HP predicts a catastrophic cyber attack in the next five years, according to HP enterprise services chief technology officer Andrzej Kawalec.
“We expect an attack that will cause significant and lasting damage to a major world economy through physical and economic impacts,” he told the European Information Security Summit 2015 in London.
HP also predicts enormous challenges around creating a robust single digital online identity and managing the security of information shared online through social media, in the cloud and through devices connected to the internet of things.
“All these things are all about sharing data, not about security. Securing all the data shared in this way is a huge challenge in the absence of any standards to enable us to take control,” said Kawalec.
Another significant challenge in the next five years, he said, will be ensuring that regulatory and privacy concerns are addressed without limiting cross-border trade or exposing industry to financial risk.
More on data protection
Three cyber security areas to tackle
HP believes there are three areas that need to be tackled urgently.
“First we need to focus more time and effort on understanding our adversaries and how to disrupt them at every step,” said Kawalec.
“Second, we need to understand and identify our risk so that we can see how best to protect as well as enable our information assets.
“Third, we all need to collaborate more and share information with each other to get a single view of the threats and extend our cyber security capabilities beyond our own organisations.”
Extending cyber security capabilities is a huge part of HP’s strategy, according to Kawalec. “But we recognise that it is not something we can do on our own and we are keen to work with as many partners as possible,” he said.
Security challenges in 2015
Looking at the year ahead, Kawalec said HP expects a major mobile exploit in the next 10 to 12 months as adversaries continue to collaborate faster and more efficiently, unencumbered with regulations.
We need to understand our information environments better, see how they work and find better ways of making them secure
Andrzej Kawalec, HP
Other challenges in 2015 include the need to improve the management of open-source software within organisations and to address security vulnerabilities within supply chains.
“From the attack on US retailer Target through a compromised air-conditioning supplier, it is clear to see that organisations need to change the way they deal with suppliers,” said Kawalec.
A third key area in the year ahead, he said, will be industry sector attacks such as those already seen in the retail and healthcare sectors.
In all these scenarios, tackling the security challenges around data and users will be key, said Kawalec.
“We are pretty good at securing the infrastructure, we are OK and getting better at securing applications, but we are still no good at securing the end user and the data,” he said.
Kawalec believes these are clear signposts to what needs to be done and that it will be essential to find an alternative to password-based authentication and focus more on protecting data.
“We need to understand our information environments better, see how they work and find better ways of making them secure,” he said.