Black Hat's sixth annual community survey, Cyber Threats in Turbulent Times, highlights how the COVID-19 pandemic and U.S. presidential election will have a significant impact on the information security industry in 2020.
COVID-19: Security Operations May Never Be the Same
The COVID-19 pandemic has forced many to work form their homes and rely greatly on cloud computing and employee-controlled devices and networks, making it difficult for security professionals to remotely manage risk. Due to this, nearly 95% of security professionals believe that the COVID-19 crisis increases the cyber threat to enterprise systems and data, with 24% saying the increased threat is critical and imminent.
When asked about their biggest concerns, more than 70% said they are worried that quarantined workers might break policy and expose enterprise systems and data to new risks. In addition, 66% expressed concerns about the vulnerability of the systems and networks used by quarantined workers, while 64% fear a likely increase of attacks by adversaries seeking to take advantage of the crisis.
Survey respondents also recognized the long-term implications that COVID-19 will have on the security of operations. More than 80% of security professionals believe that the crisis will create significant changes in operations methods, with only 15% believing that cyber operations and threat flow will return to normal after the COVID-19 crisis passes.
"As enterprises adapt to the pandemic and its aftermath, changes in the technology they use, how they use it, and how they secure it -- or, don’t secure it -- have created a perfect storm of opportunity for adversaries to strike," said Eric Parizo, Senior Analyst for Omdia's Cybersecurity Accelerator research service. "The cybersecurity decisions enterprises make now will have major business ramifications, both positively and negatively, for months and years to come."
2020 U.S. Presidential Election: Security Will be Tested
While the COVID-19 pandemic has threatened the security of business operations, it also creates complex security issues for the upcoming U.S. 2020 presidential election. Local city and state governments are evaluating mobile voting options to comply with social distancing guidelines, causing concern amongst security experts. More than two thirds (69%) of survey respondents believe that voting electronically in any form is inherently risky. 73% said that using mobile applications for voting is an inherently risky practice that cannot be secured.
“Online voting has the potential to increase voter turnout and reduce the costs associated with elections. However, given the current state of cybersecurity, it is highly unlikely that U.S. states will be able to run secure online voting in 2020,” said Sherri Davidoff, CEO of LMG Security and member of the Black Hat USA Review Board. “If we are serious about accomplishing secure online voting, we need a strong, coordinated, well-funded effort.”
When asked about the greatest threats to the upcoming election, more than 70% of respondents said disinformation campaign exploits will have the greatest impact on the elections, with 69% of security professionals expecting these exploits to emanate primarily from Russia. 85% of respondents believe that cyber threat actors will have at least some impact on the U.S. elections in 2020, with nearly one third believing that the impact will be critical and the results of the 2020 election will always be in doubt as a result.
“Multiple divergent electronic voting platforms are in use and security was not appropriately addressed during the design process,” said Matt Devost, CEO & Co-Founder of OODA LLC and a member of the Black Hat USA Review Board. “These systems repeatedly fail security assessments and would not be appropriate platforms to move online.”
Download a copy of Cyber Threats in Turbulent Times here: https://messages.blackhat.com/2020-attendee-report