Recent survey performed by cybersecurity company Exabeam reveals staggering results concerning cryptojacking and shadow mining. During their visit to the Cloud and Cybersecurity Expo 2019 in London, members of the company surveyed other cybersecurity experts present at the event to assess their knowledge about these threats, and gather intelligence on how ready they are to defend their employers from them.
The results are scary.
65% of cybersecurity experts do not know what shadow mining is at all, while 57% have never heard about cryptojacking. Only 17% believe they have what it takes to successfully defend their networks against illicit crypto mining.
This survey revealed a huge gap in skills and tools required to defend against these types of attacks.
To clarify the terms:
- Shadow mining is an internal attack and it happens when an authoritative individual in the company, a system administrator or IT specialist with a lot of access, decides to leverage an organization’s IT resources to mine cryptocurrency.
- Cryptojacking is a far more familiar term to most of us involved with cryptocurrency, and it’s rather similar to shadow mining. It happens when an external individual gains access to the main network of an organization, raises his or her system privileges, and re-purposes the network’s computers to mine cryptocurrency.
Either one of these is a serious security breach should it occur, and 6% of the surveyed believe that they are in no shape or form equipped with the tools to defend any one of these two.
Cybersecurity experts are better equipped to deal with external attack vectors, as they require the successful execution of other more familiar attacks. Internal attacks are much more difficult to detect, but only 22% of the surveyed consider internal threats to be significant.
What do you think?
Is it more likely that an organization is going to be attacked externally or internally.
Consider the fact the privileged position of system administrators and the minimal effort they would need to invest in order to learn how to transform an organization’s network, into their own private cryptocurrency mining machine.
Featured image from Unsplash.
Comments