The likelihood of a major cybersecurity incident affecting major national infrastructure in the US is growing according to a new study…and it may be coming very soon.
A majority of the cybersecurity industry’s most experienced professionals believe that a major breach of U.S. critical infrastructure will occur in the next two years – and they don’t believe current U.S. defence and government agencies are prepared to respond.
These findings are among the data published today in Portrait of an Imminent Cyber Threat, a survey of nearly 600 cybersecurity professionals. The report, which summarizes the results from the third annual Black Hat Attendee Survey, offers feedback from top enterprise information security professionals on a wide variety of issues, including cyber threat risks, the Trump administration’s cyber policy, nation-state attacks, and the dangers faced by U.S. enterprises.
Black Hat is the most well-known and established conference of cybersecurity researchers and enterprise information security professionals. Many of the attendees are the IT security leaders in their respective organizations, and approximately 40% of the survey respondents work in critical infrastructure industries, including utilities, health care, financial services, and government.
Is the U.S. Safe from a Breach Under the Trump Administration?
Only 26% of those surveyed are confident that the U.S. government and defence forces are equipped and trained to respond appropriately to an oncoming attack. 47% said the Trump administration’s impact on cyber defence will be negative, while 26% believe it would be positive, and 27% were neutral.
What is Making the U.S Less Secure?
Recent state-sponsored cyber-attacks related to the U.S. elections, cyber espionage on U.S. corporations and the WannaCry ransomware worm have eroded IT security professionals’ confidence in critical infrastructure security. Nearly 70% of respondents said that recent activity from Russia and China has made U.S. enterprise data less secure and more than 60% believe corporations should develop special online defences to protect their critical data from state-sponsored hacking.
What Role is WikiLeaks Playing in Government and Corporate Operations?
Attackers’ growing use of WikiLeaks to publish stolen information has also diminished the community’s trust in the nation’s ability to defend itself. Instances including the hack of Democratic National Committee emails and Shadow Brokers’ reveal of CIA hacking tools has solidified WikiLeaks as a frequent outlet for information exposure, so much so that more than 60% of Black Hat survey respondents said they believe WikiLeaks is impacting the way corporations and government agencies conduct operations. Support of the use of WikiLeaks is still split among today’s professionals, as more than 30% oppose the work done by WikiLeaks, 31% favor it, and 37% remain neutral.
The InfoSec Community’s Warning
With new findings related to cybersecurity on the national front emerging, it is also apparent that the issues highlighted by security professionals on the enterprise side since 2015 are still not being addressed. Nearly 70% of respondents remain concerned they’ll experience a breach within their own enterprises in the next year and those concerns still stem from the same issues highlighted in Black Hat’s 2015 and 2016 reports: shortage of skilled security professionals, lack of prioritization from upper management, security budgets and spending, and more. These findings make it apparent that government and business leaders need to put forth greater effort to secure today’s defenses and prioritize security among their initiatives.
Additional Key Findings
- 36%of those surveyed believe the increased use of ransomware remains the most serious new threat faced by cybersecurity professionals
- 50% cited phishing and social engineering as their greatest concerns, while 45% fear sophisticated attacks targeted directly at their own organizations
- Nearly 70% of respondents say they do not have enough staff to meet the threat of a major security breach in the next 12 months and nearly 60% feel they do not have adequate budgets
Download the Full Research Report
These survey results call for immediate attention on the current state of the nation’s defences, as well as a greater focus on security from government officials and business leaders. For actionable insights and more information related to these critical industry trends and findings, download a copy of Portrait of an Imminent Cyber Threat, here: www.blackhat.com/latestintel/07062017-july-6-2017-attendee-survey.html
Black Hat USA 2017: July 22 – 27, Las Vegas
On the heels of this new industry research, Black Hat will host some of the brightest minds in the InfoSec community at Black Hat USA 2017. The event will feature a robust educational program, spanning everything from smart grid and critical infrastructure vulnerabilities to mobile attacks, applied security, machine learning, and more. The event will take place July 22 – 27 at the Mandalay Bay Convention Center in Las Vegas. For more information and to save $300 on your briefings pass by July 7, please visit: blackhat.com/us-17/
Latest posts by Carlos Casanova (see all)
- Is Blockchain the Missing Link in Securing Internet of Things? - February 21, 2019
- Understanding the Active Cyber Defense Certainty Act – Should Companies Be Allowed to “Hack Back”? - December 7, 2018
- Cybersecurity – We Still Have a Long Way to Go! - July 24, 2018