Pew Research took a look at user's attention to Heartbleed, and published a two-part study on it at http://www.pewinternet.org/2014/04/30/heartbleeds-impact/
It has an interesting comparison of users who knew about Heartbleed and users who knew about Edward Snowden. Sixty-four percent of Internet users actually knew about the vulnerability, and thirty-nine percent said they actually did something about it, like changing passwords or canceling accounts. The amazing part of this for security professionals is the percentages of people who knew a lot, or a little, about the issue of Heartbleed, outnumbered those who knew about Snowden.
Scarier still, fewer people knew a lot, or a little, about Russian incursions into the Ukraine.
This is a case where the companies serving Internet users got out the word to their consumers. It worked to raise their awareness of the vulnerability and the need to change account passwords. That was certainly worth the effort and users responded. However, beware of the consequences. It also increased user awareness of the vulnerability of their personal data. That too is a good thing.
I had a recent experience that points to the need, when a bank asked me to send them a receipt on email, and to indicate the credit card number used to pay it. I asked them why I would want to do that, and they said not to worry, "its secure". Anyone who goes through a loan application or resume submission knows that term. Banks and credit institutions, who should have strong security, spend more money on insurance than protecting my data. I don't trust them, and neither do an increasing number of users of their services. Amazon books:
No comments:
Post a Comment