Data gathered by Lastline at RSA Conference 2018 reveals security professionals’ perspectives on the future of cryptocurrencies and cryptomining, response to ransomware attacks, and security impact of IoT devices.
“Security teams are fighting a multi-front battle to keep their organizations safe from cybercriminals,” commented Dr. Giovanni Vigna, Lastline and CTO. “The threats range from established attacks, such as ransomware, to newer challenges such as those introduced by web-connected devices and cryptocurrencies.”
Cryptocurrencies and cryptomining
The survey found that 84 percent of security professionals believe cryptocurrencies are here to stay – either as a mainstream alternative to conventional currencies (45.2 percent) or a fringe option (38.9 percent). Enough believe in this new type of money that 14.5 percent would rather collect their salary in cryptocurrency than in a traditional currency.
However, the survey also found that that 7 in 10 professionals don’t see a resulting threat to their organizations, even though it’s well documented that criminals are launching attacks that turn enterprise devices into miners on their behalf. While 35.6 percent agree that cryptomining is possibly a threat, they also think it’s unlikely, while another 22.6 percent say it is not a threat, and 12.5 percent say it’s too early to tell.
Only 29.3 percent recognize that it’s a clear and present danger, which is particularly interesting in light of the large majority that believe cryptocurrencies are not just a passing fad. And where there’s money, there are criminals.
If the nearly half who believe it will go mainstream are correct, then it’s likely that criminals will find new ways to exploit cryptocurrencies, increasing the risk in the eyes of security professionals as the attack surface expands.
While 9 in 10 security professionals have stepped up their organizations’ game to some degree, nearly half (44.4 percent) admit to not having done enough to protect against the next WannaCry-scale attack. At the same time, an overwhelming 81.2 percent believe that ransomware attacks against enterprises will increase. This should be a red flag, considering how many organizations have not done enough to improve their defenses.
Chatbots and IoT
Basically, all security professionals (99 percent) believe that the Amazon Echo and other chatbot devices pose a security risk to the enterprise, while a majority (62.1 percent) believes they should be banned from work environments. It’s good to see the overwhelming consensus that these web-enabled devices pose a security risk, and considering that it’s unrealistic to believe that banning these devices will mitigate the risk, it’s important to figure out how to secure them given that the quantity and variety will certainly increase.
When asked to name the two threat vectors that pose the largest risk to enterprise network security, email topped the list, mentioned by 44.8 percent of security professions. And given the results regarding chatbot devices, it should come as little surprise that IoT devices were a close second (44.3 percent).
However, all attack vectors offered in the survey received a substantial number of mentions (mobile = 39.4 percent, social media = 31.0 percent; cloud = 29.1 percent, and Web = 16.7 percent), emphasizing that all attack vectors pose significant risk, and security teams need strategies in place to protect them all.