And all the while, skittish shareholders are getting worried.
What’s an organization attempting to prevent cyberattacks to do?
First, the positive:
- Defensive tools to battle cyber disruptions, intellectual property theft and cyberattacks against business operations are increasing in both scope and strength of capabilities.
- One speaker gave the U.S. a two-year window of relative safety before the attacks progress to the point of being truly dangerous (incidentally, the same time frame contained in my report, “Seven Trends Driving the Future of Cyberwarfare,” available free here in the sidebar).
And now, the disturbing news:
- The issues of dealing with cyber threats lie primarily with the human aspect. One presenter at Suits & Spooks felt the issues in managing cyberthreats are “90% human and only 10% technical.” This becomes more critical as technical talent becomes harder to find. Computerworld recently reported that the demand for people with cybersecurity skills is growing 3.5 times faster than for other IT-related jobs. And, as we found out with ex-NSA contractor Edward Snowden, cybersecurity specialists can be unpredictable in their actions.
- Organizations hacking back, even to gain back their stolen data, risk an escalation of return cyberattacks, raising the risks for future damage.
- Many organizations, particularly in the private sector, do not share cyberthreat information or defense strategies. Some of these are competitors; others act from hubris. And few sounded likely to trust government agencies with their information (especially considering Wyndham’s legal fight with the SEC).
If I were to select one word to describe the developing world of cyber threats we face, it would be that both internal and external forces are snowballing, picking up speed and destructive power with each day.
Challenging times ahead in cyberspace? You bet. We had better seriously start getting our house in order before that two-year safety period runs out on us.
Note: these comments are my conclusions alone and do not represent the opinions of presenters or attendees at the Suits & Spooks event.