BYOD bandwagon jumpers "heading for a fall"
Cybergeddon not likely to happen but BYOD a major concern for 2013, according to security experts
The channel could be left picking up the pieces next year as the headlines prompt CIOs to adopt bring-your-own-device schemes before they have shored up their security.
This was among the major concerns flagged up during a panel debate at the Imperial War Museum this morning on whether the world is facing ‘cybergeddon'.
Although most panelists - rather anti-climactically - agreed that a state-sponsored attack that takes out the internet is unlikely, the consensus was that most end users are burying their heads in the sand when it comes to the new wave of threats.
Author and former hacker Robert Schifreen warned that CIOs are looking before they leap when it comes to BYOD.
"It's got a nice sexy name and people are reading about it - and that's making senior management ask what it is," he said. "They think it is a good way to kill their hardware budgets as people can bring in their own machines from home. But I think, if anyone is heading for a fall, it's going to be companies that jump on the BYOD bandwagon. If you don't do it the right way, the risks are great."
The growing spectre of hacktivism - where firms are targeted for ideological rather than financial reasons - and highly targeted attacks has also thrust security up the agenda, said Hugh Thompson, chief security strategist at security vendor Blue Coat.
He argued that advanced persistent threats are now at an "epidemic level" but are being under-reported by those hit.
"The world has changed in a fundamental way," he said. "It's bringing a lot more large companies to the table in the information security discussion that frankly didn't have a big problem before. But now companies that are in the supply chain and companies that are doing anything that might be considered controversial - even in things like modifying food - those folks have become targets."
State-sponsored attacks on critical infrastructure will also intensify, the panel agreed.
Cybergeddon?
But when it came to the business end of the debate, the panel members conceded that the world is unlikely to be plunged back into the dark ages as a result of a state-sponsored cyber-security attack.
When asked if it was theoretically possible to take out the world's 13 root servers, Paul Simmonds, co-founder of the Jericho Forum, said this could probably only be caused by a "glorious cock-up".
"I think the answer is probably yes. But I think it's more likely to see all the root DNS being taken out by a cascade action due to a botched router upgrade, than anything state-sponsored," he said.
Professor Fred Piper, head of Information Security Group at Royal Holloway University of London, agreed.
"Cybergeddon maybe means the collapse of the internet," he said. "Who's going to bring it down? Organised crime is not going to bring down the internet as they're making their living out of it. Governments? I doubt it - a government may want one other country not to have it but they want it themselves. There's no incentive unless it is by sheer accident."
Thompson said cybergeddon could also be taken to mean a situation where trust in the internet is eroded to a point where no one is willing to use it, which he argued is possible.
"When the marginal cost to make one more highly personalised and credible phishing attack comes to pass, we're going to be in a seriously concerning situation," he said. "You can see an erosion of trust, where you have 50 emails in your inbox and even a super-paranoid person can't tell which ones are legitimate and which aren't."