IT Professionals Share Their Perspective On Security
At the recent 2018 RSA Conference in San Francisco, network-based malware protection company Lastline conducted a survey of more than 200 randomly selected IT security professionals. The results showcase their perspective on the future of cryptocurrencies and cryptomining, response to ransomware attacks, and security impact of IoT devices.
“Security teams are fighting a multi-front battle to keep their organizations safe from cybercriminals,” commented Dr. Giovanni Vigna, Lastline Co-founder and CTO. “The threats range from established attacks, such as ransomware, to newer challenges such as those introduced by web-connected devices and cryptocurrencies. We have always used input from security analysts to inform our product capabilities and roadmap, and surveys such as this one provide us with valuable insight into what’s front of mind for security professionals.”
Cryptocurrencies and Cryptomining
The survey found that 84 percent of security professionals believe cryptocurrencies are here to stay – either as a mainstream alternative to conventional currencies (45.2 percent) or a fringe option (38.9 percent). Enough believe in this new type of money that 14.5 percent would rather collect their salary in cryptocurrency than in a traditional currency.
However, the survey also found that that 7 in 10 professionals don’t see a resulting threat to their organizations, even though it’s well documented that criminals are launching attacks that turn enterprise devices into miners on their behalf. While 35.6 percent agree that cryptomining is possibly a threat, they also think it’s unlikely, while another 22.6 percent say it is not a threat, and 12.5 percent say it’s too early to tell. Only 29.3 percent recognize that it’s a clear and present danger, which is particularly interesting in light of the large majority that believe cryptocurrencies are not just a passing fad. And where there’s money, there are criminals.
If the nearly half who believe it will go mainstream are correct, then it’s likely that criminals will find new ways to exploit cryptocurrencies, increasing the risk in the eyes of security professionals as the attack surface expands.
While 9 in 10 security professionals have stepped up their organizations’ game to some degree, nearly half (44.4 percent) admit to not having done enough to protect against the next WannaCry-scale attack. At the same time, an overwhelming 81.2 percent believe that ransomware attacks against enterprises will increase. This should be a red flag, considering how many organizations have not done enough to improve their defenses.
Chatbots and IoT
Basically, all security professionals (99 percent) believe that the Amazon Echo and other chatbot devices pose a security risk to the enterprise, while a majority (62.1 percent) believes they should be banned from work environments. It’s good to see the overwhelming consensus that these web-enabled devices pose a security risk, and considering that it’s unrealistic to believe that banning these devices will mitigate the risk, it’s important to figure out how to secure them given that the quantity and variety will certainly increase.
When asked to name the two threat vectors that pose the largest risk to enterprise network security, email topped the list, mentioned by 44.8 percent of security professionals. And given the results regarding chatbot devices, it should come as little surprise that IoT devices were a close second (44.3 percent). However, all attack vectors offered in the survey received a substantial number of mentions (mobile = 39.4 percent, social media = 31.0 percent; cloud = 29.1 percent, and Web = 16.7 percent), emphasizing that all attack vectors pose significant risk, and security teams need strategies in place to protect them all.
Lastline, Inc. provides breach protection products that are innovating the way companies defend against advanced malware with fewer resources and at lower cost. The company delivers the visibility, context, analysis, and integrations enterprise security teams need to quickly and completely eradicate malware-based threats before damaging and costly data breaches occur. Headquartered in Redwood City, California with offices throughout North America, Europe, and Asia, Lastline’s technology is used by Global 5000 enterprises, is offered directly and through resellers and security service providers, and is integrated into leading third-party security technologies worldwide.