Black Hat 2018 is over. Its post-conference survey of the world’s leading cybersecurity experts is telling.

You can read the 30-page report here. GadgetGuy has extracted the ‘best bits’ below.

It’s no longer a battle of the good geeks and bad geeks

In the good old days (read, until recently) tech-savvy, ethical professionals developed new ways of defending critical data, and tech-savvy cybercriminals found new ways to break those defences.

It has become a battle to protect the integrity of the internet.

How can humans safely communicate electronically and still maintain their privacy? Is it possible to conduct a democratic election without interference from hackers or rival countries? How can businesses safely and universally exchange money or data? These are just a few of the challenges that today’s IT security leaders are confronting.

Black Hat 2018The Black Hat 2018 attendee Survey – key outcomes

Following recent news of Facebook’s misuse of data

  • 55% of security professionals are advising internal users and customers to rethink the data they are sharing on Facebook
  • 65% are limiting their use of Facebook or avoiding it entirely due to security concerns.
  • 44% will keep the account but strictly limit usage
  • 25% will continue to use it with appropriate privacy settings
  • 7% are deleting their account
  • 10% have not used it

Following the deadline for the European Union’s new privacy regulation (GDPR, the General Data Protection Regulation)

  • 30% say they don’t know if their organisations are in compliance, or they haven’t started GDPR initiatives and are concerned
  • 25% have spent some funds on compliance and didn’t believe they are at risk
  • 19% believe they are not in compliance
  • 26% have not started or don’t know if they comply

Most IT security pros believe

  • 52% Russian cyber initiatives made a substantial impact on the 2016 U.S. elections
  • 71% Cyber activity from Russia, China, and North Korea is making U.S. data less secure
  • 69% A successful cyberattack on U.S critical infrastructure will occur in the next two years;
  • 15% Government and private industry are prepared to respond.
  • 13% Congress and the White House understand the cyber threat; only 16% approve of President Trump’s performance so far.

Security of their own organisation

  • 59% believe they will have to respond to a major security breach in their own organisation in the coming year
  • Most do not believe they have the staffing, skills or budget to defend adequately against current and emerging threats.

Prime attack vectors

  • 47% fear a sophisticated attack targeted directly at their organisation (intimate knowledge)
  • 40% via Phishing, social network exploits, or other forms of social engineering
  • 22% via accidental data leaks by end users who fail to follow security policy
  • 22% via compromise of cloud services providers that my organisation relies on
  • 16% via attacks or exploits on cloud services, applications, or storage systems used by my organisation
  • 16% via Data theft or sabotage by malicious insiders in the organisation

There are dozens more attack vectors including new cryptocurrency issues

End users remain the biggest issue

  • 38% worry about end users who violate security policy and are too easily fooled by social engineering attack
  • 18% say there is a lack of comprehensive security architecture and planning that goes beyond “­fire-fi­ghting”

Many other issues related to BYOD and mobile devices.