Another RSA Conference is in the books and with it concludes Bromium’s annual State of Security Survey. The size of RSA Conference 2016 echoed the continued growth of the security industry with more than 500 companies exhibiting. There were many conversations about many security threats and solutions; of course, Apple and the FBI have been thrust front and center.
Bromium surveyed 100 RSA attendees in an effort to understand some of the attitudes, opinions and trends among security professionals. In some cases, these questions repeated similar questions asked at previous conferences, in other cases these questions highlighted more recent trends.
Bromium will be publishing a full report in the coming weeks, but in the interest of timeliness has shared the following results today:
First, Bromium asked “Are users your biggest security headache?” In previous surveys, nearly three-quarters of security professionals said “yes.” This trend continued at RSA Conference 2016 with 70 percent responding in the affirmative.
Next, Bromium asked RSA attendees to identify the source of their greatest security risk. In the past, Bromium determined that endpoint risk is five times greater than network or cloud. This trend continued at RSA Conference 2016: the endpoint remained the source of the greatest security risk (49 percent).
Bromium asked RSA attendees how quickly their organization implements patches for zero-day vulnerabilities. Fifty percent implemented patches in the first week, but more than a quarter took more than a month; results similar to its Black Hat survey. It’s interesting to note the similarity between these initial results, as it lends more significance to the statistics.
In an effort to understand more recent trends, Bromium ask RSA attendee if they or anyone they know had been infected with ransomware. It was a pretty even split: 49 percent said yes and 51 percent said no.
The launch of Windows 10 is another recent trend. Bromium determined 65 percent of RSA attendees have plans to evaluate or deploy Windows 10 in the next 12 months. However, it seems the industry still requires more education about the operating system.
When asked to identify which Windows 10 security feature would be most effective at combating cyber attacks, more than a quarter (27 percent) had no response. Among RSA attendees that did respond, nearly one-third (30 percent) selected Microsoft Passport (two-factor authentication) and more than a quarter (27 percent) selected Device Guard (visualization-based security only runs trusted applications).
Bromium asked RSA attendees to identify the most effective aspect of a cyber security architecture; 64 percent selected prevention as the most effective aspect of a cyber security architecture.
Conversely, Bromium asked RSA attendees to identify the least effective aspect of a cyber security architecture; 47 percent selected remediation and 36 percent selected prediction.
Finally, Bromium asked RSA attendees if Apple should comply with an FBI request to bypass the security of the Apple iOS. While a handful believe Apple should comply (or mentioned in conversation the issue was complex), overwhelmingly (86 percent) RSA attendees responded that Apple should not comply with the FBI. Clearly, the security industry is not comfortable with the weakening of security and privacy for a single case – once Pandora’s box is open, it can’t be closed.