For more years than anybody cares to admit, security professionals have been after end users to be more proactive about IT security. While progress on that front has been somewhat limited, a new survey of over 1,000 Americans from Unisys suggests that the average American is a lot more concerned about security today than any time in recent memory.
The latest Security Index report from the Lieberman Research Group that was conducted on behalf of Unisys shows a sharp increase in concerns over all aspects of security, even before the recent killing of arch-terrorist Osama Bin Laden. What remains to be seen, however, is whether all these increased anxieties will lead to any fundamental changes in end-user behavior.
Patricia Titus, chief information security officer (CISO) for Unisys, makes an analogy between owning a car and a computer. We train people how to drive because people can get hurt if someone doesn't know how to drive. People can also be harmed by systems that have been hacked or appropriated by malware, but we typically don't teach end users how to maintain the digital hygiene of their systems.
Obviously, people are not getting killed by their computers on a daily basis. But with the growing popularity of first smartphones and now tablet devices, more people are on the Internet than ever. It's really only a matter of time before we see these classes of systems being systematically compromised, which could have major implications for how people not only use these devices, but also the businesses that depend on the Internet to deliver services. In addition, most people taking the survey also recognized the inherent vulnerability of the Internet, which could lead to any number of catastrophic events.
Fear naturally tends to increase in difficult economic times. But the one thing that difficult times bring is more of a willingness to listen to our fears. If that's the case, then maybe the best time to launch a major computer security education effort is now because once good times do return, it'll be a whole lot harder to get end users to pay attention to IT security.