Cyber Security: A State of Digital Denial
We should be more concerned about a cyber attack.
That was the message from Cofer Black, former head of the CIA’s Counterterrorism Center, at this year’s Black Hat Security Conference. In fact, his opening words were quite ominous. He said the last time he stood in a room presenting to a large audience with his face being projected on four big screens was in August of 2001. At that time, he warned the audience that there would be a major terrorist attack on U.S. soil where thousands may die. A little over a month later, the attacks on 9/11 took place. His latest prediction at the Black Hat Conference, is that there would be a major cyber attack on the United States which will have serious consequences.
But his point was not fear – not that we were fated. But, that the work of every person focused on cyber security was critically important. His primary concern was about a state of preparedness.
Black told us that while many in the government had seen the warning signs of the attacks which occurred almost a decade ago, it was hard for anyone to be fully prepared for an event before they had personally experienced it – or had personal experience of it (yes, they are two different things). Without that, it is hard to grasp the real consequences of the threats that face us.
I could not agree more.
Today, I fear we live in a state of digital denial. Enamored with the devices, connectivity, and the ‘always on’ nature of things. We revel in discussions of the cloud, geo-location, empowerment, and apps. The consumerization of IT. And yes, executives do walk into the IT guy’s office and say “get this new device to work on our network.”
But as Marc Benioff, the CEO of Salesforce, said at Gartner’s ITxpo back in 2010, “Security right now had better be on the top of everyone’s mind.” I have spoken with IT guys at large and small companies. I have seen the reports from the analysts. There is a quiet tide of complacency and “good enough.”
Having seen the recent headlines and discussions at many a Board level, I know protecting critical information is of paramount concern. We know of the attacks – the cloud outages, hacktivists, and others. But I’m not talking about simply cyber tagging of a government website. I’m talking about critical data breaches, exposures to critical infrastructure, and risks to our financial systems. As Black said in his keynote, “Stuxnet was the rubicon of the future”. It was the defining moment when we went from espionage to sabotage. When cyber attacks went from the virtual world to impacting the physical one.
This brave, new, connected world brings much promise. Better productivity for businesses and people, and enhanced communications and interactions. But it does not work if it is not secure, protected, and available.
Today, Symantec released its State of Security Survey for 2011 (PDF). Watch the video overview below. It clearly outlines that the concerns about real threats have increased in the past year. Threats we need to consider as we think about the necessary steps to keep our information and identities safe and secure.
We cannot continue to live in a state of digital denial. Or else, Mr. Black’s predictions may once again come to fruition.