Black Hat 2018 is over. Its post-conference survey of the world’s leading cybersecurity experts is telling.
You can read the 30-page report here. GadgetGuy has extracted the ‘best bits’ below.
It’s no longer a battle of the good geeks and bad geeks
In the good old days (read, until recently) tech-savvy, ethical professionals developed new ways of defending critical data, and tech-savvy cybercriminals found new ways to break those defences.
It has become a battle to protect the integrity of the internet.
How can humans safely communicate electronically and still maintain their privacy? Is it possible to conduct a democratic election without interference from hackers or rival countries? How can businesses safely and universally exchange money or data? These are just a few of the challenges that today’s IT security leaders are confronting.
The Black Hat 2018 attendee Survey – key outcomes
Following recent news of Facebook’s misuse of data
- 55% of security professionals are advising internal users and customers to rethink the data they are sharing on Facebook
- 65% are limiting their use of Facebook or avoiding it entirely due to security concerns.
- 44% will keep the account but strictly limit usage
- 25% will continue to use it with appropriate privacy settings
- 7% are deleting their account
- 10% have not used it
Following the deadline for the European Union’s new privacy regulation (GDPR, the General Data Protection Regulation)
- 30% say they don’t know if their organisations are in compliance, or they haven’t started GDPR initiatives and are concerned
- 25% have spent some funds on compliance and didn’t believe they are at risk
- 19% believe they are not in compliance
- 26% have not started or don’t know if they comply
Most IT security pros believe
- 52% Russian cyber initiatives made a substantial impact on the 2016 U.S. elections
- 71% Cyber activity from Russia, China, and North Korea is making U.S. data less secure
- 69% A successful cyberattack on U.S critical infrastructure will occur in the next two years;
- 15% Government and private industry are prepared to respond.
- 13% Congress and the White House understand the cyber threat; only 16% approve of President Trump’s performance so far.
Security of their own organisation
- 59% believe they will have to respond to a major security breach in their own organisation in the coming year
- Most do not believe they have the staffing, skills or budget to defend adequately against current and emerging threats.
Prime attack vectors
- 47% fear a sophisticated attack targeted directly at their organisation (intimate knowledge)
- 40% via Phishing, social network exploits, or other forms of social engineering
- 22% via accidental data leaks by end users who fail to follow security policy
- 22% via compromise of cloud services providers that my organisation relies on
- 16% via attacks or exploits on cloud services, applications, or storage systems used by my organisation
- 16% via Data theft or sabotage by malicious insiders in the organisation
There are dozens more attack vectors including new cryptocurrency issues
End users remain the biggest issue
- 38% worry about end users who violate security policy and are too easily fooled by social engineering attack
- 18% say there is a lack of comprehensive security architecture and planning that goes beyond “fire-fighting”
Many other issues related to BYOD and mobile devices.