Lastline®, provider of advanced network-based malware protection, has published the results of survey it conducted at RSA 2018 on the future of cryptocurrencies and cryptomining, responses to ransomware attacks and the security impact of IoT devices. The survey reflects input from more than 200 randomly selected IT security professionals.
Security teams are fighting a multi-front battle to keep their organizations safe from cybercriminals. The threats range from established attacks, such as ransomware, to newer challenges such as those introduced by web-connected devices and cryptocurrencies. We have always used input from security analysts to inform our product capabilities and roadmap, and surveys such as this one provide us with valuable insight into what’s front of mind for security professionals.
Cryptocurrencies and Cryptomining
The survey found that 84 percent of security professionals believe cryptocurrencies are here to stay – either as a mainstream alternative to conventional currencies (45.2 percent) or a fringe option (38.9 percent). Enough believe in this new type of money that 14.5 percent would rather collect their salary in cryptocurrency than in a traditional currency.
However, the survey also found that that 7 in 10 professionals don’t see a resulting threat to their organizations, even though it’s well documented that criminals are launching attacks that turn enterprise devices into miners on their behalf (see CryptoJacking, CryptoMining, and the Rise of Monero). While 35.6 percent agree that cryptomining is possibly a threat, they also think it’s unlikely, while another 22.6 percent say it is not a threat, and 12.5 percent say it’s too early to tell. Only 29.3 percent recognize that it’s a clear and present danger, which is particularly interesting in light of the large majority that believe cryptocurrencies are not just a passing fad. And where there’s money, there are criminals.
If the nearly half who believe it will go mainstream are correct, then it’s likely that criminals will find new ways to exploit cryptocurrencies, increasing the risk in the eyes of security professionals as the attack surface expands.
While 9 in 10 security professionals have stepped up their organizations’ game to some degree, nearly half (44.4 percent) admit to not having done enough to protect against the next WannaCry-scale attack. At the same time, an overwhelming 81.2 percent believe that ransomware attacks against enterprises will increase. This should be a red flag, considering how many organizations have not done enough to improve their defenses.
Chatbots and IoT
Basically, all security professionals (99 percent) believe that the Amazon Echo and other chatbot devices pose a security risk to the enterprise, while a majority (62.1 percent) believes they should be banned from work environments. It’s good to see the overwhelming consensus that these web-enabled devices pose a security risk, and considering that it’s unrealistic to believe that banning these devices will mitigate the risk, it’s important to figure out how to secure them given that the quantity and variety will certainly increase.
When asked to name the two threat vectors that pose the largest risk to enterprise network security, email topped the list, mentioned by 44.8 percent of security professions. And given the results regarding chatbot devices, it should come as little surprise that IoT devices were a close second (44.3 percent). However, all attack vectors offered in the survey received a substantial number of mentions (mobile = 39.4 percent, social media = 31.0 percent; cloud = 29.1 percent, and Web = 16.7 percent), emphasizing that all attack vectors pose significant risk, and security teams need strategies in place to protect them all.
For the survey Infographic, click here.