Survey Highlights Widely Divergent Views on State of Cyber Security in America
A new survey of American adults’ perceptions of cybersecurity and hackers shows both a generational and a gender divide in attitudes. Young adults often display a more pragmatic approach compared to a more hardline attitude from older Americans, while there is a frequent difference between the genders.
5000 American adults aged 16+ responded to an online survey conducted by Opinion Matters for HackerOne and Kaspersky Lab during December 2016. The purpose was to get insight into consumers’ perception of the hacker mindset and motivation without specifically differentiating between blackhat hackers and whitehat researchers.
The generational divide is clearly shown in the respondents’ attitude towards hacker motivation. Fifty-two percent of respondents aged 45-55+ believe that hacker motivation is to be malicious, and 59% believe the motivation is to create problems. Only 35% of those aged 16-24 think hackers hack with malicious intentions.
However, far fewer Americans believe in ‘good intentions’: 15% believe hackers hack to report vulnerabilities, and only 14% believe they are motivated by ‘good feeling’ in helping companies and government understand security weaknesses.
Knowledge of bug bounty and pentesting operations seems to make little difference to Americans’ buying behavior. Only 22% say they are more likely to make a purchase from companies that use these to protect their services, while 54% say it will make no difference.
Of particular interest is the response to a question about current politics: “Do you think North America will be more vulnerable to cyber-espionage or nation-sponsored cyberattacks with Donald Trump as President of the United States?” Only 28% believed in December 2016 that Trump policies will definitely make the US more vulnerable. Sixteen percent thought it possible, but 56% didn’t “think the risk will be any higher than before.”
This seems to be in sharp contrast to current thinking from the government agencies tasked with protecting the US. The Observer yesterday published an article headlined “Intelligence Community pushes back against a White House it considers leaky, untruthful and penetrated by the Kremlin.” Written by John Schindler, a former National Security Agency analyst and counterintelligence officer, it claims, “Our Intelligence Community is so worried by the unprecedented problems of the Trump administration… that it is beginning to withhold intelligence from a White House which our spies do not trust.”
Of particular concern is a series of December telephone conversations between national security adviser Michael Flynn and the Russian embassy in Washington which would have been automatically monitored by US SIGINT (discussed in detail in The Washington Post on Thursday last week).
The implication is that the American people had greater trust in Trump’s national security in December 2016 than the US intelligence community has in February 2017.
The survey (PDF) question also highlights both the generational and gender differences among American attitudes. Men are less concerned than women (60% vs 52%) about the state of cybersecurity under the new administration, while millennials (aged 16-24) “were the most likely to think that North America would be more vulnerable to cyber espionage or nation-sponsored cyberattacks with Donald Trump as president (56%).”
Particularly concerning, however, is that the majority of consumers do not trust their own employers. “Only 36% of U.S. adults,” says the report, “said that they would choose to be a customer of their own employer knowing what they know about their company’s cybersecurity program and ability to protect customers from cyber criminals.”
“This study,” concludes Ryan Naraine, head of the U.S. Global Research and Analysis Team at Kaspersky Lab, “helps to highlight the ongoing confusion among Americans, both at home and while at work, regarding cybersecurity. Cybersecurity is everyone’s responsibility, and it’s imperative that the security community, businesses and governments routinely work together to educate Americans on cyber threats. We need to ensure that consumers and organizations are not only educated on the risks, but also know the best solutions for safeguarding sensitive data from cybercriminals.”