A survey of 341 attendees of the recent RSA Conference in San Francisco revealed that less than half (48 percent) felt the NSA overstepped its boundaries with its surveillance programs.
This year’s conference faced controversy due to allegations that RSA accepted a $10 million payment from the NSA several years ago to use a weak number generating algorithm by default in its BSAFE toolkits. The resulting furor led several scheduled speakers to pull out of the conference, while other people created a rival event known as Trustycon, which took place Feb. 27 at a nearby location.
Seventy-five percent of those surveyed – regardless of their stance on the NSA – felt that those who boycotted the conference had a right to their opinion, and nine percent said they contemplated joining them. Seventeen percent classified those who boycotted the conference as attention seekers.
Of the 52 percent of the respondents who felt the NSA did not overstep, 21 percent believe the government needs to be aware of citizens’ communications data in order to protect the nation from terrorist activity. Thirty-one percent meanwhile, said they were conflicted about the issue.
In addition to the diverse attitudes about the NSA’s electronic surveillance, the survey also revealed many attendees are skeptical when it comes to their ability to control privileged access within their organizations. Just 19 percent said they were confident such access is used properly, while 61 percent said they either know employees have abused access within their company (24 percent) or feel that it is likely they have (37 percent).
“Regardless of where you stand on the issue, the attention around Edward Snowden’s alleged disclosures last year has raised major concerns worldwide around the risk posed by insiders who have access to privileged account passwords,” said Jonathan Cogley, founder and CEO of Thycotic Software, in a statement. “It’s disheartening to hear that so many RSA attendees think privileged abuse is happening within their companies, and it goes to show that there is a need to be more vigilant than ever when it comes to managing and tracking who has access to privileged accounts and sensitive data. Regardless of intention, data breaches always have the potential to devastate a company’s reputation and create a significant drain on resources.”
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Fewer Than Half of RSA Attendees Think NSA Overstepped: SurveyWidespread Attack Campaign Highlights Router Security Woes Meetup.com Battles DDoS Attacks, ExtortionGameover Trojan Uses Rootkit to Block Removal Data Center Security Challenged by Configuration Issues