2014 Survey on Information Security (Individual)

Transcription

2014 Survey on Information Security
(Individual)
Executive Summary
2014 Survey on Information Security(Individual)
Korea Internet & Security Agency
Contents
I. Introduction ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·1
II. Awareness of Information Security ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·2
1. Awareness of the Importance of Information Security ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·2
2. Awareness of Threats to Information Security ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·3
3. Gathering & Learning of Information Related to Information
Security ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·4
4. Usage of Information Security Learning & Product/Services ·
·
·
·
·
·
·
·
·
·
·
·
·7
III. Prevention of & Response to Security Incidents ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·8
1. Status of Security Incident Prevention ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·8
2. Security Incident Experience & Response ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·11
Ⅳ. Personal Information Protection & Spam Countermeasures ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·13
1. Awareness of Personal Information Protection and Prevention of
Breach ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·13
2. Experience of & Response to Personal Information Breach ·
·
·
·
·
·
·
·
·
·
·15
3. Awareness & Usage Experience of a Means of Identification ·
·
·
·
·
·
·
·17
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·18
4. Response to Receiving Spam ·
·
·
·
·
·
·
·
Ⅴ. New Service Information Security ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·19
1. Awareness of New Service Information Security ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·19
2. Confirmation of Smart Device Usage and Preventive/Protective
Measure for Security Incidents ·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·20
The report is produced by the Korea Internet & Security Agency. When citing the statistic data in this
report, the quotation must identify KISA as its source. The report can also be found on the homepage
of the Korea Internet & Security Agency(http://isis.kisa.or.kr)
I. Introduction
Population
Sample Size
Internet user who has been used Internet
for the recent one month(aged 12-59)
2,500 Internet users
Data
Collection
Face to face interview
Fieldwork
Period
2014. 7. 1 ~ 8. 31
Sampling
Method
Multi-stage Stratified Sampling
Sampling
Error
Information Security software usage ±1.92%p
(95% confidence level)
Sampling design
• Primary sampling frame : 2010 Census & 2013 Demographic Projection
(The Statistics Korea)
• Secondary sampling frame : 2013 Survey on Internet Usage
Glossary
• Malicious code : A hazardous code(Virus or Trojan-horse) which infects other
programs in a computer through an attached file in an email, file sharing site,
or visiting a web site which destroys normal programs or other data files.
• Wireless LAN : Wireless internet service which can be used within a certain
distance(Hot zone) from the installed location of AP(Access point).
• Biometric Information : A means of identification by using physical/ behavioral
characteristics such as fingerprint, iris, face or veins.
1
II. Awareness of Information Security
1. Awareness of the importance of information security
Most internet users considered information security important
93.9% of Internet users recognized that information security was important when using the
Internet.
Females(94.5%) recognized the importance of information security more than males(93.2%), and
the awareness rate of the importance of information security was shown to peak in the 30s
(97.0%), 20s(96.1%), and 40s(95.8%).
[ Figure 1. Awareness of the importance of information security(%) ]
2
2. Awareness of threats to information security
Direct threats of damages such as 'personal information breach' & 'financial
damages' were considered ‘serious’
It was shown that there is a high level of recognition & concerns regarding 'personal information
exposure/privacy invasion' & 'financial loss through electronic financial fraud'.
'Financial loss through credit card/debit card fraud’(85.6%) has been investigated to have caused
the most damages.
The concern over the seriousness of damages from 'information loss & performance decline in
devices due to Worm/Virus infection' or 'ad-ware/spy-ware' were relatively low.
[ Figure 2. Awareness of threats to information security(multiple response, %) ]
3
3. Gathering & learning of Information related to information
security
A. Interest information type related to information security
‘Information regarding concrete examples of damage prevention &
countermeasures' is the most desired information
62.5% of Internet users showed interest in information related to information security,
The highest interest was shown in a ‘Concrete example of a damage prevention &
countermeasure(34.1%)', 'latest security status & damage information related to security(32.0%)',
and 'related information regarding information security products & services(30.8%)' in order.
[ Figure 3. Interest information type related to information security(multiple response, %) ]
4
B. Gathering information related to information security
Information related to information security was mostly acquired through 'TV,
Newspaper, Internet' & 'acquaintances’
62.0% of Internet users were shown to conduct gathering information activities in relation to
information security.
The ratio of ‘Acquire an article related to information security(48.1%)' & 'Obtain related
information from surroundings(45.4%)' were relatively high in comparison with other activities.
