor of information security and the director of CSCAN, said: “Over the past few years, numerous cyber-attacks and security incidents have demonstrated that protecting personal and professional assets is no longer an optional duty. Yet many still occur out of unintentional mistakes, such as negligence, carelessness, and human errors.
“Despite the advance in security technology, the weakest link in the information security realm still lies in end-users so it is essential that more support is offered to try and overcome this in the future.”
In an email to Infosecurity, security researcher Troy Hunt said that he did not feel that there was enough available guidance on how to create a secure password. “I think most people fall back to convenience at every opportunity,” he said.
“When we see data breaches and analyze password lengths, there’s always a massive skew towards the minimum allowable size; people tend to conform to the lowest common denominator because, for most, that’s the easiest thing for them to do.”
Hiring and Retaining Top Cybersecurity Talent – a new report from (ISC)2 – has found that there are high numbers of professionals in the cybersecurity workforce open to changing jobs this year.
The membership association based its findings on a blind survey of 250 cybersecurity pros within the United States and Canada. What it discovered was that only 15% of those polled said they had no plans to change jobs in 2018, while the remainder either did have plans to do so (14%) or were open to exploring new opportunities (70%).
The data suggested factors such as unmet expectations between businesses and their employees, high-demands for security skills and frequent contact from recruitment firms could be playing a significant role in encouraging cybersecurity pros to consider new opportunities.
“The cybersecurity workforce gap is growing rapidly, and turnover within cybersecurity teams makes filling those roles even more challenging,” said (ISC)² COO Wesley Simpson. “It is more critical than ever for organizations to ensure their recruitment and employment retention strategies are aligned with what cybersecurity professionals want most from an employer.”
The (ISC)2 study did shed light onto what cybersecurity pros value most from a role with regards to their personal fulfillment: 68% said they want to want to work where their “opinions are taken seriously,” 62% want to work where they can “protect people and their data” and 59% want to work for an employer “that adheres to a strong code of ethics.”
In terms of professional goals, respondents said they want to work for a company with “clearly defined ownership of cybersecurity responsibilities” (62%), that “views cybersecurity more broadly than just technology” (59%) and that “trains employees on cybersecurity” (59%).
“Armed with this insight, employers can do a much better job appealing to top cybersecurity professionals, and retaining their talent and expertise for the long-term,” Simpson added.