Cyber threats will get worse in the next decade, claims NASDAQ CISO

New types of attacks, including those without human intent, will emerge, according to Mark Graff

The cyber threat landscape will only get worse in the next decade, according to NASDAQ chief information security office (CISO) Mark Graff.

Graff, who was speaking at splunk.conf 2014 in Las Vegas, told delegates that despite much attention being drawn to data breaches at the likes of Target and JP Morgan, the most concerning threats are viruses, worms and malware that have emerged in the last decade or so, such as Stuxnet and the Sapphire Worm.

The problem, Graff said, with the number of break-ins to end user systems is the difference in time scales between attacks and responses.

"It can take minutes or hours to put together an attack but can take months to defend," he said.

But rather than the "defenders" catching up with the attackers, Graff believes that the gap will widen in the next decade.

He puts this down to new types of attacks on the horizon, such as those brought about by "intensely complex" software, and others tuned to exploit human characteristics and emotions.

He also believes automated attacks will occur without specific human intent and on an unpredictable schedule.

"These attacks are going to occur all of the time around the clock," Graff claimed.

And he suggested that systems will be infected in the same way as human bodies and that companies need to build up their defences for continuous attacks in much the same way as humans build up their immune systems.

But Graff believes that new solutions will help to tackle many of these future issues. He said that the best solutions will emerge from a combination of three trends: big data, threat intelligence and real-time incident response.