CSA’s Public Awareness Survey in 2017 Reveals Signs of Improvement in Cybersecurity Practices

Gaps remain in habits when it comes to password management and updating of software

The Cyber Security Agency of Singapore (CSA) released key findings from its annual survey for 2017 which revealed improved uptake in good cybersecurity practices by respondents, namely in enabling Two-Factor Authentication (2FA), and exercising caution when it comes to online transactions and app downloads. The survey seeks to measure public awareness and adoption of cyber hygiene practices, so as to better aid in developing initiatives to bridge knowledge gaps.

More respondents are aware of what 2FA is, as there is a six percentage point drop in the proportion of respondents who are “not sure” of this authentication process, from 10 percent in 2016. This could also be a reason why more respondents indicated that they had enabled 2FA for either some or all accounts, resulting in a significant increase of 13 percentage points from 66 percent in 2016 (Chart A).  

More respondents are exercising caution when it comes to online transactions and app downloads. The proportion of respondents who proceeded with online transactions without first checking the authenticity of the websites dropped by 18 percentage points, from 38 percent in 2016 to 20 percent in 2017. Fewer respondents are also connecting to open, non-password protected Wi-Fi networks in public places, with a decrease from 37 percent in 2016 to 25 percent in 2017. In addition, there are fewer respondents who indicated that they had never scanned for viruses before opening or using downloaded files or external devices - a 30 percentage point drop, from 41 percent in 2016 to 11 percent in 2017 (Chart B).

The findings also showed a 7 percentage point increase in the number of respondents who downloaded mobile applications from official app stores[1], from 83 percent of respondents in 2016 to 90 percent in 2017 (Chart C).

Room for Improvement when it comes to Habits for Password Management and Updating of Software

When it comes to password security, there has been no improvement in password management habits in 2017 as compared to 2016. About one in three respondents continue to store their passwords in their computer or write them down, or use the same password for work and personal accounts (Chart D). From a given list of passwords, only 45 percent of respondents are able to identify a strong password of at least eight characters comprising upper and lower-case letters, numbers and symbols in 2017.  Over six in ten respondents do not change their passwords regularly, or did so only when the system prompted them (Chart E).

While 94 percent of respondents indicated that they update their Personal Computer (PC) software, 41 percent do not update it immediately or as soon as possible (Chart F). Likewise, 97 percent of respondents with apps on their mobile devices update their mobile software, but 38 percent do not update it immediately or as soon as possible (Chart G).

Need to Guard Against Complacency

Respondents’ levels of concern towards cyber threats – i.e. having their devices infected by viruses or malware, their financial or personal information extracted without their consent, and falling victim to a scam or fraud – saw a very slight dip (3 percent – 5 percent). But while seven in ten are concerned about these threats, less than half of them (31 percent – 44 percent) feel that the scenarios will happen to them (Chart H).

When asked if they would agree that all Singaporeans have a role to play in cybersecurity, seven in ten respondents agreed with the statement. When polled on the type of information that they would like to see,  general tips on cybersecurity and information on privacy and data protection emerged as the top two categories of information respondents are keen to know more about (21 percent and 19 percent respectively). Another 21 percent indicated that they are not sure, while 18 percent indicated that they do not want to see any security information (Chart I).

To continue to encourage adoption of good cybersecurity practices, CSA will launch its second cybersecurity public awareness campaign - “Cyber Tips 4 You” - on 23 April 2018, with a series of online videos, advertisements and posters, featuring local celebrities Suhaimi Yusof and Jae Liew from the cast of television drama “Tanglin”. The two celebrities will provide four simple cyber tips to viewers, namely (1) use an anti-virus software, (2) use strong passwords and enable 2FA, (3) spot signs of phishing, and (4) update your software as soon as possible. A launch event will be held on 5 May 2018 at Bedok Mall where visitors can get tips on how to create strong passwords as well as information on anti-virus software and how it works.

Mr. David Koh, Chief Executive of CSA, said, “It is heartening that a majority of respondents recognise that everyone should be concerned about cybersecurity. However, we need to translate this recognition into action. Cyber threats show no sign of abating. While we will continue to provide cybersecurity understanding and know-how to the community, we must recognise that we all have a part to play to protect ourselves online and not fall prey to cyber criminals.”

Related Resource: Appendix