Vous êtes sur la page 1sur 26

Executive summary of the Study on information security and e-trust in Spanish households

Annual report 2011 (17th wave)

NATIONAL INSTITUTE OF COMMUNICATION TECHNOLOGIES

Objectives and methodology


OBJECTIVES OF THE STUDY To compare users' perception of security with the real situation of computers. To analyse the evolution over time of security and e-trust indicators. To guide public initiatives and policies towards improving security and generating a climate of trust towards the Information Society
OPINION

STUDY METHODOLOGY
Online panel

REMOTE AUDITING

iScan

Quarterly user survey

Monthly scan of systems

n = 3,655 (3rd quarter 2011) n= 60,154 (from Dec 2006) 17 data collections

6,383 computers (3rd Quarter 2011) 195,151 computers (from Dec 2006) 56 data collections

Perception vs. Reality


(Progressive readings)

Technical information
Sample Population Spanish Internet users aged over 15 with frequent access to the Internet from home Sample 3,655 users surveyed 6,383 remote analyses Sample distribution Multistage sampling stratified by Autonomous Region and size quotas by household, age, gender, work activity and home size Information collection Online interviews. Online analysis of computers Fieldwork September to December 2011 Sampling error In accordance with the criteria of simple random sampling for dichotomous variables where p=q=0.5 and for a confidence level of 95.5%, a sampling error of n=3,655 is 1.62% is established.

Contents

Main results
Study on information security and e-trust in Spanish households
Annual report 2011 (17th wave)

Security measures Secure behaviour habits Security measures and incidents in homes with children Security incidents User reaction and the consequences of security incidents E-trust in Spanish households Final conclusions

NATIONAL INSTITUTE OF COMMUNICATION TECHNOLOGIES

http://observatorio.inteco.es
4

Main results

Security measures
Extended use of automated security solutions. Antivirus and firewalls, the most popular tools (91.6% and 76.7%, respectively). Average takeup of non-automated security measures. Notable use of passwords and deleting temporary files and cookies (78.5% and 74.5% respectively).

Secure behaviour habits


Good email habits: Checking all attached files has increased by 12 percentage points (from 65.3% to 77.5%). Online banking: In total, 67.9% of users surveyed type in the URL. P2P networks: Number of users claiming they do not share all the files on their computers has risen by over 17%, and now stands at nearly 70%.
5

Main results

Security measures and incidents in homes with children


The most widely adopted security measures taken with regard to internet use by children are based on communication. Despite this, the most widely-used measure is prohibiting children from making purchases without the presence of an adult (93.1%). A total of 13.2% of parents say their child has accessed sexual content.

Security incidents
Receiving spam is still the most common incident (68%). In total, 45.2% of computers scanned contain malware, but only 20.5% of those surveyed report malware-related incidents in the last 3 months. The most common types of malware are still those which can make money for the attackers, especially trojans. High level of fragmentation in detected malware; 81% of malicious files have only been detected once.

Main results
User reaction and the consequences of security incidents
Both data loss and system reformatting or reinstalling still affect a minority, at around 10%. Users consider themselves capable of resolving security incidents by themselves (41.5%) or with expert guidance (16.3%). Four out of ten users do not change their habits after suffering security incidents. Fewer than 10% abandon online services and use after security problems.

E-trust in Spanish households


Only 8% of users have little or no trust of the Internet. Public perception indicates a constant improvement in Internet security; around 50% consider the Internet to be safer every day, that there are fewer and less serious security problems. A majority of users consider themselves to be chiefly responsible for online security (43.8%). A total of 83.4% users agree that government should become more involved in Internet security.
7

Security measures Security measures and habits


Evolution of the declared use of automatic security measures

100% 90% 80% 70%

94,4%

91,6% 78,5%

65,3% 49,9% 49,0% 45,8%

76,7% 70,6% 65,0% 53,8% 51,0% 46,7% 31,3%

60% 61,5% 50% 40% 30% 20% 10%


7,9%

0% Dic/Ene 07 Antivirus programmes Firewalls Pop-up window blocking systems Anti-spyware programmes Parental control programmes Antivirus updates Anti-spam systems Security plugins for browsers Anti-ad systems

Sept/Dic11

Security measures Security measures and habits


Evolution of the declared use of non-automatic security measures

100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
6,9% Dic/Ene 07 Passwords Backup copies Keeping informated on computer security User profile with restricted permissions Use of electronic DNI (National Identity Document) Removing temporary files and cookies Copy of system recovery disc Specific hard disc partition Other digital certificates Document encryption Sept/Dic11 27,3% 18,6% 55,2% 44,9% 28,5% 50,4% 35,2% 22,5% 21,7% 78,5% 74,5% 58,9% 51,3% 50,4% 40,4% 37,3% 28,9% 22,9% 17,5%

