Fewer than half (48%) of surveyed attendees at last week’s RSA Conference said they feel the NSA has overstepped its boundaries in its surveillance of US and foreign citizens.
Following widespread criticism of the agency in keynote speeches, this poll indicates that many security professionals consider its actions necessary to US cyber-defense, according to Thycotic Software’s survey of 341 RSA Conference attendees.
But they’re keeping an open mind: A full three quarters (75%) of respondents, regardless of their stance on the NSA, think those who boycotted the RSA Conference this year on principle have a right to expressed their opinion, and 9% had even contemplated joining them. Only 17% say those who boycotted RSA are attention-seekers.
Of the 52% of respondents who did not indicate that the NSA overstepped its bounds, 21% believe that the government needs to be aware of citizens’ communications data in order to better protect them from terrorist activity, and 31% say they are conflicted about the issue, and that while they have nothing to hide, they are concerned about a loss of privacy.
The survey also tackled a related cyber-issue: specifically, insider breaches. Snowden, after all, was a trusted contractor at the NSA. Show attendees displayed a widespread belief that abuse of privileged access does occur within their organizations.
The majority –61% – of respondents acknowledge that they either know that employees within their company have abused privileged access (24%) or that it is likely that they have (37%). Only a fifth (20%) are unsure whether it’s happened in their organization.
“Regardless of where you stand on the issue, the attention around Edward Snowden’s alleged disclosures last year has raised major concerns worldwide around the risk posed by insiders who have access to privileged account passwords,” said Jonathan Cogley, founder and CEO of Thycotic, in a statement.
Only 19% of respondents are confident that such access is used properly. In what may signal a resignation to this reality, a surprising one in five (19%) RSA attendees indicate that they would still hire Edward Snowden, given the opportunity.
“It’s disheartening to hear that so many RSA attendees think privileged abuse is happening within their companies, and it goes to show that there is a need to be more vigilant than ever when it comes to managing and tracking who has access to privileged accounts and sensitive data,” said Cogley. “Regardless of intention, data breaches always have the potential to devastate a company’s reputation and create a significant drain on resources.”