We all know that security is important, and if we start to forget, we're constantly bombarded with information about breach after breach after breach after breach after... Most of our opinions about security are based on things we believe to be true but lack empirical evidence. HP hosted a seminar today that brought a lot of relevant facts into the conversation and the results will probably be even scarier than your gut reaction.
That was our reaction after attending the "Security 20/20" session today at HP Discover. Andrzej Kawalec, Chief Technologist of Enterprise Security Services at HP, provided some interesting insight into the security world. He started by describing how many people were in the world and how that number was expected to grow by 2020, then followed up with how many were online and the expected growth in that area as well. India, for example, has roughly 1.2 billion people, but only 7.5% of them are currently online. When that number grows, the number of potential new hackers will increase as well.
Some of the scarier numbers we learned:
- 84% of breaches now occur at the application layer as opposed to the network or operating system
- 9 out of 10 smartphone apps have significant security flaws in them
- Only 2.5% of all passwords are unique, meaning your password is probably used by someone else too
- The UK has 1 CCTV camera for every 32 people, the highest ratio in the world
- The average time to detect a security breach is 243 days
- Even worse, 94% of breaches are identified not by the victim, but by a 3rd party!
We were extremely shocked by the second bullet point, that 9 out of 10 smartphone apps have flaws. It was later explained that a flaw included things like sending passwords on the network in clear text, accessing personal data on the mobile device without user authorization, or not encrypting important data on the phone. Even more important, these flaws were not from mom and pop developers, but rather from top named companies, including those in the banking industry.
Kawalec went on to give some predictions, the most interesting of which was that he believes passwords will be obsolete in the next 2-3 years, replaced instead by biometrics, although that brings up the question of privacy and how to protect genetic information. That's a theory we explored here last year.
Overall it was a very informative session and we'll be sure to bring more information we learn from the HP Discover show!