A Q&A gathering experts' thoughts on the threats they considered important in 2014 and envision imperiling us in 2015.
As we profiled our selection of luminaries for 2014, we asked a few pressing questions about what threats they struggled with in 2014 and what threats might prove daunting in 2015. Their answers might surprise you.
Jack Daniel, strategist, Tenable Network Security
What was the biggest security concern or threat this year?
I know I'm supposed to say “APT,” data breaches or one of the big vulnerabilities with a lot of media attention, but those are merely symptoms of the real threats. The biggest class of threats were complacency and distraction, as they have been for years, and will be for years to come. We all tend to ignore threats once we understand them, and get distracted by the latest security horror story- how else can you explain widespread buzz and panic over this year's big news stories while we still haven't significantly addressed authentication and other fundamentals? In recent research I've taken another look at things like the Ware Report [Willis H. Ware, a pioneer in the fields of computing security and privacy authored a 1970 whitepaper for the Rand Corporation, “Security Controls for Computer Systems”] and [Robert] Abbott's RISOS work [(Research in Secured Operating Systems) Project, a DARPA-funded effort to define the meaning and boundaries of IT security]. It is clear that we have been able to define our challenges very well for several decades. Our ability to meaningfully address them, however, remains problematic.
What will be the biggest threat or concern of 2015?
Besides the perennials of complacency and distraction, I fear that breach fatigue will continue to grow and infect key decision makers. There will be new buzzwords, new vulnerabilities, and certainly new data breaches – but the big problem may turn out to be increased fatalism about our ability to defend ourselves with a resultant reduction in resources allocated to secure our environments. The good news is that calm, thorough, and rational analysis of the next big thing can drive rational reactions to the news and allow us to combat fatigue with facts.