Are Black Hat Professionals Raising a White Flag on Privacy Protection?
A survey suggests top cybersecurity professionals are increasingly concerned about the safety of their own users and data.
These findings outlined in San Francisco-based Black Hat USA’s new research report, Where Cybersecurity Stands, compiled from Black Hat’s Attendee Survey in May 2018, from more than 300 information security professionals. This year’s report investigated hot topics including the rise in concern over privacy issues, election hacking, the U.S. Federal Government’s ability to handle cyberthreats, nation state attacks, the buzz around cryptocurrency profit, and the belief that critical infrastructures is still increasingly at risk.
Among the survey respondents were chief executives, CISOs, CIOs, chief technology officers, security specialists and researchers from organizations in more than 20 sectors, ranging from financial services to healthcare to government.
The survey results suggested that the world’s top cybersecurity professionals, which included 12% from banking and finserv community, are becoming increasingly concerned not only about the safety of their own users and data, but about the security of increasingly connected systems, the stability of national and international environments, and the privacy of individuals. The report warned, “In short, the professionals who are most familiar with today’s cybersecurity environment are in broad agreement that the systems that today serve as platforms for personal, political, and financial interchange are at significant risk of compromise — or even collapse.”
Staying consistent over the past five years and across the U.S., Europe and Asia – nearly 60% believe they will have to respond to a major security breach in their own organization in the coming year; most still do not believe they have the staffing or budget to defend adequately against current and emerging threats.
In response to an open-ended question about what global or political issue concerns them most, many security pros cited nation-state sponsored threats, ranging from espionage to stealing U.S. business data to all-out cyberwar. One respondent cited concern over the “lack of understanding by the general public as to the real result of nation-state hacking: loss of critical intellectual property, access to intelligence, and destabilization of both financial and critical infrastructure.”
Cybersecurity professionals questioned the future of privacy and the safety of personal identity because of the recent Facebook investigation, development of GDPR and various data breach reports. Influenced by these factors, only 26% of respondents said they believe it will be possible for individuals to protect their online identity and privacy in the future – “a frightening opinion as it comes from in many cases the professionally tasked with protecting such data,” the report suggested.
The cybersecurity professionals have also reconsidered their Facebook usage with 55% advising internal users and customers to rethink the data they share on the platform, and 75% confessing they are limiting their own use or avoiding it entirely.
Another topic was whether ethical hacking would be prevalent considering the rise of bug bounty programs. Nearly 90% still believe in the importance of coordinated disclosure, making it clear that hackers within the Black Hat community are still looking to help in the fight against cybercrime. Respondents also weighed in on cryptocurrency, with more than 40% expressing that they do not think that investing in Bitcoin and other cryptocurrencies is a good idea.
Professionals also raised a new concern around the effectiveness of technologies currently in use. Respondents cited only three technologies, among a list of 18, as effective: encryption, multifactor authentication tools and firewalls. Forty percent of them dubbed passwords, one of the most widely used technologies, as ineffective.
Last year, Black Hat reported that 60% of security professionals expected a successful attack on U.S. critical infrastructure – that data point has risen almost 10% in 2018. When asked who do they think will likely be behind such an attack? More than 40% of those surveyed believe that the greatest threat is by a large nation-state such as Russia or China.
Following the enactment of European GDPR privacy regulations, 30% say they do not know if their organizations comply; another 26% do not believe they are subject to GDPR.