Less than 25 percent of Europe’s top cybersecurity professionals believe that the General Data Protection Regulation (GDPR) will noticeably effect data privacy, according to a new Black Hat Europe 2018 attendee survey.
It’s an odd statistic, however, considering that 70 percent of the 130 cybersecurity pros participating in the report have allocated resources specifically for GDPR-related programs. How is it, then, that they’re putting capital and staff in play for initiatives they believe won't protect critical infrastructure, corporate networks and personal data?
For nearly two in three, it’s a matter of confidence -- they’re not convinced their organization has fully complied with GDPR requirements. In other words, you get what you pay for.
Black Hat Europe Research: Key Data Points
Here are some of the study’s prominent findings, which surfaced at this week's Black Hat Europe 2018 conference in London.
On threats to Europeans’ personally identifiable information (PII).
- Nearly 60 percent of respondents blamed social media giants such as Facebook and enterprises that collect and sell their personal information for compromising their PII.
- More than 40 percent of information security professionals plan to minimize their own social media usage. Many are advising workers in their business units and other users to do the same.
On future critical infrastructure attacks.
- 65 percent of security pros believe that a major attack on critical infrastructure spanning multiple European countries will occur in the next two years. That figure hasn’t slipped since last year’s report.
- 30 percent believe large nation states are the greatest threat followed by 17 percent pointing to financially motivated, organized criminals. The greatest nation-state threats come from China and Russia, the respondents said.
On Europe’s weak cyber defenses.
- It’s mostly about "not enough" -- money, trained pros and behind-the-curve technology, security pros said.
- Slightly more than 40 percent of respondents believe the weakest link in their defenses are end users who violate security policy and are too easily fooled by social engineering attacks. That’s a familiar refrain to security pros everywhere.
- 20 percent blame a skills shortage for failed IT security strategies.
- Roughly half think they have enough budget to defend against today’s threats.
Additional Key Findings:
- Only 15 percent personally participate in cryptocurrency buying or selling.
- 70 percent are urging users to rethink the data they’re sharing on social networks.
- Most effective security tools: Multi-factor authentication (88%), encryption (87%) and firewalls (75%).
- 52 percent said sophisticated and targeted attacks are their top cybersecurity concerns.