Gloomy cyber forecast from Black Hat
- By Matt Leonard
- Jul 07, 2017
What: Portrait of an Imminent Cyberthreat: 2017 Black Hat Attendee Survey
Why: At one of the largest gatherings of cybersecurity professionals, attendees voiced their concerns about an attack on the nation's critical infrastructure and enterprise vulnerabilities. “The combination of increased nation-state hacking, a lack of cyber preparedness in government, and the availability of sites that publish stolen data, including WikiLeaks, is a recipe for concerns about an imminent, successful cyberattack on US infrastructure," the survey said.
Findings: Sixty percent of nearly 600 respondents – 40 percent of whom work in critical infrastructure -- said they believe a successful cyberattack on U.S. critical infrastructure will happen in the next two years. Only 26 percent of those same security professionals are confident that U.S. government and defense forces are equipped and trained to respond appropriately to such an attack.
The White House is not building confidence in IT professionals, either. Nearly half of those surveyed thought the new administration would have a negative impact on cybersecurity policy, regulation and law enforcement; only 26 percent thought the impact would be positive.
Although ransomware was cited by 36 percent of respondents as the most serious cyber threat to emerge in the past year, half security experts were especially worried about the threat posed by phishing, social network exploits, or other forms of social engineering. That was followed by sophisticated attacks targeted directly at the organization at 45 percent and accidental leaks at 21 percent. End users who violate security policies and are too easily fooled by social engineering attacks were considered the weakest link in enterprise IT defenses.
While social engineering attacks remain the leading concern today, respondents said that the No. 1 future worry is internet-of-things security.
Dealing with these phishing attacks was considered by 35 percent as their most time-consuming task. Managing their organization's security posture and keeping in compliance with industry and regulatory guidelines rounded out the top three most time-intensive tasks for security pros.
Read the full report here.
Matt Leonard is a former reporter for GCN.