One in 10 Australians still don't have security software installed and 49 per cent believe they will never be a victim of malware, according to new research from the Australian Communications and Media Authority (ACMA).
The findings, contained in the report Malware and Harmful Software: Consumer Views on Software Threats and Use of Protections, are at odds with the reality of malware infection in Australia: ACMA’s Australian Internet Security Initiative (AISI), which tracks incoming traffic for malware on behalf of Australian ISPs, is reporting 35,500 infected Australian IP addresses to ISPs every day.
“While it is difficult to accurately assess the amount of malware in circulation, the ACMA is identifying and reporting record numbers of malware infections under its vital AISI program,” ACMA's deputy chairman and cyber security spokesman, Richard Bean, said in a statement. “These alarming results indicate Australian internet users need to be more vigilant in protecting their computing devices from malware.”
Indeed, recent research from Trend Micro found that Australia hosts more malware botnet command-and-control (C&C) servers than any country except the United States – with one in 20 of all C&C servers located on compromised Australian computers.
Although Australia’s overall information security spend is growing rapidly, the results of the ACMA survey confirm many end users still have a much different view on the real risk of malware.
The results, which were collected by Roy Morgan Research in four focus groups and a phone survey of 1500 Australians aged 18 years and over, paint a glum picture of user security: for example, 10 per cent of users reported having no security software at all and 8 per cent have security software but don’t regularly update it.
Despite the low security profile, users are increasingly active online, with 88 per cent reporting they give personal or financial information online, 77 per cent using the Internet to bank, 75 per cent using it to shop, and 73 per cent using it to pay bills. Fully 63 per cent of users admit sharing their details on social networks, with mobiles used for social networking by 56 per cent of respondents compared with just 31 per cent using mobiles to bank, shop or pay bills.
Half of users said it was unlikely or highly unlikely that malware could let others use their computer to send out spam or redirect users to fake websites, while 43 per cent said it was unlikely or highly unlikely that malware could affect the way their systems operate.
Younger users were generally less aware of the risks of being online, with 60 per cent of 18-24 year olds saying it was unlikely someone else could use their computer to send out spam or redirect them to fake Web sites; by contrast, only 46 per cent of 50-64 year olds said such a result was unlikely.
Sixty-two percent of 18-24 year olds said it was unlikely that malware could steal their personal or financial information, compared with 43 per cent of 35-49 year olds.
Younger respondents were also less likely to keep their protective software, browsers, and general applications up to date, or to immediately delete emails from unknown sources. They were also less likely than older respondents to not click on email links from unknown senders, with just 75 per cent saying they knew not to do so – compared with 87 per cent of 35-49 year olds.
Follow @CSO_Australia and sign up to the CSO Australia newsletter.