[ Figure 4. Information gathering activities(multiple response, %) ]
5
C. Obstacles to information gathering & learning related to
information security
The major obstacles to the gathering of information & learning were a ‘Large
amount of information & complexity' and 'difficulties in the terminology'
'The amount of information & complexity(34.7%)' & 'difficulties in the terminology(31.6%)' were
recognized as major difficulties with gathering information & learning related to information
security.
[ Figure 5. Obstacles on gathering information & learning(multiple response, %) ]
6
4. Usage of information security learning & product/services
8 out of 10 Internet users have used learning & product/services in relation to
information security
83.8% of Internet users have experience using learning product/services in relation to information
security.
The usage experience of 'products related to information security(75.3%)' such as authentication
certificates, safe payment, and one-time passwords was shown to be the highest.
[ Figure 6. Usage experience of
[ Figure 7. Usage type of learning &
learning & product/service(%) ]
product/service(multiple response, %) ]
7
III. Prevention of & Responses to Security Incidents
1. Status of security incident prevention
A. Utilization function of information security software
The real-time malicious code monitoring function was used the most
By information security software users, ‘real-time malicious code monitoring(54.9%)' & 'scheduled
virus inspection(49.8%)' functions were mainly used, and 'real-time mail protection(29.8%)' &
'real-time network protection(25.7%) were used to a lesser extent.
[ Figure 10. Utilized function of information security software(multiple response, %) ]
- Information security software user
※ Information security software users refers to a user of information security products/services(Software) such as vaccine and
anti spy-ware.
8
B. Update method of Vaccine program
78.0% of information security software users have conducted an update for a
vaccine program
The information security software users have used 'Automatic update(49.6%)' the most as a
method of update.
The user ratio of manual vaccine program update was shown to be 28.4% and the user ratio
of no update was shown to be 2.0%.
[ Figure 11. Update method of Vaccine program(%) ] - Information security software user
9
C. Preventive measures for PC & Network security
78.3% of users have not 'accessed suspicious web sites' for PC & network security
It was investigated that internet users have mainly taken measures such as 'do not access
suspicious web sites(78.3%)' and 'do not open attached files of suspicious e-mails(67.4%)' for PC
and Network security.
Measures like 'operating system security patch update(31.5%)', 'data backup(22.9%)', and
'application software security update(22.7%) were shown to be relatively low.
[ Figure 12. Preventive measure for PC & Network security(multiple response, %) ]
D. Operating system security patch update
3 out of 4 users who conduct an operating system security patch update have
used the 'automatic update'
31.5% of Internet users have carried out an operating system security patch update and
preferred 'automatic updates(72.5%)' over 'manual updates(27.5%)'.
[ Figure 13. Execution of
[ Figure 14. Operating system security patch update method(%)]
security patch update(%)]
- Users who update
10
2. Security incident experience & response
A. Experience of Internet & personal information security incident
22.0% of internet users have experienced of an internet & personal information
security incident
It was shown that 22.0% of Internet users have experienced an internet and personal information
security incident.
Experienced damages were mostly caused by 'worm-virus infection(11.4%)' & 'personal information
exposure/privacy invasion(10.7%)'.
[ Figure 19. Experience of security
incident damages(%) ]
[ Figure 20. Experience of damages on each type of
security incident(multiple response, %) ]
11
B. Response to Internet & personal information security incident
More than half of users who experienced a security incident did not take any
particular action
52.6% of users who experienced a security incident ‘did not taken any particular action' when the
incident occurred.
Countermeasures such as 'the installation of security software(15.0%)', 'counsel/inquiry to information
security personal company(13.7%)', and 'counsel/inquiry to internet service provider(11.8%)' were
mainly taken.
[ Figure 21. Countermeasures against Internet & personal information security incidents(multiple response, %) ]
- Users who experienced a security incident
12
Ⅳ. Personal Information Protection & Spam Countermeasures
1. Awareness of personal information protection & prevention of
Breach
A. Awareness of importance of personal information protection
The majority of internet users recognized that personal information protection is
important
93.6% of Internet users recognized that personal information protection is important when using
the Internet.
With respect to age, those in their 30’s(96.9%) showed the highest rate of recognition of the
importance of personal information protection, followed by those in their 40s(96.4%) and
20s(93.6%).
[ Figure 22. The importance of personal information protection(%) ]
13
B. Preventive measures for personal information Breach
Basic measures for the prevention of personal information security incident have
been conducted the most
Internet
users
conducted
basic
measures
for
the
prevention
of
private
information
exposure/leakage the most, such as 'carefully managing private information, and not revealing it
to others(76.3%)'.
The rate of preventive measures such as 'taking care to use a shared folder(22.5%)', 'identity theft
