Cyber incidents kill. They have killed before. They will kill again.
Even though the cyber industry constantly strives to raise the world’s awareness about emerging threats, it seems like we have neglected to talk about the thing that will soon become the center of the cybersecurity domain – life-threatening cyber threats (LTTs).
Even the current cybersecurity industry standards (e.g., NIST Cybersecurity framework) fail to discuss (and even mention) this threat category, let alone explain how such threats should be incorporated in the risk management process in a way that would allow security experts and decision-makers to identify and tackle such threats effectively.
In this talk, we will discuss this threat, review past incidents that have resulted in casualties, and dive into effective risk management strategies. We will define the different LTTs subcategories (e.g. direct and indirect), understand who can be affected by such threats (most of enterprises, business and individuals), and how.
We will discuss incentives, discover why these attacks almost never happen even though they are possible, and see why this is about to change. We will revisit the relationship between physical security and cybersecurity.
Lastly, we will understand why the cyber industry must adopt the right mindset when human lives are at stake and incorporate this notion into their standards, policies, and methodologies.