As the world adapts to GDPR and puts more attention on personal privacy and security, Europe’s top information security professionals still have doubts about the industry’s ability to protect critical infrastructure, corporate networks, and personal information.
Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night. The report includes new insights directly from more than 130 survey respondents and spans topics related to GDPR, personal privacy, current industry challenges, and what Europeans should anticipate in the years to come.
Is GDPR worth the effort?
While respondents noted that the GDPR, implemented in May, is top of mind, there is an emerging lack of confidence in its potential effectiveness. There is no doubt changes have been made to comply with GDPR – a solid 70% confirm they have dedicated resources to GDPR initiatives. However, interestingly enough, only more than a third say they’re confident in their organization’s state of GDPR compliance. And among those who think GDPR could potentially help privacy efforts, fewer than one in four believe that help will be substantial.
What is the greatest threat to Europeans’ personal information protection?
As GDPR goes into full effect and consumers read news headlines about the misuse of personal information by social media organizations, security professionals are becoming increasingly sensitive to the challenges of personal privacy. Among their greatest concerns is the use of personally-identifiable information by commercial organizations.
Nearly 60% of respondents cited collection and/or sale of personal information by enterprises and social media organizations that don’t properly protect privacy as the biggest danger to personal data. These concerns have driven more than 40% of information security professionals to plan to minimize their own social media usage, and many are advising their users and business units to do the same.
Europe’s critical infrastructure still a concern one year later
65% of security professionals believe that a major attack on critical infrastructure spanning multiple European countries will occur in the next two years. This figure indicates that concerns over such an attack have not ebbed since last year’s survey. A chief concern appears to be cyber threats from large nation-states such as Russia and China: 30% believe large nation states are the greatest threat – followed by 17% citing financially motivated, organized criminals.
Why are European cybersecurity teams so doubtful about their defenses?
Europe’s weak defenses still relate to lack of funds, unequipped professionals and ineffective technology. 42% of respondents believe the weakest link in their defenses are end users who violate security policy and are too easily fooled by social engineering attacks. Meanwhile, 20% blame a skills shortage for failed IT security strategies, and less than half think they have enough budget to defend against today’s threats.
Additional key findings
- Only 15% personally participate in cryptocurrency buying or selling
- 70% are urging users to rethink the data they’re sharing on social networks
- When asked about the most effective security tools professionals ranked: multifactor authentication (88%), encryption (87%), and firewalls (75%)
- 52% say sophisticated and targeted attacks are their No. 1 cybersecurity concerns.