RSA 2020: A Game of “Would You Rather”

RSA 2020: A Game of “Would You Rather”

Though RSA is officially behind us, headlines surrounding the show continue to circulate. It’s no secret that attendees walking the halls of Moscone had a lot of pressing issues to think about. Health concerns aside, we made it our mission to get a better glimpse into exactly what’s going on in the minds of security industry leaders around the world.

And what better way to do so than kicking it back to a good old fashioned game of “Would You Rather?”

Think you’ve got a pulse on your peers’ opinions? Ponder each question a bit first and form your own response, and then check out our findings for each.

Would you rather have a ransomware attack or have your credentials stolen by a foreign state-sponsored APT group?

With more than 150 million ransomware attacks taking place in 2019, this one seems like a no brainer, right? Think again. More than half of participants (57%) indicated that they would rather face a ransomware attack than have their credentials stolen by a foreign state-sponsored APT group. 

The silver lining? Perhaps this means the industry is boosting their network detection and response efforts, allowing them to feel better informed and protected against the attacks that plagued organizations last year.

Would you rather save hours per day chasing less false positives or hire more Tier 1 SOC analysts?

With the current talent gap more pervasive than ever, we couldn’t help but wonder if the industry would feel inclined to hire more SOC analysts. However, it looks like the skills shortage is here to stay – for now at least. Nearly 70% of participants would rather save hours per day chasing less false positives than hire more analysts.

What would you do with a few extra hours in your schedule?

Would you rather your corporate email get breached or your personal email?

According to Verizon’s 2019 Data Breach Investigations Report (DBIR) report, 94% of malware was delivered via email. With that in mind, RSA attendees were forced to decide if they prefer these risks bleed into corporate or personal environments. Can you say Sophie’s choice?

Participants were fairly split with 55% indicating they would rather their corporate email get breached. Sorry boss!

Would you rather deal with one giant breach or five small security incidents like a desktop ransomware infection that didn’t spread?

As you might have expected, there was really no comparison here. Organizations don’t want to be the next big headline and it shows in the results. 68% of respondents would rather tackle five small security incidents than one giant breach. 

No matter which scenario you prefer, technology like Lastline’s helps industry professionals manage incidents large and small by reducing false positives and better detecting and containing the cyber threats before they disrupt business.

Would you rather notify customers of a data breach that fell under a regulatory requirement to notify, or a rampant ransomware attack that you could keep quiet?

With regulatory requirements like GDPR and CCPA taking center stage at RSA, this one hit home for our participants. However, organizational reputations also remained top of mind, leaving conference attendees torn. How did the chips fall?

54% of respondents indicated that they would rather notify their customers of a breach that fell under a regulatory requirement whereas 46% indicated that they would prefer a rampant ransomware attack that could be kept quiet. 

Any pressing “Would you rather” questions you want answers to? Send them along and we’ll include them in our next survey. Then brace yourself for the unexpected. 

Donna Estrin

Donna Estrin

Donna is a corporate communications professional focused on AR, PR, social media and customer advocacy for security organizations.
Donna Estrin

Latest posts by Donna Estrin (see all)