Академический Документы
Профессиональный Документы
Культура Документы
STUDY METHODOLOGY
Online panel
REMOTE AUDITING
iScan
n = 3,646 (1st four-month period 2012) n = 63,800 (from Dec. 2006) 18 data collections
7,723 devices (1st four-month period 2012) 202,874 devices (from Dec. 2006) 60 data readings
Summary
Sample Population Internet users of 15 years of age and above with frequent access to the Internet from home. Sample 3,646 users surveyed 7,723 remote analysis of 2,643 devices Sample distribution Multistage sampling segmented by autonomous region and by size quotas for home, age, gender, business activity and home size. Information collection Online interviews. Online analysis of computers Fieldwork January to April 2012 Sampling error Based on the simple random sampling criteria for dichotomous variables in which p=q=0.5 and for a confidence level of 95.5%, a sampling error has been established of 1.62% for n= 3,646.
Contents
Main results
Study on information security and e-trust in Spanish households
1st four-month period of 2012 (18th wave)
Security measures Security behaviour habits Security measures and incidents in households with minors Security incidents Consequences of security incidents and reaction of users E-trust in Spanish households Final conclusions
http://observatorio.inteco.es
4
Main results
Security measures
Antivirus and firewalls continue to be the most used security tools (90.7% and 76.6% respectively). Non-automatic measures are dominated by password use (77.5%) and removal of cookies and temporary files (71.3%). Significant use of a user without privileges by users of Windows 7 (73.9%) and Windows Vista (85.8%).
Main results
Security incidents
The percentage of devices that contain malware has increased compared with the previous reading, which breaks the overall downward trend. This increase of malware incidents is also reflected in the survey results According to users, the receipt of spam is similar to the previous four-month period and continues to be the most common form of security incident.
Main results
94.4% 90.7% 77.5% 76.6% 67.7% 62.3% 56.9% 47.5% 52.1% 49.1% 43.5% 32.0%
0% Dec/Jan 07 Antivirus programs Firewalls Pop-up blocking systems Anti-spy programs Parental control programs Antivirus updates Anti-spam -systems Browser security plugins Anti-advertising systems
Jan/Apr 12
Data relating to content filters (parental control for minors) is shown under the subsample of users with young children who connect to the Internet (23.8%).
100% 90% 80% 70% 60% 55.2% 50% 40% 30% 20% 10% 0%
6.9% Dec/Jan 07 Passwords Back-up copies Staying up to date about IT security User profiles with restricted access Use of electronic National Identification Document (DNI) Jan/Apr 12 Removing temporary files and cookies Copy of recovery disk Specific hard drive partitioning Other forms of digital certification Document encryption 27.3% 18.6% 44.9% 28.5% 50.4% 35.2% 22.5% 21.7% 77.5% 71.3% 58.5% 49.0% 48.1% 38.6% 36.4% 27.8% 20.7% 15.3%
Security measures
Reasons for not using automatable security measures (%)
Reasons Slows down use Do not need Do not trust Ineffective Not aware Others 11.7 14.8 11.6 15.8 10.2 8.4 9.0 7.9 10.8 12.4
10
Antivirus programs Antivirus updates Firewalls Operating system updates Anti-spam programs or configuration Pop-up blocking programs or configuration Browser security plugins Anti-spy programs Advertising blocking programs or configuration Content filter programs or configuration
