If you are a security professional like me you probably wind up speaking passionately about an attack vector, a cyber-incident or trends in information security from time-to-time.
In as such, you probably get approached to opine on a summary of what frightens you the most.
Having said that, I’m certain I live my life in fear of many things, but there are a few items which clearly have my attention and they are as follows:
Concern One: Attacks which kill. Cyber-attacks will one day lead to the loss of life through nefarious ways to attack people individually. Yes, this concept has been conjectured for years through demonstrations of the ability to attack all sorts of ‘things’ from pacemakers, to trains, to automobiles and now aircraft systems. It appears to me that the course of a cyber-attack leading to the loss of life is irrevocable and the question is only a matter of when and not if.
Concern Two: Apathy and numbness in security decision making. Ironically even though press about attacks and awareness is at an all-time high, it appears that a certain degree of lethargy has set in with regard to ‘sense of urgency’ in doing the ‘right’ thing – – as many find the pursuit, in the end, fruitless. I fear that the numerous business executives are abandoning the mental exploration of how to secure endpoints, and other points more effectively and have succumbed to the idea that they will either one day be a victim or have already joined victimhood.
Concern Three: More Critical Infrastructure Outages: It’s not hard to see how one of the world’s most advanced countries will experience widespread cyber-attack disruptions to critical infrastructure services such as the following:
- Power Generation
- Water Supply
- Cell, Telephone or Television (Cable) Delivery Services
- Police or First-Responder Networks
Concern Four: Comeuppance of Cyber-Hostage Taking. There has been a long history of cyber-ransom activity, however 2014 has broken new ground whereby nefarious groups have taken hostage digital assets or services and commandeer these services until certain demands are met which might not be in financial forms. In at least one case this has lead to business failure.
Concern Five: Cyber Attack Laws Begin to be Adopted en mass – including Nationalistic-Rules. Faced with an ever increasing dissatisfied and frustrated constituency and state-sponsored espionage, governments will begin the process of setting laws on cyber-attacks and begin to dictate network traffic flows, security levels at critical infrastructure companies, acceptable data processing domiciles, and providing rules on what constitutes acceptable internet behavior.
Carl Herberger is the Vice President of Security Solutions at Radware, a leader in application delivery and security solutions that assures the availability, performance, and resilience of business-critical applications for over 10,000 enterprises and carriers worldwide.
Carl, a recognized information security expert, draws on his extensive information security background in both the private and public sectors. He began his career in the U.S. Air Force as a computer warfare specialist at the Pentagon and managed critical operational intelligence programs aiding both the National Security Council and Secretary of the Air Force. Carl founded Allied InfoSecurity and held executive security positions at BarclayCard US, SunGard and Campbell Soup Co.