Anticipating how the world of technology will evolve and change is not only a goal for economists, investors and power players in the stock market, but for cyberentrepreneurs, risk managers, IT professionals, chief information security officers (CISOs) and chief security officers (CSOs). In fact, security professionals need to not only be able to anticipate what is next, but understand how to best manage their work (and manage and inspire their teams) to proactively engage with the tech and cybersecurity arenas. This was a theme discussed at ISACA’s first-ever EVOLVE emerging technology conference, held in November 2021.1 Tackling concepts that would astound the Jetsons2, keynote speaker Nikolas Badminton hit the virtual ground running with a review of how emerging tech disruptors will force everyone to become futurists in some capacity.
As the new year begins, a quick overview of the vast array of emerging tech paints a dynamic picture. The Internet of Things (IoT), bleeding-edge technology and artificial intelligence (AI) continue to offer a cornucopia of exciting devices and processes that are changing daily life—and will continue to do so. The annual CES conference in 2022, though a bit quieter due to the ongoing COVID-19 pandemic, highlighted how fast progress is being made.3 At the same time, this growth coincides with an expansion of threat surfaces and vectors. The information security world knows this well.
As the new year begins, a quick overview of the vast array of emerging tech paints a dynamic picture.
In just a few years, it is estimated that there will be 55.7 billion Internet-connected devices worldwide, and the data generated by these smart objects will grow from 18.3 zettabytes (ZB) in 2019 to 73.1 ZB by 2025.4 With the advancement of specialized medical equipment, smart construction machinery,5 social media-enhancing Ray Ban sunglasses6 and paper-based capacitive sensors that have “unprecedented sensitivity to human tissue,”7 data mining is pushing boundaries and sprawling across every field imaginable. At the same time, opt-out connected platforms are being released in the wild (e.g., Amazon Sidewalk,8 a Meta-driven metaverse not fully developed, but already mired by privacy concerns,9, 10 an Artificial Intelligence-as-a-Service (AIaaS) software market predicted to reach more than US$100 billion by 2025).11
There is no overstating the significance of these offerings. They can change the world in positive ways—but the increased threats they pose deserve equal attention. Cybersecurity issues are complex not only because technology continues to evolve at a staggering pace, but more important, because bad actors are increasingly innovating how they attack. The notion that a forward-thinking hacker can be defeated by technology alone, or even by AI-assisted technology, is patently false. Research that helped lead to the development of the Can. Trust. Will. system for cybersecurity hiring confirmed that the hardest networks to penetrate are defended by diverse teams of humans who continuously interact with their cyberenvironments.12 These teams evolve, refine their approaches, hunt for anomalies, and take both intuitive and counterintuitive actions to seek out threat vectors. AI-managed detection and response services (MDRs) alone will not suffice.13 The humans behind the machines must challenge each other.
Building a high-performance cybersecurity team begins by recognizing the following 3 key truths:
- The best strategy in the world is meaningless without a team to execute it.
- The best technology available is worthless without the right operators.
- No matter how perfect the solution, it takes people to implement it.
With these truths as the starting point, it becomes easier to understand how an effective cybersecurity team must have diversity of thought, a broad range of perspectives, diametrically different ways of approaching and solving problems and a keen focus on a shared intention that ties the team together.
The red flags are simple to identify. A team that agrees easily, does not debate vigorously, or includes members who care about having their idea recognized as the best will most often fail to work collaboratively to defend against, and respond successfully to, breaches. Teams that debate professionally but vigorously, are focused on contributing to the best outcome, and always use the last solution as the starting point for the next one—these are teams that will ensure the security of their environment, and remain vigilant and proactive as new attack surfaces emerge on the future’s horizon.
Endnotes
1 ISACA®, “ISACA’s New Emerging Tech Virtual Conference to Explore Cloud, AI, Blockchain, Zero Trust and More,” 4 November 2021
2 Novak, M.; “50 Years of the Jetsons: Why the Show Still Matters,” Smithsonian Magazine, 19 September 2012
3 Consumer Technology Association, CES 2022, Las Vegas, Nevada, USA, 5-7 January 2022
4 IDC, “IoT Growth Demands Rethink of Long-Term Storage Strategies, Says IDC,” 28 July 2020
5 Lux, K.; “Doosan Bobcat Unveils All-Electric Compact Track Loader,” Lawn & Landscape, 6 January 2022
6 CNN Business, “Watch Mark Zuckerberg Announce New Facebook and Ray-Ban Smart Glasses,” 9 September 2021
7 McLellan, C.; “CES 2022: Nanotech Startup Shows Off Tiny Paper-Based Capacitive Sensors,” ZDNet, 5 January 2022
8 Nield, D.; “How Amazon Sidewalk Works—and Why You May Want to Turn it Off,” Wired, 11 May 2021
9 Meta
10 Hunter, T.; “Surveillance Will Follow Us Into ‘the Metaverse,’ and Our Bodies Could Be Its New Data Source,” The Washington Post, 13 January 2022
11 Omdia, “Artificial Intelligence Software Market Forecasts,” 29 June 2020
12 Garber, L.; S. Olson; Can. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity, Business Expert Press, USA, 2022
13 Columbus, L.; “How Combining Human Expertise and AI Can Stop Cyberattacks,” VentureBeat, 3 January 2022
Leeza Garber
Is a cybersecurity and privacy attorney and consultant. She teaches internet law, privacy and cybersecurity at the Wharton School at the University of Pennsylvania (Philadelphia, USA) and is an adjunct professor at Drexel University's Thomas R. Kline School of Law (Philadelphia, Pennsylvania, USA), focusing on information privacy. Garber also presents educational seminars and keynotes for private enterprises across the United States. She coauthored Can. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity with coauthor Scott Olson. Garber and Olson are cofounders of consulting firm Can. Trust. Will., LLC, which offers seminars and custom consulting related to general hiring and cybersecurity-specific hiring needs.
Scott Olson
Is the founder and chief executive officer (CEO) of GlenHaven International, LLC, a human resources (HR) advisory practice that provides training in leadership fundamentals and how to build high performance teams. He was a US Federal Bureau of Investigation (FBI) agent for 21 years, serving as the assistant special agent in charge of intelligence and counterintelligence and as a legal attaché in Baghdad, Iraq. Olson also created the FBI’s supervisor development program. Olson coauthored Can. Trust. Will.: Hiring for the Human Element in the New Age of Cybersecurity with coauthor Leeza Garber. Olson and Garber are cofounders of consulting firm Can. Trust. Will., LLC, which offers seminars and custom consulting related to general hiring and cybersecurity-specific hiring needs.