Discussing cyber security trends and threats with a number of different industry players recently has me sighing, “ho hum.” Don't get me wrong, I'm just as stoked as ever to be leading the charge at SC Magazine, navigating all the happenings of a critically essential industry to bring practitioners like you timely news and features, events, videos and more.
Still, the topics we're all discussing lately have become a little routine. Sure, the IT security space is crazy hot these days. President Obama's recent executive order seemed to call information security issues to the fore for a lot of people, many of whom hold jobs at organizations that pros like you have to safeguard. Then there's the resurrection of the Cyber Intelligence Sharing and Protection Act (CISPA), which sees the same debates as last year cropping up in Congress. I mean, how many times do lawmakers need to be told that security initiatives shouldn't curtail citizens' basic rights, like privacy?
Other interesting headlines are hitting, too. Mandiant's report released last month that cited a unit of China's People's Liberation Army for stealing heaps of data from hundreds of U.S.-based companies got crazy coverage. But, let's face it: China's government spearheading attacks on U.S. organizations is far from breaking news. The interesting twist now is the to-and-fro between the U.S. and China, which most recently saw Chinese officials registering willingness to engage in global cooperation to investigate and stop cyber crime, yet all the while maintaining that China itself has been victimized as opposed to being the sole aggressor – a caveat that rings true and, again, isn't all that surprising to most of us.
So, sure, among the humdrum there are cyber events cropping up here and there that breed excitement (e.g., chatter among Chinese military touting ways to leverage the now frequently discussed intrusion-kill-chain methodology to launch effective cyber attacks). And, yup, we're chasing this up for news as we speak.
But, as evidenced by the likes of the RSA Conference in late February, which saw an estimated 24,000 attendees and more than 360 exhibitors, topics covered were mightily close to those we saw last year. There was the collective vendor hype that zeroed in on stuff like application security, security intelligence, situational awareness and more. And, cloud security, BYOD/mobile risks, big data all were session subjects.
So, is something different awaiting us? According to London-based professional body BCS, The Chartered Institute for IT, a threat only chatted about before could involve attackers using internet-connected devices to execute physical crimes, such as murder – a scenario we've covered already when looking at today's various medical devices, for example. Another involves near-field communication (NFC) chips used for mobile payments. Just about every smartphone will be equipped with these chips soon, so there are worries that the business applications leveraging them will be riddled with holes. Cyber thieves, therefore, will be able to hit banking/ e-commerce entities and their customers with ease.
Yes, there always will be the same old, same old. Yet, new methods of attack continually are upon us. Fortunately, there are pretty forward-thinking industry pros, like those we honored recently at our SC Awards U.S. gala. By making more interesting plays, re-configuring their departments, modifying their policies and programs to address the constantly evolving threat landscape and still more, hopefully those recurring moments will be few and far between.
But, then again, we've still got plenty of repetitive hype pushed by some vendors at conferences like RSA through terribly passé-for-the-times booth babes. Ho-hum. Now, booth buds, that's pioneering.