A majority of industry experts foresee a major cyber-attack by 2025 that will cause harm, according to the findings of a new study from the Pew Internet and American Life Project. The study, based on a poll of 1,642 experts in technology and other fields, found that 61 percent indicated they expect a major cyber-attack that would cause “widespread harm to a nation’s security and capacity to defend itself and its people.”
The report also cited a number of key themes among respondents—for example, the fact that cyber-attacks are already happening, including infrastructure attacks like Stuxnet, which targeted Iran’s nuclear program.
While the Pew report warns that respondents anticipate an attack, security experts eWEEK contacted didn’t necessarily think that all is bad in the state of online security.
The Pew Research Survey raises some genuine concerns, Mike Fey, executive vice president, general manager of corporate products and CTO at Intel Security, told eWEEK. However, while a large attack is likely, there is a lot of work in the threat detection and threat intelligence sharing spaces, within and across industries, to hold these attacks at bay and minimize damage, Fey added.
“Like all the technology systems we rely on every day—the airline system, the electric grid—our electronic banking networks are very safe, and our industry is continuing to innovate to make them even safer,” Fey said.
Risks
J.J. Thompson, CEO and managing director of Rook Security, does not think that the risk of a major cyber-attack by 2025 is like the folk tale of Chicken Little, who thinks that the sky is falling. “We are moving toward a connected world through not only the Internet of things, but through critical infrastructure,” Thompson said. “In the absence of adequate security controls, the results can be catastrophic.”
Marc Maiffret, CTO of BeyondTrust, said that cyber-attacks are now likely part of normal military operations.
“So yes, one should assume that if there is a major war between now and 2025 that the style of attacks will be a component of war just as any ground or air capabilities,” Maiffret said.
Although there is risk, there has also been much progress made to improve the security of systems, he added, pointing out that the popular attack surface of the last 10 to 15 years—Windows desktops and servers—has become increasingly hardened as Microsoft and other technology companies continue to pour a large amount of resources into protecting their ecosystems.
The emerging Internet of things world, however, hasn’t yet reached that level of security maturity. “I think the Internet of things world needs a major wake-up call, and in fact, it will probably be a major attack that is the wake-up call, but hopefully, that is more of a computer worm or mass infection-style attack, which ultimately can be more annoying than devastating,” Maiffret said.
Overall though, when it comes to limiting the risk of whatever cyber-attack may or may not occur by 2025 and whatever the attack vector is, collaboration and continued vigilance are the keys to defense.
“Organizations are increasingly good at repelling low-level cyber-incursions against governments and private interests, and increasingly quick to address newly discovered vulnerabilities,” Fey said. “Governments are learning a great deal from observing each other’s cyber-practices and developing capabilities in cooperation, sharing lessons learned and training together.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.