SAN FRANCISCO — A majority of the cybersecurity industry’s most experienced professionals believe that a major breach of critical infrastructure in the United States will occur in the next two years. Furthermore, these information security specialists say they do not believe current U.S. defense and government agencies are prepared to respond.

These findings are among the data published in “Portrait of an Imminent Cyber Threat,” a survey of nearly 600 cybersecurity professionals. The report, which summarizes the results from the third annual Black Hat Attendee Survey, offers feedback from top enterprise information security professionals on a wide variety of issues, including cyber threat risks, the Trump administration’s cyber policy, nation-state attacks, and the dangers faced by U.S. enterprises.

Black Hat USA 2017, held July 22-27 in Las Vegas, is an annual computer security conference that provides security consulting, training and briefings to hackers, corporations and government agencies. Many of the attendees are IT security leaders in their respective organizations, and approximately 40% of the survey respondents work in critical infrastructure industries, including utilities, healthcare, financial services and government.

---

RELATED: Cybersecurity Risk Is Real: SSI’s 2017 Physical-Logical Security Assessment

---

Only about 1 in 4 survey respondents (26%) said they are confident that the U.S. government and defense forces are equipped and trained to respond appropriately to an oncoming attack. Forty-seven percent said the Trump administration’s impact on cyber defense will be negative, while 26% believe it would be positive, and 27% were neutral.

What Is Making the U.S Less Secure?
Recent state-sponsored cyberattacks related to the U.S. elections, cyber espionage on U.S. corporations and the WannaCry ransomware worm have eroded IT security professionals’ confidence in critical infrastructure security, according to the survey authors. Nearly 70% of respondents said that recent activity from Russia and China has made U.S. enterprise data less secure and more than 60% believe corporations should develop special online defenses to protect their critical data from state-sponsored hacking.

Attackers’ growing use of WikiLeaks to publish stolen information has also diminished the community’s trust in the nation’s ability to defend itself. Instances including the hack of Democratic National Committee emails and Shadow Brokers’ reveal of CIA hacking tools has solidified WikiLeaks as a frequent outlet for information exposure. In fact, more than 60% of Black Hat survey respondents said they believe WikiLeaks is impacting the way corporations and government agencies conduct operations. Support of the use of WikiLeaks is still split among today’s professionals, as more than 30% oppose the work done by WikiLeaks, 31% favor it, and 37% remain neutral.

With new findings related to cybersecurity on the national front emerging, it is also apparent that the issues highlighted by security professionals on the enterprise side since 2015 are still not being addressed. Nearly 70% of respondents remain concerned they’ll experience a breach within their own enterprises in the next year. Those concerns stem from the same issues highlighted in Black Hat’s 2015 and 2016 reports: shortage of skilled security professionals, lack of prioritization from upper management, security budgets and spending, and more.

These findings make it apparent that government and business leaders need to put forth greater effort to secure today’s defenses and prioritize security among their initiatives, according to the survey authors.

Among additional key findings:

• 36% of those surveyed believe the increased use of ransomware remains the most serious new threat faced by cybersecurity professionals.
• 50% cited phishing and social engineering as their greatest concerns, while 45% fear sophisticated attacks targeted directly at their own organizations.
• Nearly 70% of respondents say they do not have enough staff to meet the threat of a major security breach in the next 12 months and nearly 60% feel they do not have adequate budgets.

For actionable insights and more information related to these critical industry trends and findings, a copy of “Portrait of an Imminent Cyber Threat” can be downloaded here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content