Security measures
Reasons for not using automatic security measures (%)
Reasons Performance Do not need Do not trust Ineffective Not aware Households that do not currently use them

Antivirus programmes Antivirus updates Firewalls Operating system updates Anti-spam programmes or settings Pop-up blocking programmes or settings Security plugins for browsers Anti-spyware programmes Ad-blocking programmes or settings Content filtering programmes or settings

8.4% 21.5% 23.3% 24.4% 29.4% 35.0% 46.2% 49.0% 53.3% 68.7%

2.5 10.7 29.3 17.2 25.1 26.4 33.1 30.8 30.9 16.7

38.6 28.9 23.8 25.7 29.2 28.3 29.6 27.0 30.4 46.2

17.9 18.6 8.5 13.3 9.0 8.3 5.8 11.0 7.4 5.3

Price

Measures

18.3 13.3 20.9 13.9 12.1 15.6 14.6 11.1 12.0 8.7

3.6 5.2 4.0 7.4 6.3 5.9 3.5 6.3 4.4 5.9

5.3 5.8 2.7 6.0 5.8 4.3 3.2 4.1 3.5 3.5

13.8 17.5 10.8 16.5 12.5 11.2 10.2 9.8 11.5 13.6
10

Others

Security measures
Reasons for not using non-automatic security measures (%)
Reasons Do not need Do not trust Ineffective Not aware Others 12.5 27.3 29.6 27.2 27.7 19.9 12.5 19.5 30.2 14.9
11

Passwords (computers and documents) Removing temporary files and cookies Back-up copies of files Making copies of system recovery discs Searching for computer security information Hard disk partitioning Regular use with restricted permissions Electronic signature digital certificates Electronic ID Document or data encryption

21.5% 25.5% 41.1% 48.7% 49.6% 59.6% 62.7% 71.1% 77.1% 82.5%

3.6 19.2 15.2 19.5 16.1 24.3 17.3 18.9 7.0 24.7

64.1 33.9 41.0 38.9 37.0 41.0 53.1 45.8 45.8 47.1

5.7 7.9 5.6 4.3 5.2 3.0 2.5 3.8 4.7 3.0

Price

Measures

Households that do not currently use them

8.9 6.9 4.7 5.7 6.3 7.1 9.1 2.7 2.8 5.0

Performance

2.1 2.5 2.9 2.6 5.4 2.8 3.4 7.1 8.2 4.1

3.2 2.2 1.1 1.8 2.4 1.8 2.1 2.0 1.3 1.1

Secure behaviour habits


2009-2011 evolution of secure behaviour habits

I check all the files I download I always download and open files attached to emails (disagree) I never give confidential information in chats or instant messaging When making transactions I check I'm using a secure connection I always type in the URL of my bank or online shop I use the antivirus to check all files downloaded on P2P networks My profile/information can be seen by any user of the social network 0% 2009 16,5% 8,6% 20% 40% 2011 60% 55,6%

67,3% 71,2% 78,5% 80,0% 87,5% 90,5% 72,8% 78,6%

67,9% 65,0% 67,1%

80%

100%

12

Security measures and incidents in homes with children

2009-2011 evolution of security habits relating to children

I am concerned by news in the media about the safety of children I track their online friends in the same way I do their real life friends I warn my child of the problems of giving out their own or others' personal information I have asked them to tell me about any behaviour or contact which seems inappropriate or suspicious I have created a limited user account for the child's Internet access I supervise the content they access after each session (browser history) 0% 2009 20% 40% 2011 39,4% 41,7% 58,4% 72,2% 60% 80%

89,5% 87,5% 76,0% 79,4% 91,8% 87,9% 84,5% 86,3%

100%

13

Security measures and incidents in homes with children

Main security incidents relating to children that parents are aware of

Access to sexual content

13,2%

Dependency and social isolation

8,5%

Having given out their personal contact data

7,1%

Access to violent, racist or sect-related content

6,9%

Other children insult, threaten or blackmail the child

6,5%

Images of them are disseminated without their knowledge 0%

5,1% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

14

Security incidents
Evolution of computers containing malware, perception compared to detection

100% 90% 80% 70% 60% 51,1% 50% 40% 30% 20% 10% 0% Dec 10 Jan 11 Feb 11 Mar 11 Apr 11 May 11 Jun 11 Jul 11 27,3% 22,2% 43,7% 48,9% 47,2% 48,5% 44,2% 44,4% 46,1% 45,8% 48,0% 47,8% 46,4%

iScan

45,2%

27,3%

Aug 11 Sep 11 Oct 11 Nov 11 Dec 11 iScan

Perception

15

Security incidents Security incidents


Evolution of computers containing malware

100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Jan 07

iScan

Jun 07

Dec 07

Jun 08

Dec 08

Jun 09

Dec 09

Jun 10

Dec 10

Jun 11

Dec 11

16

Security incidents
6.000 5.000 4.000 3.000 2.000 1572 1.000 0
Jan 11 Feb 11 Mar 11 Apr 11 May 11 Jun 11 Jul 11 Aug 11 Sep 11 Oct 11 Nov 11 Dec 11

