Consumers on InfoSec: What, Me Worry?
Index: Personal, Financial Distress Outweigh Internet Concerns"It just amazes me the extent in which people seem to be generally unconcerned about cybersecurity issues," Frymier says, citing publicity about the Target and other retailer breaches, e-spying and hacking from the Chinese Liberation Army and the revelations by Edward Snowden about National Security Agency meddling. "... At the end of the day, the consumer hasn't been hurt by this activity."
The IT services company this week issued its Unisys Security Index for the first half of 2014, which is near its lowest point since it introduced the measurement in 2007. Among the four types of security the index tracks - financial, Internet, national and personal - Internet security raised the fewest eyebrows among consumers, receiving a score of 112, well below the 130 received by financial security. National security and personal security received scores of 127 and 124, respectively.
"You hear so much about these events in the media that it has no direct effect on people's day-to-day lives; they just start to tune it out," Frymier says in an interview about the Unisys Security Index with Information Security Media Group.
"Who has been hurt by this activity are the banks, the merchants and other retail institutions; the governments and other large institutions in which intellectual property is being stolen," he says. "This just doesn't hit the rank-and-file citizen."
Still, among American consumers surveyed, 59 percent say a security breach involving their personal or credit card data would make them less likely to do business at a bank or retailer that they commonly use.
But will consumers begin to boycott banks and retailers who have experienced breaches? Alluding to Americans' attitude toward Congress and how they vote, Frymier suggests that people say one thing and do another. "I'm reminded of several polls [in that] people think that Congress is doing a horrible job but their individual representative is okay," he says. "So, I think that may be a little bit of that phenomenon that we're seeing here."
Most consumers, though, express concerns over viruses and unsolicited e-mails but not at alarming rates, according to the survey Unisys conducted to update the index.
But the survey shows consumers to be a bit more concerned about the security of shopping and banking online.
The Unisys survey also shows that consumers express increasing anxieties over other people obtaining and using their credit and debit card details.
Concern about unauthorized access to or misuse of personal information is up a bit in 2014 from 2013, according to the survey.
In the interview, Frymier:
- Offers lessons IT security practitioners could take from the index,
- Describes how the Unisys Security Index works and
- Explains how employing network segmentation techniques could defend against breaches.
As CISO, Frymier oversee the development and implementation of global information security policies, standards and procedures. He also leads Unisys consumerization of IT program, charged with fostering the evolution of Unisys IT strategy and implementation to accommodate mobility and the adoption and effective use of consumer technologies in the Unisys infrastructure. He is a Certified Information Systems Security Professional.