The Unisys 2017 Security Index found that public concern over Internet security has increased more than any other security concern since their 2014 survey.
“Our biggest percentage increase was in viruses, malware, and hacking activities. Those are the things that were most specifically on people’s minds. About 22 percent more Americans are concerned about those concerns than they were in the past,” said Bill Searcy, Unisys vice president of global justice, law enforcement, and border security and former FBI deputy assistant director of the IT Infrastructure Division and Cyber. “We’re such a connected society, we can’t go back.”
“The findings themselves are not surprising,” said Frank J. Cilluffo, associate vice president at George Washington University and director of the Center for Cyber and Homeland Security, explaining that the physical and cyber realms are becoming less and less distinct. “I think the reality is that the two are converging a lot quicker than decision-makers, and a lot quicker than the communities that are responsible for defending them, can get their arms around some of these challenges.”
Despite the dramatic increase, Internet security still took second to national security concerns in the U.S. However, according to Searcy, the same media focus on the drama of relatively rare plane crashes that drives an irrational fear of flying may also account for heightened national security fears.
“I think the threat doesn’t necessarily match the results,” said Searcy. “I think what causes people to be afraid flying frankly is a lack of understanding. And in a lot of the things that we’re talking about here, a lot of the threats that people responded to, it was a lack of understanding and the perception that anyone can become a victim.”
“The way we’ve seen the threat manifest itself, for those in the national security space, may not even find that to be the most significant threat. So the reality is we’re bombarded, and that’s part of the media cycle,” said Cilluffo.
Cilluffo added that coverage of certain cybersecurity incidents over others can also skew the perception of danger in the public, calling the WannaCry attack “meat and potatoes” of cyber threats, rather than a game changing problem.
“The attack on SWIFT, the theft of $82 million from the central bank of Bangladesh, to me, was a much bigger incident than most of those we’re talking about,” said Cilluffo. “I think the perception does matter, because ultimately that’s what drives decisions and purchasing, but I’m not sure that it always matches up with what people are most focused on.”
Unisys Federal President Venkatapathi “PV” Puvvada said that he expects to see Internet security overtake national security in the public concern, as it presents an “existential crisis.”
“That is the most persistent threat,” said Puvvada. “I believe, in the longer run, Internet concerns for the people will take center stage, because that’s a persistent issue.”
However, according to Ron Ross, fellow at the National Institute of Standards and Technology, concern is not enough to effect change.
“The survey shows that people are concerned, you’ve got their attention, but it’s conflicted, because they also love the technology,” said Ross. “After that concern dies down, we’re back to asking ‘when is the next iPhone 8 coming out, or whatever is the next generation?’ because we love the technology.”
Ross compared cybersecurity needs to the space race in the mid-20th century, in which President Kennedy encouraged the public and private sectors to work together on the problem for the sake of the nation’s security.
“We always rise to the occasion, but we can only do that when industry, government, and the academic community work together,” said Ross. He applauded the recent Cybersecurity Executive Order for calling out the connection between modernization and cybersecurity in the Federal government.
“We’ve got limited resources, close to unlimited vulnerability,” said Cilluffo, “and we’ve got to remember we’re dealing with a thinking predator, a thinking adversary that bases their actions in large part on our actions.”