RSA, like all good conferences, provided the opportunity to do some real networking, hear about new ideas and approaches to old problems, and essentially get a good feel for where the industry and security issues are headed in the near future.
Through my own observations, I noticed an age gap in the way people think about security and privacy issues. It seems everyone agrees about the need for security and the need to protect customer (or user) privacy, but where the lines of privacy and security are drawn is up for debate. For example, one man I spoke with, who I’d guess was in his 40s or 50s, said he was much more concerned with the details private industry collected about him and shrugged off the NSA-related privacy concerns. The next day, a twentysomething said he appreciated how much private businesses knew about him and how that made his life easier, but the government data collection was a definite privacy invasion and had to stop.
While I was making my own personal but informal observations like this, several companies took the opportunity to formally survey participants at RSA about security issues and concerns.
First, Bromium conducted a survey of more than 100 information security professionals to get their opinion regarding the confidence they have in their current security systems, as well as their opinion about the initiatives to ramp up security sharing. Those surveyed were asked to give their company’s security a letter grade; the vast majority graded their security as average or slightly above (B and C grades). Only 8 percent said their company’s security deserved an A, but no one failed their security system.
When asked about firewalls and antivirus software, the survey participants agreed that neither technology is doing its job well enough, with approximately a quarter of the responses giving those two tools a failing grade. On the other hand, next-generation solutions like sandboxes and endpoint isolation received mostly As and Bs.
As for the idea of sharing security information, 78 percent believe it would be beneficial, but at the same time, nearly half admitted they’d be hesitant to participate.
Second, a survey conducted by Thycotic asked 202 RSA participants for their opinions about NSA surveillance in the post-Snowden era. A whopping 94 percent stated they believe the NSA’s surveillance has increased or remained the same since the Edward Snowden leaks. As a Help Net Security article stated:
In fact, nearly half (48 percent) of the respondents believe that the NSA has increased its surveillance of U.S. citizens since Snowden’s revelations, while 45 percent feel that there has been no change. Just 6% believe that the national exposure of classified NSA documents has led to a decrease in NSA surveillance.
The survey also asked participants for their thoughts on the Cyber Threat Intelligence Integration Center and the idea of information sharing. The results were similar to the Bromium survey, where 70 percent said this type of sharing will help improve security measures—especially on the levels of national security.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba