Nearly 80% of information security leaders in Europe foresee critical infrastructure breaches across countries in the next two years. Many say they feel unprepared to handle the issue, even with recent government initiatives.
In Black Hat’s newest research report entitled, The Cyber Threat In Europe, findings are revealed from a September 2017 attendee survey of nearly 130 IT and security professionals from more than 15 European countries. The report details major concerns among the InfoSec community including critical infrastructure security, nation state attacks, enterprise security risks, and the implications of the NIS Directive and GDPR requirements.
Of those surveyed for the report, many hold high-level positions within sectors spanning financial services, biotechnology, construction, healthcare, communication, and government.
Who is a Threat to Europe’s Critical Infrastructure?
Almost half of the respondents cite a foreign power—terrorist organisation, rogue nation or large nation-state—as the primary threat to Europe’s critical infrastructure. 42% also attribute the biggest threat to cyber espionage by major nation states like Russia and China and attacks by rogue nations such as North Korea pose the biggest threat. Most respondents are primarily worried about a multi-country breach rather than a critical infrastructure breach limited to their own country. These fears are heightened as a result of previous events, including the 2015 and 2016 Ukraine power grid attacks.
Only 11% believe that implementing the NIS Directive – the first Europe-wide legislation on cybersecurity – will make Europe’s critical infrastructure more secure. Meanwhile, nearly 40% believe that a lack of required skills is the primary reason why security strategies fail, and the shortage is only being exacerbated by GDPR requirements at many organisations. Another 34% believe that implementing GDPR will add to the IT workload and budget, but won’t have a major impact otherwise.
A troubling 65% of the respondents believe that they will have to respond to a major security incident within their organisation in the next 12 months. Driving this thought is a lack of budget and staffing. Nearly 60% of the respondents say they do not have enough of a security budget to mount an adequate defence, while 62% say they do not have enough security staff to defend against modern cyber threats. Additionally, 62% fear that enterprise data in Europe has become less secure because of recent activities in Russia and China. 42% believe that European law should be changed so enterprises can take offensive action against attackers, suggesting that professionals are frustrated over the ability of attackers to go unscathed while governments grapple over questions of attribution and proportional response.
These findings are an urgent call to planners in government and industry to adequately fund cybersecurity initiatives and ensure that regulatory mandates and compliance efforts are properly aligned with security imperatives. For actionable insights and more information related to these critical industry trends and findings, download a copy of The Cyber Threat In Europe, here: blackhat.com/latestintel/11142017-november-14-2017-attendee-survey.html
Black Hat Europe 2017: December 4–7, London, UK
Drawing from this compelling research, Black Hat will host some of the brightest minds in the InfoSec community at Black Hat Europe 2017. The event will feature a robust programme, spanning everything from smart grid and critical infrastructure vulnerabilities to mobile attacks, applied security, machine learning, and more. The event will take place December 4-7 at the EXCEL London, in London, England. blackhat.com/us-17/