9.3% 14.6% 23.4% 27.5% 32.3% 37.7% 47.9% 50.9% 56.5% 68.0%
3.6 15.1 33.5 2.6 29.3 34.6 35.4 30.7 32.1 11.4
31.8 21.0 26.2 27.3 31.7 27.5 29.1 29.5 31.4 53.2
21.6 25.7 8.1 9.6 8.6 7.6 7.3 10.3 7.2 8.6
Price
Measures
18.9 13.8 16.4 19.4 13.8 15.5 12.3 13.3 12.5 8.9
4.6 5.2 1.8 4.4 3.5 3.8 4.6 5.9 3.9 3.0
7.8 3.3 2.3 2.8 2.9 2.6 2.3 2.3 2.2 2.5
Security measures
Reasons for not using non-automatable security measures (%)
Reasons Slows down use Do not need Do not trust Ineffective Not aware Others 10.0 28.3 27.1 26.9 29.4 19.1 11.8 18.7 26.9 13.3
11
Passwords (devices and documents) Removing temporary files and cookies Back-up copies of files Disk copies to recover the system Searching for computer security information Hard disk partitioning Regular use with restricted permissions Electronic signature digital certificates Electronic National Identification Document (DNI) Document or data encryption
22.5% 28.7% 41.5% 51.0% 51.9% 61.4% 63.6% 72.2% 79.3% 84.7%
4.9 21.5 17.9 8.4 17.9 24.4 16.4 18.4 6.8 26.5
71.1 34.7 41.9 41.1 37.7 43.0 57.1 47.8 48.4 48.1
2.1 3.9 2.4 4.5 2.9 2.5 2.6 2.8 4.2 1.6
Price
Measures
6.7 7.5 6.3 4.4 5.1 5.8 7.5 3.1 3.8 4.3
2.7 2.6 3.0 3.5 5.6 2.9 2.9 7.4 8.4 4.3
2.5 1.5 1.3 1.3 1.4 2.4 1.5 1.7 1.4 1.9
62.6% I analyse all the files I download I always download and open files attached in an email (disagree) I never disclose confidential information in chats or instant messaging When I carry out transactions I check that I am using a secure connection I always type in the web address of my bank or online shop I use an antivirus to analyse all files downloaded from P2P networks My profile/information may be seen by anyone using the social network 0% May/Aug 11 Sept/Dec 11 10.5% 8.0% 20% 40% 60% Jan/Apr 12
12
74.2% 74.9% 81.3% 89.2% 90.9% 72.7% 77.7% 54.2% 68.9% 57.6% 65.2%
80%
100%
I am concerned about the news relating to security for minors that is reported in the press I pay as much attention to their cyber friendships as I do with their real life friendships I warn my child about the dangers of giving out personal details about himself or about people close to him I have asked him to let me know of any behaviour or contact that makes him feel uncomfortable or suspicious I have created a user account with restricted access for minors to use the Internet I supervise the content he has accessed after each session (browsing history) 0% May/Aug 11 20% 40% 60% Jan/Apr 12 40.2% 43.1% 67.5% 71.1% 80% 75.0%
85.8% 89.0%
100%
Sept/Dec 11
13
10.8%
7.7%
7.3%
6.1%
5.6%
14
Security incidents
Evolution of devices containing malware, perception compared with detection
100% 90% 80% 70% 60% 48.5% 50% 40% 30% 20% 10% 0%
May 11 Jun 11 Jul 11 Aug 11 Sep 11 Oct 11 Nov 11 Dec 11 Jan 12 Feb 12 Mar 12
iScan
44.4%
46.1%
45.8%
48.0%
47.8%
48.0%
48.9%
27.3%
27.3%
31.3%
Apr 12
Perception (survey)
Reality (iScan)
15
iScan
100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
07 an J
07 ec D
08 ec D
9 c0 De
10 ec D
2 1 r 1 c1 Ap De
16
Security incidents
6.000
Security incidents
4924 4162 4132 3329 3415 2476 3565 2909 2287 1987 2391 1910 1712 2630 2247 1633 1869 2295 2527 2724 3982
5.000 3786
iScan
4.000
3.000
0 May 11 Jun 11 Jul 11 Aug 11 Sep 11 Oct 11 Nov 11 Dec 11 Jan 12 Feb 12 Mar 12 Apr 12 Number of malicious files
2500 2186 2000
iScan
1500
1000
500 285 107 0 1 detection 2 detections 3 detections 4 detections 5 detections 6 detections +6 detections 17 57 26 18 45
