Black Hat Survey: Enterprise Tech, US Government Unprepared for CyberattacksThe 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
More than two-thirds (69%) of cybersecurity experts predict a successful cyberattack will hit US infrastructure within the next two years – and a majority express low confidence both in security technology to protect their organizations and in the US government to defend the nation against attacks.
Respondents of the 2018 Black Hat Attendee Survey, a group of 315 IT and security pros who attended the conference in 2017 or who are registered for this year's conference, were asked to rate the effectiveness of technologies available to enterprise security teams. It was the first time this question was included in the survey and responses indicate the security community sees ample room for improvement.
In a list of 18 technologies, only three were rated as "very effective" or "somewhat effective" by a majority of participants: encryption, multifactor authentication tools, and firewalls. The remaining 15 were ranked "effective" by 47% or fewer respondents with mobile security tools, data leak protection, and passwords rounding out the bottom three. Only 19% said passwords are very/somewhat effective; 37% said they are "not at all effective" or "not very effective."
It wasn't the only area where most attendees were in agreement. Respondents voiced similar thoughts on many areas across the security spectrum including which nation(s) will be behind a major cyberattack on the US, staffing issues, and concerns around data security and privacy.
Meanwhile, security pros feel under-resourced again this year: the majority of respondents say they do not have enough staff, budget, or training to meet the threats their organizations will face in the next 12 months.
Cyberattacks Threaten an Ill-Prepared US Government
The majority (52%) of respondents think Russian cyber activity had a "substantial impact" on the 2016 US election. Seventy-one percent think cyber initiatives from Russia, China, and North Korea threaten the security of US data, the report states.
One open-ended question asked attendees which global or political issues concern them most. Many cited nation-state threats ranging from espionage to steal US enterprise data to "all-out cyberwar." Many cited issues affecting the US government: election fraud, lack of cyber resources, and the choice to eliminate the position of federal cyber advisor.
Forty-three percent of experts polled think the greatest threat to US infrastructure is an attack by a large nation-state such as Russia or China. However, it seems an attack by a financially motivated cybercriminal group is more concerning (11%) than an attack from a politically motivated terrorist group (7%) or a rogue nation-state like North Korea (3%).
The danger is real but most don't think the US is equipped to face it: Only 15% of respondents think the government understands cyberthreats and will take steps to defend the country. Thirteen percent think Congress and the White House understand the cyberthreat and only 16% of respondents approve of President Trump's performance, the report shows.
The Future of Privacy is Bleak
Security experts have a gloomy outlook on the state of data privacy, a mindset shaped by the recent Facebook investigation, data breach reports, and European General Data Protection Regulation (GDPR), which went into effect last month. Thirty percent of respondents claim they haven't begun any GDPR-related initiatives, nor do they know if their business is compliant. More than one-quarter (26%) don't think they are subject to GDPR regulations.
More than half (55%) of respondents say they advise customers and internal users to reconsider data shared on Facebook. The majority (65%) limits their own Facebook usage or avoids the social platform entirely due to security concerns. Only 26% of respondents think it will be possible for people to protect their online identity and privacy in the future.
"This is a bleak outlook indeed when coming from those who understand the threat best, and in many cases, are professionally tasked with protecting that data," the report states.
Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio