A survey of security professionals who have attended Black Hat reveals fears for From the 2020 Election, U.S. infrastructure
Call it “Fear and Pessimism in Las Vegas.” As cyber security experts get ready to assemble for the latest Black Hat Briefings in August, a survey of information security professionals by conference organizers reveals deep misgivings about the security of U.S. critical infrastructure and pessimism about the government’s readiness to respond to large scale cyber attacks.
Increases in security threats to U.S. critical infrastructure are a main concern for cyber security professionals polled by Black Hat. Almost two thirds (63%) believe that voting machines are likely to be hacked in next year’s presidential contest. An identical share said they believed that Russian offensive cyber efforts will impact the U.S. elections.
Podcast Episode 125: Long After The Election Kremlin’s Computational Propaganda Campaign Rolls On
On the question of securing critical infrastructure, respondents were even more pessimistic. The survey found that 77% of respondents believe a major attack on US infrastructure is looming and likely to occur within the next two years.
Fear and pessimism in Las Vegas
Fears about the threat posed by “large nation-states” were front and center, given the recent politically motivated attacks on Ukraine and on oil infrastructure in the Middle East.
Report: Major attack on critical infrastructure expected due to increased risk from IoT
Government efforts to address cyber threats notwithstanding, the Black Hat poll suggests information security experts are pessimistic about the U.S.’s ability to fend off sophisticated or large scale attacks.
Respondents cited a lack of preparation for such attacks. When presented with the statement, “I believe that government and private industry are adequately prepared to respond to a major breach of US critical infrastructure,” 79% of respondents disagreed.
Previous reports have surfaced similar concerns. A report by The Foundation for Defense of Democracies and The Chertoff Group released in February 2019 presented the results of a cyber-enabled economic warfare (CEEW) tabletop exercise with former senior government officials and private sector leaders.
Spotlight: as Attacks Mount, how to secure the Industrial Internet
The exercise imagined a massive cyber attack occurring at the same time as a major overseas military engagement. The results paint a dire picture of the ability of government and the private sector to communicate and collaborate in such a scenario.
“Unless government and private sector decision makers begin developing CEEW-specific procedures and trust now, the United States will find itself flat-footed during a major cyber event,” researchers wrote at the time.
Consumer Data has left the Building
However, Information security professionals polled by Black Hat were equally pessimistic about consumer data security. A sobering 90% of the 345 surveyed professionals said they believe that no matter how prepared and diligent individuals are, their information is likely already available to criminals and hackers and beyond protection.
Experts cited massive breaches in recent years, which have already exposed information on billions of Internet users as one reason. End-users participate in risky activities on social media such as sharing birth dates, locations, and mobile phone numbers. While such behaviors are often thoughtless, they pose threats to online identities, the report says.
Facebook was rated by 80% of professionals as the highest risk social network. Instagram ranked as the second riskiest in highest risk by (71% of professionals). Linkedin, Snapchat and Twitter were all rated highest risk by over 50% of respondents. The consensus of security professionals regarding social media was to, “stay off it.”
Social media use aside, other risky consumer behaviors include using Wi-Fi at a coffee shop, using the same passwords for all personal accounts, using an AI assistant like Alexa or Siri, and even using Uber or Lyft.
Android devices such as phones, tablets, and watches ranked at the top of the list for highest risk consumer devices while Apple devices ranked lower by about 20%.
The survey was conducted by Black Hat and Informa researchers in May, 2019. Researchers surveyed IT and security professionals who attended the Black Hat USA conference in 2018 or were planning to do so in 2019. The online survey yielded responses from 345 management and staff security professionals, predominantly at large companies.
Black Hat’s survey respondents offered insight on the best way to mitigate security breaches ranking multi-factor authentication tools as number one followed by encryption, firewalls, endpoint security tools, and a slew of other methods.
Growing concerns for the safety of both consumer and government privacy have lead Black Hat to urge both cybersecurity professionals and end-users to reinforce their methods of privacy protection.