Questioning the future of privacy and the safety of personal identity

While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.

These findings and more are outlined in Black Hat USA’s new research report entitled, Where Cybersecurity Stands. The report, compiled from the fourth installment of Black Hat’s Attendee Survey, includes critical industry intel directly from more than 300 information security professionals. This year’s report delves into hot topics including the rise in concern over privacy issues, election hacking, U.S. Federal Government ability to handle cyber threats, nation-state attacks, the buzz around cryptocurrency profit, and the belief that the nation’s critical infrastructure is still increasingly at risk.

Is Privacy a Lost Cause?

Now more than ever cybersecurity professionals are questioning the future of privacy and the safety of personal identity as a result of the recent Facebook investigation, development of GDPR and various data breach reports. Influenced by these factors, only 26% of respondents said they believe it will be possible for individuals to protect their online identity and privacy in the future - a frightening opinion as it comes from experts in the field, who in many cases are professionally tasked with protecting such data. They’ve also reconsidered their Facebook usage - with 55% advising internal users and customers to rethink the data they are sharing on the platform, and 75% confessing they are limiting their own use or avoiding it entirely.

InfoSec Community Weighs in on Politics

IT security professionals have very little confidence in the federal government’s ability to understand and respond to critical cybersecurity issues. Only 13% of respondents said they believe that Congress and the White House understand cyber threats and will take steps for future defenses. Respondents also cite foreign affairs as an issue - 71% said that recent activity emanating from Russia, China, and North Korea has made U.S. enterprise data less secure. And with the upcoming elections in mind, more than 50% believe that Russian cyber initiatives made a significant impact on the outcome of the 2016 U.S. presidential election.

Bitcoin, Malicious Hacking, Technology and More

This year’s report dives deeper into the inner thoughts of today’s cybersecurity professionals, as a result, additional key insights were brought to the surface. One topic was whether ethical hacking would be prevalent considering the rise of bug bounty programs - nearly 90% still believe in the importance of coordinated disclosure, making it clear that hackers within the Black Hat community are still looking to help in the fight against cybercrime. Respondents were also asked to weigh in on all the craze around cryptocurrency, with more than 40% expressing that they do not think that investing in Bitcoin and other cryptocurrencies is a good idea. This is an interesting data point considering all of the recent buzz around profits being made through the practice. Professionals also raised a new concern around the effectiveness of technologies currently in use. Among a list of 18, only three technologies were cited as effective by security professionals - encryption, multifactor authentication tools and firewalls.  Passwords, one of the most widely used technologies, were dubbed ineffective by nearly 40% of respondents.

Fear of Major National Critical Infrastructure Breach Still on the Rise

Last year, Black Hat reported that 60% of security professionals expected a successful attack on U.S. critical infrastructure – that data point has risen almost 10% in 2018. Who do they think will likely be behind such an attack? More than 40% of those surveyed believe that the greatest threat is by a large nation-state such as Russia or China. The thought that such an attack will be successful, again, stems from the industry’s lack of confidence in the current administration - only 15% of respondents said they believe that U.S. government and private industry are adequately prepared to respond to a major breach of critical infrastructure.

Additional Key Findings

Following the enactment of European GDPR privacy regulations, 30% say they don’t know if their organizations are in compliance; another 26% do not believe they are subject to GDPR.

Staying consistent over the past five years and across the U.S., Europe, and Asia - nearly 60% believe they will have to respond to a major security breach in their own organization in the coming year; most still do not believe they have the staffing or budget to defend adequately against current and emerging threats.