Patrick Gray, a security analyst and host of the Risky Business security podcast, says the modern day information security agenda has become an issue business and government actually take seriously.
"That said, the typical government information security stump speech hasn't changed much in a decade. A politician always relies on the trust line 'the world is becoming increasingly connected, therefore, security is important'.
Gray will be a speaker at ITWeb Security Summit 2015 at the end of May.
"We've seen the militarisation of the Internet accelerate over the last five years, coinciding with the skills gap that's crippling the discipline. There aren't enough skilled people to go around; this is the number one agenda item for the CSOs [chief security officers] I know."
Commenting on what is shaping the infosec agenda beyond 2015, Gray says a point of concern is seeing minor states stage demonstrations of their "cyber" capabilities. "Iran attacked Saudi Aramco in 2012, North Korea attacked Sony in 2014, and Lebanese political groups are running their own cyber espionage campaigns.
"Internet-based espionage and offensive operations used to be the domain of large, cashed-up states. Now everyone's getting in on the action and it won't be too long before really nasty groups like ISIS start getting involved."
Gray notes the top three cyber threats shaping the current global information security agenda are:
* Highly-organised and distributed criminal syndicates that can make use of pretty much any stolen information;
* State-sponsored attackers demonstrating their capability to the world via attacks such as the one on Sony; and
* Security tools not being up to the job.
Looking ahead at how responses to cyber threats are expected to evolve beyond 2015, Gray says things are expected to stay as they are for a while.
"The skills gap will drive businesses like BugCrowd and a few others to work on innovative resource-sharing models. I think information security technology is going to rush to the endpoint in the next few years, which it frankly should have done eight years ago," he says.
Looking back the at the most significant type of cyber threats that shaped the current global information security agenda, Gray believes the shortage in the supply of security talent and the poor quality of security tools are the biggest problems.
"We either need more people to use the awful tools or we need better tools so fewer people can use them. Until one of these things happens, we'll be in the current situation for years to come."
Gray's presentation at the Security Summit will focus on what is shaping the information security agenda in 2015 and beyond.
Share