“Heartbleed changes everything.”
Thats something I heard said several times this week whilst at BSidesLondon and InfoSec and it should be true but, according to a Pew Research Center survey, it probably isn’t (in terms of the general public taking an interest in issues that concern them).
Despite the best efforts of security experts and coverage in mainstream media, the survey discovered that 60% of adults (and 64% of all internet users) were aware of the bug. I suppose in some ways it could actually be argued that such a figure is to be celebrated but, alas, it still means that around 1 in 3 of all web users remain blissfully unaware of the flaw.
The report, which evaluated the responses of 1,501 adults, also found that less than one fifth (19%) had heard a lot about Heartbleed and fourty-one percent had only heard a little.
By way of comparison, 88 % of Americans were well versed on the Newtown, Connecticut shootings in December 2012, sixty percent were familiar with Pope Benedict’s decision to stand down and 46% were well aware of the tensions between Russia and Ukraine. On a more security-related theme, 51% of those surveyed were well versed on the Edward Snowden revelations.
Thus, it would seem, the public have far far more interest in other security topics, not to mention more generalised news, despite the potential issues posed by Heartbleed (you can find out what you need to know here by the way).
“The Heartbleed story registered roughly the same level of public awareness as the U.S.-Iran negotiations and agreement to allow monitoring of Iran’s nuclear program (in November and December 2013) and Catholic Bishops in the U.S. protesting Obama Administration policies they believe restricted religious liberty (July 2012).”
And thats a real shame.
Worse still, arguably, is the fact that only 39% of those who were aware of Heartbleed actually took steps to address the situation by cancelling accounts or, crucially, by changing passwords (at the right time, hopefully). That despite the fact that 29% of the respondents believed that their personal information was put at risk by the flaw. Six percent also thought that their personal info had actually been stolen.
Overall, Pew found that around half (46%) of internet users thought that their personal data is “somewhat secure”, 26% thought their personal info was “not secure at all” or “not too secure” and only twenty-three percent think everything is hunky dory when it comes to keeping their information secure.
Lots more to be done on security awareness then, huh?
More interesting data from the survey may suggest that such awareness training should be aimed at specific areas too with the figures highlighting that those with higher levels of education felt the most at risk, though this may be because “those with higher education were also more likely to have heard a lot about Heartbleed.”
Interestingly, higher income respondents also felt at higher risk, though it wouldn’t be a stretch to assume that such people also represented the better educated amongst those surveyed.
So, irrespective of your background, it seems that there is much more to be learned about Heartbleed itself as well as the associated scams that have sprung up around it.
Stay secure people!