Security incidents
4924 4162 3786

iScan

3329 2744 2397 2149 1892 1422 1495 1126 1054 942 1987 2391 2287 1910 1712 1633 1869 2247 2630 2295

Total number of malicious files and unique malware variants

Number of malicious files

Unique malware variants

2000 1800 1600 1400 1200

1871

iScan

Number of detections of each unique malware variant, Dec 11

1000 800 600 400 200 0 1 detection 2 detections 3 detections 4 detections 5 detections 6 detections 6 detections
17

232 86 33 22 11 40

Security incidents Security incidents


Evolution of risk level for all computers (%)

100% 90% 80% 70% 60% 50% 39,9% 40% 30% 20% 10% 0% Jan 11 Feb 11 No risk Mar 11 Apr 11 May 11 Jun 11 Jul 11 Aug 11 Sep 11 Oct 11 Nov 11 8,0% 1,0% 7,9% 1,0% 7,6% 0,8% 7,0% 0,6% 8,8% 0,6% 8,6% 2,4% 9,4% 2,4% 10,2% 2,2% 6,8% 2,4% 6,4% 2,6% 5,3% 2,2% 5,9% 2,2% 34,6% 38,8% 36,6% 39,0% 33,3% 34,2% 33,4% 38,6% 38,5% 38,7% 56,4% 51,2% 52,9% 55,9% 51,6% 55,7% 54,0% 54,3% 52,2% 52,4% 53,9%

iScan

54,9%

36,9%

Dec 11

Low risk

Medium risk

High risk

18

Consequences and reaction to incidents

Reactions after suffering a security incident

Change passwords Update security tools that are already installed Start making backup copies Change security tools Install a security tool for the first time Stop downloading files from P2P networks, Stop using unauthorised software Stop making online purchases Stop using online banking services Stop using Internet services (email, instant Others No change 0% 10% 20% 30% 15,0% 13,3% 9,8% 8,6% 6,8% 5,4% 4,7% 4,0% 2,7% 29,4%

34,6%

37,7% 40% 50%

* Multiple response
19

Consequences and reaction to incidents

How security incidents are resolved

11,0%

41,5% 31,1%

16,3% I can fix it myself I ask a relative or friend to fix it I can fix it with the help of an expert I take the computer in for technical service

20

E-trust in Spanish households

Overall, how much do you trust the Internet?

7,7%

1,1% 8,3%

6,5%

1,5% 9,6%

38,6% 44,3%

39,9% 42,4%

May-Aug 11
A lot of trust Enough trust No trust at all

Sep-Dec'11
Quite a lot of trust Not much trust
21

E-trust in Spanish households

Perception of the number of security incidents compared to 3 months ago

11,4%

48,9%

39,8%

Fewer now than 3 months ago

The same as 3 months ago

There are more than 3 months ago

22

E-trust in Spanish households

Perception of the severity of security incidents compared to 3 months ago

6,5%

50,0% 43,5%

Less severe than 3 months ago

As severe as 3 months ago

More severe than 3 months ago

23

E-trust in Spanish households

Measures demanded from the Administration

Develop free security tools Supervise more closely what is happening on the Internet Legislative reform for new Internet offences Information and awareness raising campaigns on risks and prevention Greater co-ordination among the organisation involved in security problems Provide response/technical support to security problems on citizens' computers Supervise appropriate use of personal data on the Internet Provide training courses and workshops on Internet and security Others 0,2% 0% 10% 20% 9,7% 8,8% 7,2% 6,9% 5,2% 16,6% 15,3%

30,1%

30%

40%

24

Annual balance

Spanish users in general maintain a high level of trust in the Internet. More than 90% of those surveyed trust the Internet a lot or quite a lot. Even so, one in four users do not trust the Internet enough to make payments online, either through their credit or debit card or using services such as PayPal. In total, 85.2% of users think that incorrect use of software is the main cause of a lack of online security, and 74.7% blame a lack of caution in second place. Aware of existing risks, 78.6% of users check they are using a secure connection when connecting to the Internet. However, fewer than 30% of users have digital certificates for validating their procedures, and 23% use the electronic ID. While 45.2% of computers contain malware, only 20.5% of users say they have suffered this type of incident in the last quarter of 2011.

25

http://www.inteco.es http://observatorio.inteco.es

Vous aimerez peut-être aussi