Addressing ‘Cyber Security Middle Age’
At London’s IP Expo, the WE team attended a panel discussion which addressed one of the hottest topics in the technology media landscape – cyber security. The panel was hosted by BBC’s Rory Cellan Jones, and featured experts including Eugene Kaspersky (Kaspersky Lab); James Lyne (Sophos); Joshua Corman (Sonatype) and Rik Ferguson (Trend Micro).
During the session, this collection of luminaries discussed what they believe to be the biggest challenges of the security industry and how it will respond. The main talking points were as follows:
What are the current threats and misconceptions about IT security?
1. It’s the people, not their devices.
As BYOD continues to drive increased concern about data security, is the CTO/CISO forced to block ‘fun’ devices in the enterprise? Rik Ferguson said that the most worrying IT threat is not devices, but people inside the enterprise. There’s a need for education but at the same time, business need to implement the basic tools to monitor and control traffic no matter if we’re using our laptop or our smartwatch. Commenting how far we’ve come so far, in Rik’s words, ‘we’re all failures’. Ouch.
2. Cyber warfare may be small scale.
While the media is full of stories of cyber warfare and the impending doom this entails, Joshua Corman believes that the real threats are not the super sophisticated hackers, stating that ‘it is most likely going to be the people with low levels of sophistication and high intent’.
3. Hospitals under the microscope
One of Joshua Corman’s biggest concerns is about hospitals. He believes they’re easy targets for cyber-attacks and rightly adds, ‘failures in IT can cost lives’. While the NHS has other budget priorities, he pointed out that it would be more expensive to fix it when it goes wrong, than to prevent it happening in the first place.
So there’s a whole host of threats to governments, enterprises and the public sector. Time to be scared, right? Or is there more that can be done to limit the risk of cyber-attacks?
James Lyne believes that the challenge isn’t making consumers care, because they already do. It’s about keeping them up to date. No company should make the mistake of skipping the fundamental basics just because they’re attracted to the bright new shiny tech. Rik Ferguson was particularly forceful here, arguing security is everybody’s responsibility – from the developers to CTOs/CISOs as well as the end users. With whole organisations behaving in a unified fashion around security and sharing best practice, there is no threat that can’t be defeated.
I’ll leave the last word to Eugene Kaspersky, who summed up our security moment quite nicely as ‘cyber middle age’. We have access to the most advanced technologies, but we still don’t really know how to control it in the right way. Like so many things, the risk is to jump into new practices without due diligence or preparation, which will inevitably prove costly.
As communicators, we can help to minimise these IT risks and bring about change in attitudes towards security threats. There’s a need for better education for consumers, helping enterprises find the latest solutions and keeping conversations up-to-date, because nobody can afford to be complacent.