100% 90% 80% 70% 60% 50% 39.0% 40% 30% 20% 8.8% 10% 0% May 11 Jun 11 No risk Jul 11 Aug 11 Sep 11 Low risk Oct 11 Nov 11 Dec 11 Jan 12 Feb 12 Mar 12 High risk 0.6% 8.6% 2.4% 9.4% 2.4% 10.2% 2.2% 6.8% 2.4% 6.4% 2.6% 5.3% 2.2% 5.9% 2.2% 6.0% 3.5% 5.4% 3.5% 5.2% 4.1% 33.3% 34.2% 33.4% 38.6% 38.5% 38.7% 36.9% 51.6% 55.7% 54.0% 54.3% 52.2% 52.4% 53.9% 54.9% 48.4% 42.0% 37.6% 53.4% 52.2% 38.4%
iScan
51.3% 38.3%
5.6% 4.8%
Apr 12
Medium risk
18
Change passwords Update security tools already installed Begin to make back-up copies Change security tools Stop downloading files from P2P networks, Torrents, Install a security tool for the first time Stop using unauthorised software Stop buying online Stop using Internet services (email, etc.) Stop using online banking services Others No change
32.5% 26.3% 14.9% 10.6% 9.3% 8.0% 7.0% 5.4% 4.8% 3.5% 2.2% 40.5% 0% 10% 20% 30% 40% 50%
19
100% 9.4% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% May-Aug 11 I can resolve it myself I ask a friend or relative to help me resolve it Sep-Dec 11 Jan-Apr 12 I can resolve it with guidance from an expert I take the device to a specialist service
20
11.0%
10.6%
29.8%
31.1%
30.9%
14.6%
16.3%
16.7%
46.3%
41.5%
41.8%
Overall, how much do you trust the Internet? 100% 8.8% 90% 80% 8.0%
7.8%
70%
60% 50% 40% 30% 20% 10% 0%
38.6%
39.9%
37.2%
52.6%
52.1%
55.0%
21
100% 10.6% 90% 80% 70% 60% 50% 40% 30% 50.7% 20% 10% 0% May-Aug 11 There are less than 3 months ago Sep-Dec 11 The same as 3 months ago Jan -Apr 12 There are more than 3 months ago
22
11.4%
10.8%
38.7%
39.8%
41.3%
48.9%
47.9%
100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
6.4%
6.5%
7.0%
45.1%
43.5%
44.2%
48.5%
50.0%
48.8%
May-Aug 11 Less severe than 3 months ago More severe than 3 months ago
Sep-Dec 11
23
To develop and offer free security tools Supervise more closely what is happening on the Internet Update and reform legislation covering new Internet offences Conduct information and awareness campaigns regarding the risks and how to avoid them Greater coordination when solving security issues 18.3% 13.1% 11.3% 9.0% 7.4% 6.3% 4.7% Others 0% 0.2% 5% 10% 15% 20% 25%
29.7%
Supervise appropriate use of personal data on the Internet Provide help/technical support for problems relating to IT security for citizens Offer courses and educational workshops about Internet services and security
30%
24
Final conclusions
The specific increase in the detection of malware during January and the subsequent modest increase could be due to what is known as police malware. This event is related to the increase in the perception of users of a greater number of malware incidents. Users continue to trust traditional protection methods, but distrust some aspects of those that the latest malware uses. Although Spanish internet users recognise that there are certain risks when using the Internet (44.8%) and understand that it is the user that bears the majority of the responsibility for security (46.7%), there is still a tendency to cling to an old security system. This police malware shows that not only banking trojans or adware are able to find direct ways of profiting through malware, but that there is also a significant profiteering niche from hijacking a system. In spite of the seriousness and extent of this incident, the e-Trust of Spanish users has not been significantly impacted.
25
http://www.inteco.es http://observatorio.inteco.es