Austria 
Azerbaijan 
Bosnia and Herzegovina 
Bulgaria 
Croatia 
Czech Republic 
Estonia 
Georgia 
Hungary 
Kazakhstan 
Kyrgyzstan 
Latvia 
Lithuania 
Moldova 
Montenegro 
North Macedonia 
Poland 
Romania 
Serbia 
Slovakia 
Slovenia 
Sweden 
Switzerland 
Tajikistan 
Turkmenistan 
Ukraine 
Uzbekistan 
Германия 
Oh, Behave!, a study conducted by CybSafe and the National Cybersecurity Alliance, explored the online behavior of different generations. Read below to learn why cybersecurity training is a must-have for modern companies.
Addiction to the online world: are we already uploaded to the Matrix?
A staggering 53% of participants in the Oh, Behave! study admitted to being constantly online. Read it again: more than half of those surveyed are always connected, essentially living in a digital matrix.
An additional 38% go online several times a day. Unsurprisingly, the “online generations” turned out to be Zoomers (65%) and Millennials (64%). A third of participants reported having ten or more online accounts. Moreover, multiple account ownership was more prevalent among younger individuals.
These statistics demonstrate the deep penetration of the Internet into our daily lives.
It also raises a critical question: How well-versed are users in cybersecurity practices?
Overconfidence in one’s own abilities
Despite high levels of confidence in their ability to spot phishing emails among Millennials (76%) and Zoomers (69%), cybercriminals most frequently target this younger demographic. This discrepancy can be attributed to overconfidence, which often leads to careless online behavior and increases susceptibility to phishing attacks.
A common sentiment among younger individuals is encapsulated by the phrase “We know about security measures; we just don’t use them.” The research supports this claim: while 81% of participants are aware of multi-factor authentication (MFA), an 11% increase from 2023, the practical application of MFA lags behind.
In contrast, older generations, despite lower awareness of MFA, are more likely to utilize it. This suggests that younger individuals may possess greater knowledge of security measures but are less inclined to implement them, while older individuals demonstrate a more practical approach.
The dangers of phishing: who is most at risk?
Over 44% of respondents expressed confidence in their ability to identify fraudulent messages. Additionally, there is a noticeable trend towards actively seeking out additional information about cybersecurity, with a 10% increase in users turning to external sources compared to the previous year.
Despite the increased awareness of phishing, it remains the most prevalent type of cybercrime. A staggering 70% of respondents who fell victim to cyberattacks reported phishing as the primary cause.
Younger generations increasingly believe that their data has already been compromised by hackers. They perceive becoming a victim of cybercrime as almost inevitable and simply a matter of time.
Zoomers, Millennials, and Gen X exhibit distinct approaches to identifying phishing emails. Younger generations are more likely to verify the sender’s email address, while older generations tend to focus on grammatical errors and typos.
Among the common reasons for uncertainty in recognizing phishing emails is the increasing sophistication of phishing attacks, often driven by artificial intelligence.
Are passwords the weak link in the cybersecurity chain?
According to the National Cybersecurity Alliance’s (NCA) Oh, Behave! study, knowledge does not always equate to action when it comes to passwords. While 78% of respondents claim to know how to create a strong password, many continue to use weak and predictable combinations.
For instance, 35% of participants incorporate personal information into their passwords, making them vulnerable to hacking. Additionally, 40% create passwords using single words or names, which can be easily cracked using specialized software.
The primary reason for weak passwords is the desire for memorability, leading individuals to choose simple and easy-to-remember combinations. For the second consecutive year, there has been an increase in the percentage of participants using personal information in their passwords, with 35% including personal details such as family members’ names or pet names this year.
The general picture is as follows. Most participants (43%) create passwords with 9-11 characters. About a third (32%) create passwords with 4-8 characters. And only 25% create passwords longer than 12 characters.
A common problem of users is using the same password for all their accounts. Fresh report Oh, Behave! showed that 65% of respondents use a separate password “always” or “most of the time“. Not bad, but meanwhile the remaining 35% were less vigilant about using unique passwords.
Training is an investment in team safety
Following the Oh, Behave! study, researchers sought to understand the impact of cybersecurity training on individuals’ online behavior. Participants who had completed cybersecurity training were asked if their online habits had changed as a result. Spoiler alert: 83% of respondents who underwent cybersecurity training found it beneficial.
Training had the most significant impact on individuals’ ability to recognize and report phishing attempts, with 52% (+2% increase) compared to 2023.
Notably, 45% reported adopting multi-factor authentication (MFA) as a result of cybersecurity training, an 11% increase from the previous year.
Conclusion
The Oh, Behave! study, conducted by CybSafe and the National Cybersecurity Alliance, revealed that younger generations, while confident in their ability to recognize cyber threats, are more frequently victims of phishing and other cyberattacks.
Most individuals continue to rely on weak security measures, such as easily crackable passwords, and neglect multi-factor authentication (MFA).
Although the complexity and inconsistencies in the cybersecurity landscape may diminish individuals’ sense of responsibility for their security, cybersecurity training has positively impacted their behavior, particularly in improving their ability to recognize and report phishing attempts.
As evident, cybersecurity literacy is not an innate skill but rather knowledge that requires constant updating. A high-quality approach to cybersecurity training programs is fundamental to their successful completion and comprehension.
Fortra Terranova Security Awareness is a comprehensive solution for employee training and phishing simulations. It helps identify vulnerabilities, strengthen your team’s cybersecurity literacy, reduce the risk of incidents, and foster a culture of cybersecurity.
Through phishing simulations, you can identify at-risk employees and develop individualized training programs. Interactive training is tailored to your organization’s specific needs, facilitating the learning process.
Ultimately, an aware and trained workforce is the most reliable defense against phishing, social engineering, and other cyber threats. Regular training and simulations help cultivate a culture of cybersecurity within your organization.
Protect your business from cyber threats today!
