2018 Black Hat USA Research

74% of Security Professionals Suggest Privacy, Personal Identity Could be Impossible to Protect

SAN FRANCISCO, June 26, 2018  -- While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.

These findings and more are outlined in Black Hat USA’s new research report entitled, Where Cybersecurity Stands. The report, compiled from the fourth installment of Black Hat’s Attendee Survey, includes critical industry intel directly from more than 300 top information security professionals. This year’s report delves into hot topics including the rise in concern over privacy issues, election hacking, U.S. Federal Government ability to handle cyber threats, nation state attacks, the buzz around cryptocurrency profit, and the belief that the nation’s critical infrastructure is still increasingly at risk.

Is Privacy a Lost Cause?
Now more than ever cybersecurity professionals are questioning the future of privacy and the safety of personal identity as a result of the recent Facebook investigation, development of GDPR and various data breach reports. Influenced by these factors, only 26% of respondents said they believe it will be possible for individuals to protect their online identity and privacy in the future - a frightening opinion as it comes from experts in the field, who in many cases are professionally tasked with protecting such data. They’ve also reconsidered their Facebook usage - with 55% advising internal users and customers to rethink the data they are sharing on the platform, and 75%confessing they are limiting their own use or avoiding it entirely.

InfoSec Community Weighs in on Politics
IT security professionals have very little confidence in the federal government’s ability to understand and respond to critical cybersecurity issues. Only 13% of respondents said they believe that Congress and the White House understand cyber threats and will take steps for future defenses. Respondents also cite foreign affairs as an issue - 71% said that recent activity emanating from Russia, China, and North Korea has made U.S. enterprise data less secure. And with the upcoming elections in mind, more than 50% believe that Russian cyber initiatives made a significant impact on the outcome of the 2016 U.S. presidential election.

Bitcoin, Malicious Hacking, Technology and More
This year’s report dives deeper into the inner thoughts of today’s cybersecurity professionals, as a result, additional key insights were brought to the surface. One topic was whether ethical hacking would be prevalent considering the rise of bug bounty programs – nearly 90% still believe in the importance of coordinated disclosure, making it clear that hackers within the Black Hat community are still looking to help in the fight against cyber crime. Respondents were also asked to weigh in on all the craze around cryptocurrency, with more than 40% expressing that they do not think that investing in Bitcoin and other cryptocurrencies is a good idea. This is an interesting data point considering all of the recent buzz around profits being made through the practice. Professionals also raised a new concern around the effectiveness of technologies currently in use.  Among a list of 18, only three technologies were cited as effective by security professionals – encryption, multifactor authentication tools and firewalls.  Passwords, one of the most widely used technologies, were dubbed ineffective by nearly 40% of respondents.

Fear of Major National Critical Infrastructure Breach Still on the RiseLast year, Black Hat reported that 60% of security professionals expected a successful attack on U.S. critical infrastructure – that data point has risen almost 10% in 2018. Who do they think will likely be behind such an attack? More than 40% of those surveyed believe that the greatest threat is by a large nation-state such as Russia or China. The thought that such an attack will be successful, again, stems from the industry’s lack of confidence in the current administration - only 15% of respondents said they believe that U.S. government and private industry are adequately prepared to respond to a major breach of critical infrastructure.

Additional Key Findings

  • Following the enactment of European GDPR privacy regulations, 30% say they don’t know if their organizations are in compliance; another 26% do not believe they are subject to GDPR 
     
  • Staying consistent over the past five years and across the U.S., Europe and Asia - nearly 60% believe they will have to respond to a major security breach in their own organization in the coming year; most still do not believe they have the staffing or budget to defend adequately against current and emerging threats.

Download the Full Research Report 
Findings from the Black Hat community make it apparent that there are serious fears around privacy on both professional and personal levels. The report also calls for further action by the U.S. Government in order to secure confidence in the nation’s ability to protect itself from a range of anticipated attacks. To learn more about these findings and other reported intel, download a copy of Where Cybersecurity Stands, here: blackhat.com/latestintel/06262018-where-cybersecurity-stands.html

Black Hat USA 2018: August 4-9, Las Vegas
On the heels of these critical industry findings, Black Hat will bring together today’s most influential information security professionals and researchers at Black Hat USA 2018. The event will feature a robust educational program, unveiling critical vulnerabilities that affect widely used voting machines, mobile devices, cars, operating systems, critical infrastructure and more. The event will take place August 4-9 at the Mandalay Bay Convention Center in Las Vegas. For more information and to save $300 on your briefings pass by July 13, please visit: blackhat.com/us-18/

Connect with Black Hat (#BlackHat)

Future Black Hat Dates and Events

  • Black Hat Trainings 2018, Chicago, IL, USA, October 22-23
  • Black Hat Europe 2018, London, UK, December 3-6
  • Black Hat Asia 2019, Singapore, March 26-29

About Black Hat
For more than 20 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia. More information is available at: blackhat.com. Black Hat is organized by UBM, which in June 2018 combined with Informa PLC to become a leading B2B information services group and the largest B2B Events organizer in the world.

To learn more and for the latest news and information, visit www.ubm.com and www.informa.com.