TOPICS SURROUNDING DEVELOPER SECURITY

In order to provide a list of 50 topics surrounding developer security, we have looked at non-company specific conferences that took place in the United States surrounding security that occurred either virtually after lock downs for COVID-19 and/or in the first three months of 2020 when there was no lock down and/or conferences that occurred in the latter half of 2019. We have provided the name of the conference, website link to it, when it took place, and the overarching theme of the conference. Then after scanning the conference agenda, we provided relevant topics discussed at that conference, a synopsis of each topic when that was available, and who delivered the presentation. In total, we scraped the websites of nine conferences in order to build a list of 50 topics. We felt this portion of the research was best delivered in a custom Google spreadsheet for ease of viewing, which can be accessed here. We also did a media scan to understand fifteen topics surrounding developer security currently top of mind in media reporting. As requested and where it was available, we have included any new security policies that have been announced in the United States broadly, or more narrowly, in individual states. For each media article found, we provided the name of the article, the link to it, the topic covered, and a brief description of the content. We also placed this in the custom Google spreadsheet deliverable. Finally, we have curated seven pieces of information, data, and/or statistics surrounding consumer perception of online security in the United States. This included, but was not limited to, mobile security perceptions and the perception of cybersecurity threats in general. We did not place this part in the Google spreadsheet deliverable, and instead, it can be viewed below under the header titled “Consumer Perception of Online Security “.

Security Based Conferences: Topics Discussed

• We have presented two highlights from this part of the research below. However, the entirety of this part can be viewed in this custom Google spreadsheet on the tab titled conferences.
•  Black Hat USA took place virtually from August 1 – 6, 2020. One of the sessions was called “Election Security: Securing America’s Future” The session was described as “[t]he United States Government is intensely focused on election security and is working together with election partners better than ever before. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is leading the federal effort to support state and local officials in their important mission to secure elections in 2020. We are sharing intelligence, resources, support and cybersecurity services to secure election infrastructure against malicious activity.” This can be viewed in row 6 of the Google spreadsheet.
•  The Cyber Security Summit will be taking place in Houston, Seattle, Scottsdale, Nashville, Columbus, and Boston with dates of October 1, 9, 15, 20, 30, and November 5 respectively. “The Cyber Security Summit connects C-Suite & Senior Level Executives who are responsible for protecting their companies from all types of cyber crime, insider threats, ransomware & maintaining compliance with information security experts.” We curated four topics from across all six cities which can be viewed in rows 11-14. 

Media Scan: Topics Discussed

• We have presented two highlights from this part of the research below. However, the entirety of this part can be viewed in this custom Google spreadsheet on the tab titled media scan.
•  An article called “Congress, Warning of Cybersecurity Vulnerabilities, Recommends Overhaul” was published by The New York Times on the topic of cybersecurity. An excerpt from the article is: “A yearlong congressional study of American cyberspace strategy concludes that the United States remains ill-prepared to deter attacks, including from Russia, North Korea and Iran. It calls for an overhaul of how the United States manages its offensive and defensive cyberoperations.” “The White House has also been secretive about current policy: The administration refused to share with Congress, or the commission, the presidential order signed in August” This can be found in row 16 of the Google spreadsheet.
• In row 13, a Forbes article titled “The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About” can be viewed. Five cybersecurity trends are discussed: “Artificial intelligence (AI) will play an increasing role in both cyber-attack and defense, political and economic divisions between east and west lead to increased security threats, political interference increasingly common and increasingly sophisticated, the cybersecurity skills gap continues to grow, and vehicle hacking and data theft increases.”

Consumer Perception of Online Security

• When consumers were asked whether they felt they properly understood personal, business, and government cybersecurity, eighty-four percent of those surveyed felt they had a strong understanding of the consequences that come along with personal data being stolen. That percentage, however, does not mirror reality. It is well documented that cyberattacks cause huge losses for companies each year. However, for consumers it is negligible. The reality is that in the United States the law is clear: the customers’ money must be returned to them by their financial institutions if money is taken from their account without authorization. This disconnect that consumers have about the reality of their exposure shows that there is confusion surrounding what their personal liability is for financial losses with established institutions and how the financial system in the United States has been designed to mitigate direct consumer costs. However, nothing in life is free, so somehow these breaches must get paid for, and ultimately those costs are passed onto the consumer by raising prices on the products and services offered.
•  Financial loss is of the highest concern to consumers, with almost sixty percent revealing that their greatest fear is that their financial information could be stolen by hackers. Of lesser concern was their personal healthcare data becoming public at fourteen percent, political campaigns using data to target and influence their opinions at eight percent, and having to pay some sort of ransom if their information was being extorted at six percent.
•  Blumberg Capital research shows that embarrassment as a result of data breaches is also a concern shared by consumers. Online dating platforms, along with social networks are viewed as the least trustworthy. However, seventy-seven percent of these consumers do believe that federal and state governments are trustworthy and will keep their private data safe. These consumers also believe that organizations learn their lessons from breaches that do occur. Sixty-four percent of those surveyed felt that large scale breaches suffered by the likes of Facebook, Target, and Equifax taught them to become more secure and better positioned to protect their sensitive information moving forward.
•  Artificial Intelligence seems to be something that consumers are comfortable with. Sixty-two percent of those surveyed by Blumberg Capital revealed that they would be perfectly fine with companies using AI to monitor their online activity if that meant it would assist them to prevent fraud as well as maintaining security surrounding their identity.
• When looking at a PwC multi-country survey of 5,000 consumers and parsing out the two data points available just for the United States, we are left with a narrow snapshot of how American consumers feel about the privacy of their data. Ninety percent say they wish there were more companies they could trust with their data, while eighty-one percent call sharing personal information with companies a “necessary evil.” There is much more data available surrounding how consumers feel about data privacy, but the rest is presented with global numbers. Nonetheless, we felt this survey would be of interest, and the entire report can be viewed here.

•  High levels of connected device ownership does not indicate that people are satisfied with the privacy and security of these devices according to new research from Consumers International and the Internet Society. “Seventy percent of consumers in the United States report being concerned with the way connected devices collect and use personal data.” Additionally, seventy-five percent of those surveyed felt that consumers using connected devices should worry about the risk of eavesdropping and fifty percent do not trust the IoT to not be a risk to their privacy and security. “Seventy-seven percent revealed that they think people using connected devices should be concerned about their data being used without their permission.”

• A new survey of 1,000 adults in the United States who regularly use electronic devices, such as phones and laptops, reveals that how consumers view security accountability has evolved. In 2019 forty-two percent of Americans surveyed felt that they were responsible for their security. In 2020 that percentage has increased to sixty-three percent. This increase demonstrates that consumers are taking responsibility for their privacy and identity and have an increasing awareness of it and the role they play in protecting it. Forty-eight percent of Americans believe that they could fall victim to an online security breach, and sixty-five percent are concerned about the connected devices installed in their home and the security of them.

Additional Helpful Research

• We found this January 2020 study that examined consumers in different countries and which ones placed the highest value on privacy. It was authored by Jeffrey Prince and Scott Wallsten of the Technical Policy Institute. This was a global survey of six countries, including the United States, but it was impossible to parse out all the US data. We still felt that this might be of interest, so we have linked to the report here.  
• We also found this September 2019 Google consumer survey where people in the United States and Canada were asked where they stand with the main themes connected to protection. “ESET and NCSA polled 4,000 consumers (2,000 Americans and 2,000 Canadians) in four separate surveys of 1,000 consumers each. The surveys have a margin of error of +/- 3.2%.” We did not include this in our main research because it included Canadians, but we decided that this might be of interest, so we have linked to the survey results here.