There is still time for any list of the "top information security issues of 2014" to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year when the catastrophic Target breach occurred.
But this list is about more than attacks and breaches -- it is about broader infosec issues or trends that are likely to shape the future of the industry.
Several experts offered CSO some thoughts on their top picks, what can be learned from them and whether that knowledge can help organizations improve their security posture in the coming year.
Cyber threats trump terrorism
An Associated Press story this past week on the federal government's $10-billion annual effort to secure its multiple agencies noted, almost in passing, that, "intelligence officials say cybersecurity now trumps terrorism as the No. 1 threat to the U.S."
That makes sense to Sarah Isaacs, managing partner at Conventus. While cyber attacks have been expanding and evolving for decades, Isaacs said there has been a qualitative change: It is not just criminals trying to steal money -- it is nation states using it for espionage and even military advantage.
In May, "the Department of Justice indicted five members of China's People's Liberation Army on felony hacking charges for stealing industrial secrets," she said. "We've never seen that before."
Then in September, "NATO agreed that a cyber-attack could trigger a military event," she said. "This is about more than protecting credit cards. This is escalating to new levels."
Author, security guru and Co3 Systems CTO Bruce Schneier, would likely agree. In a recent blog post, he wrote that increasingly sophisticated attacks, especially advanced persistent threats (APT) that are not about financial theft, are coming from, "a new sort of attacker, which requires a new threat model."
There is evidence of that in a recent study by ISACA on APTs. CEO Rob Clyde said 92% of respondents, "feel APTs are a serious threat and have the ability to impact national security and economic stability."
Clouds -- private, public and hybrid -- are not new. But the steady increase in the use of cloud storage services is posing larger risks to businesses.
Schneier, in his blog post, said the continuing migration to clouds means, "we've lost control of our computing environment. More of our data is held in the cloud by other companies ..."
While experts say cloud service providers frequently provide better security, that may not be true of so-called "shadow" or "rogue" use of clouds by workers who believe that is an easier way to do their jobs than going through IT.
Sign up for Computerworld eNewsletters.