Privacy, identity 'impossible to protect' say 74% of security pros

New precautions and regulations like GDPR may not be able to help protect online identities, according to a Black Hat survey.

Why passwords are a terrible method of authentication

As more of daily life moves online, protecting personal identity and privacy becomes paramount. Unfortunately, it also may be impossible, according to 74% of cybersecurity professionals polled in a recent Black Hat survey.

Black Hat's "Where Cybersecurity Stands" report, announced in a Tuesday press release, gathered data from 300 security professionals. Their responses suggest that, even with "precautionary measures and new regulations such as GDPR," online privacy may be a lost cause. Roughly 30% said they didn't know if their organization met GDPR compliance, and 26% didn't think they were subject to it, according to the report.

As part of the survey, the respondents also weighed in on Facebook use. Some 55% of security pros said they advised their internal users to reconsider how much data they shared on the social media platform. Additionally, 75% of security pros said they were limiting their own use of Facebook, or giving it up entirely, the release said.

SEE: Information security policy (Tech Pro Research)

The respondents also expressed little faith in the White House's grasp of security issues, with a mere 13% of respondents saying they believed Congress and the White House understood current threats and how to protect against them in the future, the release noted. Respondents were more divided on the results of the 2016 presidential election, with 50% saying they thought Russian cyberattacks played a role in the outcome.

The Black Hat respondents were in favor of the prevalence of ethical hacking, with 90% saying they believed in the importance of coordinated disclosure, "making it clear that hackers within the Black Hat community are still looking to help in the fight against cyber crime," the release noted.

As far as the most effective tools to improve security, security pros picked the following three from a list of 18:

  1. Encryption
  2. Multi-factor authentication
  3. Firewalls

According to the release, though, "passwords, one of the most widely used technologies, were dubbed ineffective by nearly 40% of respondents."

Additionally, a large portion of the respondents feared an attack on US critical infrastructure, but only 15% felt that US government and private industry would be able to properly respond to such an attack.

More than half (almost 60%) said they believe "they will have to respond to a major security breach in their own organization in the coming year." However, most respondents don't have the proper headcount or financial resources to fight common threats, the report noted.

Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • 74% of security pros said they believe it is nearly impossible for most people to protect their online identity and personal privacy. -- Black Hat, 2018
  • Almost 60% of security pros believe they'll have to respond to a breach at their organization this year, but many lack resources. -- Black Hat, 2018

Also see

Image: iStockphoto/Image: iStockphoto/Tero Vesalainen