Cybersecurity professionals appear increasingly pessimistic about the likelihood of major breaches, attacks on critical infrastructure including election systems, and the effectiveness of government-industry responses, according to a survey of some of those planning to attend the massive annual Black Hat conference in Las Vegas.
The survey results are being released today in a research report by Black Hat, “Consumers in the Crosshairs,” issued in advance of the Aug. 3-8 conference.
“Based on data taken from Black Hat’s fifth attendee survey, the report includes critical industry findings from more than 300 of the world’s top information security professionals,” according to a Black Hat release.
Among respondents, 77 percent expect a major critical infrastructure breach within two years, up 10 percent from last year.
The survey finds, “More than 60% of cybersecurity experts say it is likely that hacking of voting machines will affect the next U.S. election - the same percentage of professionals (60%+) believe that Russian cyber initiatives will specifically have a significant impact on the U.S. presidential election in 2020.”
According to Black Hat, “[S]ecurity professionals are painting a grim picture of consumer data protection. 90% of security pros believe that no matter how careful individuals are, it’s
likely that their data is available to criminals at this very moment. A mere 30% believe that it will be possible for consumers to protect their privacy and identities in the future."
In one area, “concern over social media has reached the point where a majority 75% say that using any social network is a bad idea -- 70% specifically say that posting anything to 'public' on Facebook is a high-risk activity. Among popular social media platforms, Facebook was cited as high risk by 80% of respondents, Instagram was red-flagged by more than 70%, LinkedIn nearly 60%, SnapChat at 58%, Twitter with 53%, and 51% listed Pinterest."
The survey says:
Only 25% of security professionals believe that consumer identity protection services are effective; 31% ranked them as ineffective.
Just 32% say that credit monitoring services are effective; 22% said they are ineffective.
65% of respondents believe they will have to respond to a major security breach in their own organization in the coming year, up from 59% in 2018; most do not believe they have the staffing or budget to defend adequately against current and emerging threats.
Seven in ten security professionals consider themselves burned out.
54% believe that the level of anxiety, depression, and addiction is higher among security pros than it is among the general U.S. population.
The pessimism extended to the effectiveness of cyber insurance. “When asked whether a comprehensive cyber insurance policy significantly lowers the risk associated with cyber breaches in the organization, only 32% of survey respondents agreed. When asked whether their organization has both a general business insurance policy that includes cyber breach benefits and a cyber insurance policy, only 34% replied in the affirmative.” -- Charlie Mitchell (cmitchell@iwpnews.com)