confirmation service(21.0%)'. and 'storing authentication certificates on a USB(16.5%) were shown
to be relatively low.
[ Figure 24. Preventive measures for personal information breach(multiple response, %) ]
14
2. Experience & Responses to personal information Breach
A. Experience & type of personal information Breach
'Private businesses' were recognized as the primary violators of private information.
Users who experienced personal information breaches answered that private information was
mostly violated by 'private businesses'.
In particular, personal information was violated the most by 'the management negligence of
private businesses‘(66.5%), ‘providing private information to third parties by private businesses
(46.1%)’, and ‘unauthorized collection of personal information by private businesses‘(35.1%).
[ Figure 26. Experience and type of personal information breach(multiple response, %) ]
15
B. Response to personal information security incident
More than half of users who experienced a personal information security incident
did not take any particular action
More than half of users(62.3%) who have experienced a personal information security incident
were shown ‘not to have taken any particular action'.
When a countermeasure was taken, it was done mostly by 'withdrawing from the relevant
service and using a similar service from another company(29.5%).'
Relatively fewer experienced users were shown to have had ‘a direct complaint to the company
responsible
for
the
exposure/leakage
of
private
information
and
ask
for
financial
compensation’(6.9%), 'take an administrative measure of reporting/consulting the relevant
authorities’(5.1%), and 'suing for criminal & civil liability’(3.6%).
[ Figure 27. Countermeasures to personal information security incident(multiple response, %) ]
- Users who experienced personal information security incidents
16
3. Awareness & usage means of identification
Awareness & usage experience of 'mobile authentication(SMS)' & 'authentication
certificates' were high
The highest awareness(98.7%) & usage experience(90.1%) with 'mobile authentication(SMS)' as a
means of identification besides resident registration number was shown.
More than half of users recognized 'telephone/mobile authentication’(64.5%), 'credit card’(63.3%)
and 'i-PIN’(59.5%) but the ratio of usage experience among recognized users was shown to be
relatively low.
[ Figure 28. Awareness & usage experience of a means of identification besides resident
registration number(multiple response, %) ]
※ The usage experience represents a response rate on each standard item for internet users who recognized a means of identification
besides resident registration number.
17
4. Responses to receiving spam
A. Preventive measures against email spam
39.4% of internet users have tried to prevent email spam
Users who have taken necessary measures to prevent email spam were shown to be 39.4%.
'Sending a refusal of receipt to the sender’(21.6%) and 'using a spam mail filter service’(17.7%)
were most commonly used.
[ Figure 29. Preventive measure of email spam(multiple response, %) ]
B. Preventive measures against mobile spam
51.2% of Internet users have taken active measures to prevent mobile spam
More than half(51.2%) of users have taken measures to prevent mobile spam.
'The spam mail filter service’(31.6%) was used the most.
[ Figure 30. Preventive measure of mobile spam(multiple response, %) ]
18
Ⅴ. New Service Information Security
1. Awareness of new service information security
'Smart device' & 'SNS' security incidents were most common sources of concern
The recognition of a 'smart device' & 'SNS' among new services(products) was shown to be
the highest, and the security damages from these were shown to cause the most concern as
well.
'Cloud services’(35.7%), 'big data service'(16.7%), and 'internet of things'(IoT, 14.1%) were shown
to be relatively low.
[ Figure 31. Awareness of new service information security(multiple response, %) ]
※ The level of concern refers to a level of concern when a security incident on each item occurs based on a user who has recognized the item of a
new service(product).
19
2. Preventive/protective measures against security incidents in
smart devices
'Not visiting untrustworthy sites' for the prevention of security incidents
Smart device users most commonly took the measures of 'not visiting a site which can't be
trusted(72.0%)'. 'not downloading suspicious application’(67.2%), and 'deleting suspicious messages
& mail(64.2%)' in order to prevent/protect against security incidents.
Measures such as 'the latest version update of an operating system & vaccine program', 'use of a
downloaded file after scanning'. 'installation & inspection of a vaccine program', 'not voluntarily
modifying(jail-breaking) the platform structure of a smart device', and 'installing information
security applications(Phone Keeper) for smart devices' were shown to be more infrequently used.
[ Figure 34. Confirmation of smart device usage and preventive/protective measures against security incidents.
(multiple response, %) ] - Smart device users
※ Preventive/protective measure refers to the response rate of each standard item of smart device users.
20

2014 Survey on Information Security (Individual)

Transcription

Similar documents

Court visits scene of shooting

An Introduction to the Investment Aftercare Division

Dear Friends and Family, Hi! How are you? I hope that this past year

identatronics

ALC2016 2차 안내서-Eng-Web - Asian Leadership Conference

1 iCOOP KOREA`s Natural Dream store is taking a step closer to

User Manual

Reflection - King Ling College

Supertel

Jake Steinman

a methodology for improving information security incident