“I don’t think that society in general will stand up and do something about security until people start dying in enough numbers that it could happen to them individually and not just organizations because we don’t care about organizations,” said Wendy Nather (@451wendy), Research Director for the Enterprise Security Practice at 451 Research.
At the risk of provoking hacktivist groups, Nather said this comment with great trepidation. It was her response to the comments Nawaf Bitar, SVP/GM of the Security Business Unit at Juniper Networks, made in his presentation at the 2014 RSA Conference.
Bitar argued that we aren’t getting angry enough about the poor state of security and our own privacy. He mocked the way we use social media to fight back and even offered up the Twitter hashtag #FirstWorldOutrage to provide examples and discuss the issue.
He said we needed to fight back harder, but Nather just doesn’t see that happening until there’s true personal harm.
Our feelings of security and privacy begin with trust, Nather said. We trust without thinking about it. But that trust happens between individuals and not organizations. We stopped trusting organizations.
Trust is very fluid. You can stop trusting someone because of something they did. We saw that play out with the RSA-NSA controversy. But to those outside of the security industry, most of them took the RSA-NSA revelation as a joke.
- Fred Cohen on Simplifying Security Assessments for Critical Infrastructure
- Colocation: An Ounce of Prevention is Worth a Pound of Cure
- Bob Russo on How Compliant Companies Get Breached
- Three Ways Your Security is Actually Hurting Your Security
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock