June 26 — Cybersecurity is an ever-expanding field — fraudsters seem to create a workaround for almost every new innovation or solution. So is true security possible in the digital world? Sadly, security professionals don’t seem confident that it is.
San Francisco-based Black Hat has compiled data from 300 information security professionals who attended a company-hosted event and released a new report, Where Cybersecurity Stands. Troublingly the report finds that just over a quarter of respondents believe it will be possible for individuals to protect their online identity and privacy in the future. Moreover they’re not at all confident that the U.S. government understands the scope of or is prepared to defend against an attack aimed at nationally critical systems or infrastructure, and the number who expect such an attack soon is growing.
Only 13 percent of those surveyed said they believe that Congress and the White House understand cyber threats and will take steps for future defenses. Last year, Black Hat found that 60 percent of security professionals expected a successful attack on U.S. critical infrastructure, but the number now sits closer to 70 percent. As for where they think the attack will originate, they’re looking east, toward China or Russia.
“More than 40 percent of those surveyed believe that the greatest threat is by a large nation-state such as Russia or China,” a Black Hat release reads. “The thought that such an attack will be successful, again, stems from the industry’s lack of confidence in the current administration — only 15 percent of respondents said they believe the U.S. government and private industry are adequately prepared to respond to a major breack of critical infrastructure.”
Nearly three-quarters of respondents (71 percent) reported feeling that recent activity by the nations of Russia, China and North Korea has made U.S. enterprise data less secure. And they’re not just looking outward either. Nearly 60 percent believe they will have to respond to a major security breach in their own organization in the coming year, but most do not believe they have the staffing or budget to defend against current or emerging threats.
Additionally, security professionals don’t feel that private citizens and businesses are protecting their personal information in the right ways. Given a list of 18 possible protection/identification methods, respondents selected three as being effective: encryption, multifactor authentication and firewalls. Passwords, which are unfortunately one of the most widely used forms of defense, were viewed as ineffective by almost 40 percent of those surveyed.
Oh, and Facebook and other forms of social media? Given what’s come to light in terms of how Facebook uses data, 55 percent of security professionals advise people to rethink the data their sharing on such platforms, and 75 percent admitted they themselves are limiting their own usage or deleting their accounts entirely.