Information security trends surveyed
- Published: Wednesday, 09 March 2016 10:01
Bromium surveyed 100 attendees at the recent RSA Conference in an effort to understand some of the attitudes, opinions and trends among security professionals.
Firstly, Bromium asked ‘Are users your biggest security headache?’ In previous surveys, nearly three-quarters of security professionals said ‘yes.’ This trend continued at the 2016 RSA Conference, with 70 percent responding in the affirmative.
Next, Bromium asked RSA attendees to identify the source of their greatest security risk. In the past, Bromium determined that endpoint risk is five times greater than network or cloud. This trend continued in 2016: the endpoint remained the source of the greatest security risk (49 percent).
Bromium asked RSA attendees how quickly their organization implements patches for zero-day vulnerabilities. Fifty percent implemented patches in the first week, but more than a quarter took more than a month.
In an effort to understand more recent trends, Bromium asked the RSA attendees if they or anyone they know had been infected with ransomware. It was a pretty even split: 49 percent said yes and 51 percent said no.
The launch of Windows 10 is another recent trend. Bromium determined that 65 percent of RSA attendees have plans to evaluate or deploy Windows 10 in the next 12 months. However, it seems the industry still requires more education about the operating system. When asked to identify which Windows 10 security feature would be most effective at combating cyber attacks, more than a quarter (27 percent) had no response. Among RSA attendees that did respond, nearly one-third (30 percent) selected Microsoft Passport (two-factor authentication) and more than a quarter (27 percent) selected Device Guard (visualization-based security only runs trusted applications).
Bromium asked RSA attendees to identify the most effective aspect of a cyber security architecture; 64 percent selected prevention as the most effective aspect of a cyber security architecture. Conversely, Bromium asked RSA attendees to identify the least effective aspect of a cyber security architecture; 47 percent selected remediation and 36 percent selected prediction.
Finally, Bromium asked RSA attendees if Apple should comply with an FBI request to bypass the security of the Apple iOS. While a handful believe Apple should comply (or mentioned in conversation the issue was complex), overwhelmingly (86 percent) RSA attendees responded that Apple should not comply with the FBI. Clearly, the security industry is not comfortable with the weakening of security and privacy for a single case: once Pandora’s box is open, it can’t be closed.