I had the chance to meet representatives from Blumberg Capital, a San Francisco-based early-stage venture capital firm, during my time at RSA. I admit, not exactly the type of company I expected to interact with at RSA – most of my time is spent speaking with security analysts with various security companies – but during my conversation with Andrea Meyer, head of Marketing and Communications, she told me about research that Blumberg Capital conducted that she thought I’d find interesting. She was correct.
The study looked at our collective attitude toward cybersecurity. As consumers, and in turn as employees, we tend to be pretty haughty about our security IQ. Nearly two-thirds (60 percent) say they don’t believe they were a victim of a cyberattack, which is highly unlikely in light of the breaches at major retailers, universities, government agencies and medical facilities. More likely are those who claim they are unaware of being a victim. Also, large numbers of us believe we know more about cybersecurity than government officials, like the head of the FBI or CIA, as well as more than half of respondents who are sure they are more informed than their IT department about security threats. As David Blumberg, founder and managing partner of Blumberg Capital, said in a formal statement:
Consumers vastly underestimate cybersecurity threats and don’t know how to identify, respond or protect themselves from future attacks. Naiveté and arrogance are a really dangerous combination. Even experts can miscalculate how to mitigate risks and existing security solutions are no longer enough, especially in areas such as IoT or cloud security.
This follows the path of other studies out there, such as consumers having a great deal of trust in companies and those companies being more concerned about the loss of brand reputation over worrying about data breaches. I can see why, now. Too many consumers don’t think that data breaches directly affect them.
And not enough is being done on the front line to better protect companies and their customers from potential cyberattacks. According to ISACA’s State of Cybersecurity 2017 report, businesses struggle to find qualified security professionals, and this puts everyone at a disadvantage, as ISACA board chair Christos Dimitriadis told eSecurity Planet:
When positions go unfilled, organizations have a higher exposure to potential cyberattacks. It's a race against the clock.
As I’ve said before, cybersecurity is a collaborative effort. More needs to be done to recruit cybersecurity professionals, and more needs to be done to get the word out about cyberattacks. Underestimating cybersecurity needs hurts all of us in the long run.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba