which exploited critical infrastructure vulnerabilities introduced by the convergence of IT and Operational Technology (OT). Yet they were barely noticed by the broader public, not nearly as much as Hillary Clinton pulling rank on her IT staff to use a private email server.

Time for a reality check? For our InfoSec Luminary Lineup blog discussion series, we asked cybersecurity leaders and experts: “What is the most underestimated IT security threat, and why?”

In their responses, they don’t dabble in technicalities of the vulnerability-de-jour variety. Instead, all of our contributors paint the bigger picture.

It isn’t pretty. The most underestimated IT security threat is… - “all of us,” as Frederick Scholl (Monarch Information Networks) writes. His fellow contributors seem to agree. It’s the “‘people aspect’ of cybersecurity,” Law & Forensic LLC’s Daniel Garrie points out, that deserves more of our attention.

While criminal and nation-state hackers may dominate the headlines, serious threats that originate from within the organization remain unaddressed, such as insider negligence or insider accidents.

The resulting threat scenario is laid out in the recent report The Rise of the Machines - The Dyn Attack was Just a Practice Run - a must-read for cybersecurity leaders. The author of the report, James Scott, Senior Fellow at the Institute for Critical Infrastructure Technology (ICIT), rounds out this InfoSec Luminary Lineup discussion.

In his contribution, the ICIT Co-founder identifies “stagnation and complacency” as the most underestimated threats to America’s cybersecurity. James Scott demands to “revitalize national cybersecurity with innovative thought.”