John Noble, former director of the National Cyber Security Centre in the United Kingdom, took a pessimistic view on the future of cybersecurity during a BeyondTrust webinar on Wednesday.
“I predict that we’re going to see destructive attacks become a norm, and unfortunately I think it’s going to take a highly destructive attack on the critical infrastructure to really make us change the way we approach this so we introduce security right from the start,” said Noble.
Among other high-level risk factors, Noble highlighted the risk of corporate mergers and acquisitions
to cybersecurity, saying, “following the merger, you inherit a whole pile of cyber risk you may not
understand.” He also noted that companies tend to reduce staff during and following acquisitions, which may reduce resources devoted to security.
Noble also highlighted the risks of outsourcing and supply chains, and pointed to the example of managed service providers (MSPs) in the U.K. who found themselves victims of the APT10 Chinese hacking organization. “I think out of a number of worrying things that came out of this investigation, we saw that a number of the MSP security teams had detected these issues and had attempted to mitigate the risk. Unfortunately, generally they weren’t successful, as they underestimated their adversaries and overestimated their own capabilities.”