Inside Cybersecurity

September 18, 2020

Daily News

Black Hat survey: Unprecedented stress in cyber ecosystem amid COVID-19 upheaval

June 24, 2020

If further confirmation were needed, a prominent annual survey finds that cyber professionals believe the COVID-19 pandemic has permanently changed the face of cybersecurity by redefining the workplace ecosystem, while also creating new challenges around securing the 2020 elections.

Black Hat USA on Tuesday released the results of its sixth annual survey of attendees at one of the world’s largest conferences for cyber professionals – to be held online this year – finding deep concerns about the lasting impact of the pandemic on cybersecurity.

“In a survey of 273 top security professionals from a wide variety of industries, Black Hat found that cybersecurity experts have serious concerns about the huge changes affecting IT infrastructure and data security around the world, including US critical infrastructure and their own enterprise networks,” according to a release. “They also raise serious concerns about the integrity of this fall’s US presidential election. And most of the respondents to the 2020 Black Hat USA Attendee Survey are worried about the state of the cybersecurity community as a whole — and about their own states of health and mind.”

The survey was conducted in April and among its findings:

94% of security pros believe that the COVID-19 crisis increases the cyber threat to enterprise systems and data; 24% view the increased threat as critical and imminent.

• Of cyber threats posed by COVID-19, vulnerabilities in enterprise remote access systems supporting home workers are the chief concern (57%). Increased phishing and social engineering threats also rank highly (51%).

• Only 15% of security experts believe that cyber operations and threat flow will return to normal after the COVID-19 crisis passes; 84% believe that significant, lasting changes will occur, at least in some industries.

• Almost a third (31%) of security experts predict that the impact of cyberattacks and disinformation campaigns on 2020 government elections will be so great that the results will always be in doubt.

• Disinformation (71%) will have a much greater impact than hacking of voting machines and vote tabulation systems, cybersecurity professionals think. But more than two-thirds (69%) believe that any form of electronic voting is inherently risky and that paper ballots are significantly more secure.

• More than two-thirds of cybersecurity experts (69%) believe that Russian cyber initiatives will have a significant impact on the outcome of the US presidential election in 2020.

• Nearly 90% of respondents (87%) predict that a successful cyberattack on US critical infrastructure will occur in the next two years, up from 77% in 2019 and 69% in 2018; only 16% think that government and private industry are prepared to respond to such an attack, down from 21% in 2019.

• Seventy percent of cybersecurity pros believe they will have to respond to a major security breach in their own organization in the coming year, up from 59% in 2018; most do not think they have the staffing or budget to defend adequately against current and emerging threats.

• Security professionals view many of the technologies that they use in enterprises as ineffective. A majority of respondents view only nine technologies as effective.

• Almost two-thirds of enterprises (63%) are willing to consider startups as they seek ways to improve their technology, but they struggle with the large number of security startups and the shortage of time they have to evaluate them.

• Enterprises are also frustrated by the hype associated with some technologies that have been purported to be cybersecurity game changers. Eighty-three percent of security pros believe the defensive impact of blockchain technology will be limited; 73% think the same thing about artificial intelligence and machine learning.

• Nearly four in 10 security professionals (38%) consider themselves “burned out” by their work, up from 30% in 2019. Clearly, the job of the cybersecurity professional is not getting easier.

Black Hat organizers announced in May that the annual mega-event in Las Vegas was being scrapped in favor of an entirely on-line event that “will offer a robust lineup of content including nearly 80 Trainings, 90 Briefings, community and sponsored programming, a virtual Business Hall, Arsenal program, PWNIE Awards, CISO Summit, and networking opportunities. With the shift to an all-virtual event, information security professionals can participate in the same high-quality experience they have come to expect from a Black Hat event.”

Cybersecurity and Infrastructure Security Agency Director Christopher Krebs is among the scheduled speakers at the Aug. 1-6 digital event.

The previous Black Hat survey, released July 1, 2019, found cyber professionals increasingly pessimistic about the likelihood of major breaches, attacks on critical infrastructure including election systems, and the effectiveness of government-industry responses. – Charlie Mitchell (cmitchell@iwpnews.com)