It's National Cyber Security Awareness Month in the US, and a group of companies, government entities, and nonprofit organizations kicked it off with some research. The survey from McAfee and the nonprofit National Cyber Security Alliance found that 90% of people surveyed responded "not completely" when asked how safe they feel from "viruses, malware and hackers while on the Internet." Their biggest concern is identity theft (41%), followed somewhat distantly by having their machines get infected with malware or a virus (16%), someone hacking into their financial information (13%), loss of privacy (5%), and so on. There were a few findings concerning kids and families….

* On the age-appropriateness of owning various devices, respondents thought it appropriate for children 10-16 to own a tablet (46%) or smartphone (53%).
* As for social networking, only 31% of respondents feel it's appropriate for 14-to-16-year-olds to have social network accounts and 45% feel that's appropriate for young people 16+ (8% said it's never appropriate for minors to have social-network accounts).
* Though this was mainly a study about cybersecurity, the researchers threw in some questions about parents' safety concerns. Their biggest worry was sexual content/pornography (39%), followed by having contact with strangers when kids are online (27%), bullying/peer harassment (10%), identity theft (9%), "portrayals of drug or alcohol use" (3%), and long-term damage to their reputation (2%). portrayals of drug or alcohol use; 2% long‐term damage to their reputation.
* On data exposure: 26% of respondents "received notification by a business, online service provider or organization that their personally identifiable information (e.g. password, credit card number, email address, etc.) was lost or compromised because of a data breach.

I was interested to note that the survey made no reference to social engineering (or phishing, for that matter), since social engineering is a significant part of personal and family security breaches. I can see why, for maximum clarity and response, researchers wouldn't use the actual terms, which are new to people, but the survey doesn't even ask questions around the tricks phishers and other criminals use to get people to "click here" or "reply to this." The survey doesn't seem to acknowledge that, in participatory media and technology, users are not just passive potential victims. In the case of cybersecurity, they are sometimes tricked to participate in their own victimization. We need more research on how that happens!

Related links

* "Defcon's first kid hackers"
* "How cellphones get hacked"
* "Social gaming's social engineering"
* "Growing number of student cybersecurity experts"