If you need to know what the pulse of the European cybersecurity community is, where do you go? Like most of us, you turn to Black Hat and Dark Reading. This November, Black Hat issued a new report, The Cyberthreat in Europe, based on survey responses from 127 Black Hat Europe attendees.

Respondents include CISOs, CIOs, CTOs and other cybersecurity professionals from more than 20 sectors and 15 European countries — with nearly half holding the CISSP security professional credential.

The most intriguing finding is that 77% of respondents believe a cyberattack will breach critical EU infrastructure within the next two years — and that it will affect multiple countries in the region.

As the authors of the report state, “The survey results paint a bleak picture of the ability of European organizations to defend themselves and their critical infrastructure against modern cyberattack threats.”

These sentiments are remarkably similar to those expressed by IT and security professionals in our 2017 Black Hat USA Attendee Survey in July — and are a warning that critical infrastructure in Europe is as much at risk as it is in the United States.

The findings in The Cyberthreat in Europe report also point to cyber defenses “being stretched to the limit by a perfect storm of threats from organized cybercrime groups and nation-state-sponsored threat actors.”

Here are some other interesting data points from the survey:

  • Biggest threats = nation-states: Close to half — 42% of respondents — say cyberespionage by major nation-states such as Russia, China, and Iran as well as attacks by rogue nations such as North Korea pose the biggest threats to EU critical infrastructure.
  • Top concern = targeted attacks: The #1 concern is sophisticated attacks aimed directly at the organization, cited by 48% of respondents.
  • Most serious new threat = ransomware: Influenced by WannaCry and NotPetya’s devastating impact on production operations and corporate financial results (Merck, Maersk, Reckitt Benckiser, Mondelez, Saint-Gobain, etc.), 36% of security pros cited ransomware as the most serious cyberthreat to emerge in the last 12 months.
  • NIS Directive won’t help (much): Only 11% believe that implementing the NIS Directive will make EU critical infrastructure much more secure. This directive provides legal measures to boost cooperation among Member States on swift joint action on cybersecurity incidents and sharing information about risks.

CyberX’s Global ICS & IIoT Risk Report provides some real-world data to back up the critical infrastructure concerns expressed by IT security pros in the Black Hat survey. Based on CyberX’s analysis of network traffic from 375 production ICS networks worldwide, the report clearly shows that control networks are ripe targets for adversaries, with:

  • One out of three industrial sites connected to the public Internet (no air-gap)
  • 60% have plain-text passwords traversing their networks
  • 3 out of 4 sites run unpatchable Windows versions like Windows XP

To get the full Black Hat report, visit https://www.blackhat.com/docs/eu-17/Black-Hat-Attendee-Survey.pdf.

To get the latest ICS vulnerability research, ICS threat intelligence, and educational information about best practices for IIoT, ICS and SCADA security, visit the CyberX Knowledge Base.