Executive Platforms will be starting a new event series next year! The first North American Information Security Summit will run June 16-18, 2024, at the Gaylord Rockies Resort & Convention Center near Denver, Colorado. We plan to gather together the top Chief Information Security Officers, Chief Risk Officers, Chief Data Officers, Chief Information Officers, and other senior executives working in data and information security from across North America to share their experiences and expertise with one another at a peer-to-peer level.
Cybersecurity is going to be a big part of that event’s agenda, and so we thought it was probably time to start writing about some of the big issues and trends we are seeing in that space.
There can sometimes be a feeling in our larger network of senior business leaders that cybersecurity is someone else’s responsibility, and that it is too technical and specific to really get your arms around without being a subject matter expert. Of course, nothing could be further from the truth. Today’s business environment runs on data, and so even if you are working in HR or Finance or Food Safety or some other discipline that does not seem to immediately connect to cybersecurity, if your digital environment is not protected, you are vulnerable to risks and threats that you may not even had on your radar.
We hope in today’s blog to talk about some of the issues and ideas CISOs, CROs, CDOs, CIOs, and other IT and Data professionals are working on in a way that is inclusive and enlightening to everyone else, and you can look forward to more content on the issues of Data Management and Data Security in the future.
Anyway, enough preamble. Here are some of the things you should be aware of right now in the world of cyber security.
Top Trends, Each of Which Can be a Whole Other Article in the Future
To keep this blog post to a reasonable length, why don’t we start off by focusing just on data breaches> That is probably one of the biggest vulnerabilities to a business, as opposed to malware or DDoS attacks or some of the other issues that do fall under cybersecurity, but do not tend to generate the same damages in terms of costs, bad publicity, lost trust, and compromised information. There is a persistent myth that many of the bad actors in this space are just young, technically savvy people seeing what they can get away with online, but that is much more a product of educating the public through popular entertainment rather than the reality cybersecurity professionals must face. Last year 92% of all data breaches were cyber attacks conducted purposefully by criminals —people who know they are committing a crime in the pursuit of profit— often in coordinated efforts with well-researched targets and specifics goals in mind.
So how do you stop people who know what they are doing from gaining access to information they should not be able to see?
Application Security: As more and more organizations in the post-pandemic business landscape are moving to online applications to allow a distributed and hybrid workforce to engage with one another and clients, vulnerabilities to hacking, zero-day attacks, and identity theft are emerging with each new piece of software. By one forecast, $7.5 billion will be spent in 2023 writing secure code and designing secure application architecture with robust data entry verification that prevents unauthorized access and modification of application resources.
Have you noticed lately that more and more third-party verification is shifting over to an authenticator app rather than just texting you a one-time code to unlock a website? That is part of this application security trend.
Cloud Security: With a projected growth of almost 27% from 2022 to 2023, the fastest growing segment of the IT security market right now revolves around securing data stored in the Cloud. Information accessible for anywhere and not vulnerable to single point-of-failure hardware malfunctions make Cloud storage the future of how organizations keep and share data, but it also comes with all the vulnerabilities you would expect from a service whose starting business proposition is ‘get it anywhere, any time, always.’ Both transmission and storage are vulnerable to unauthorized access, and the full extent of that vulnerability is only being discovered and mitigated as the technology itself scales and matures.
IoT and IIoT Security: The Internet of Things and Industrial Internet of Things has created a constellation of devices talking to one another in our homes, in our cars, and at work. Oracle estimates seven billion IoT devices are already connected, and that number is expected to grow to 22 biliion by 2025! These devices are collecting all manner of data, and they are by their very nature open to receiving input and instructions from other machines in their network —or machines pretending to be a part of their network. Matters are made more complicated because many of the operating systems developed during Digitization efforts have been bespoke, which has created vulnerabilities unique from system to system. There are no quick fixes for IoT and IIoT Security, because we are all still in the grips of bringing new and better tools into our Digital Transformation Journey. This is going to be an open-ended issue for many years to come, unfortunately.
Social Engineering User Error: Once upon a time, many cybersecurity threats could be eliminated with simple spam filters diverting phishing emails away from people with access to data. Today, an informed hacking operation capable of data scraping off the internet can identify a specific employee responsible for specific information and target them directly with a combination of email, SMS text messages, social media, dummy websites, and targeted ads. Not only is this coordinated multichannel approach very difficult to combat from a cybersecurity perspective, but it is also self-reinforcing in its effectiveness in the eyes of the target. People do tend to trust things that they have seen elsewhere. The best counter to this is educating the workforce on what they need to be mindful of, because the cybersecurity instincts most of us have are dated at best.
Outsourcing Cybersecurity: As much as there is to talk about in the data security space, it should probably be conceded that it makes less sense for every company to have its own information security team, and instead find a trusted partner with the resources and bandwidth to stay on top of all the latest developments in Artificial Intelligence and Machine Learning, Zero Trust Network Access, Attack Detection Tools, Quantum Cryptography, and other emerging and rapidly advancing technologies. Executive Platforms will certainly be reaching out to a number of service and solution providers in this space to partner with us for NAISS24.
Cyber Insurance and Validation: In the same way organizations can insure themselves against other risks to their business, there is cyber insurance. One of the rapidly changing realities of that type of insurance, though, is what is required to qualify for it in the first place, and what are the metrics whereby rates and levels of protection change? How do those variables change when we talk about Small and medium-sized enterprises versus Fortune 500 companies? Having your cybersecurity capabilities validated so you can be properly insured is going to be a real business challenge moving forward.
People-First Risk Reduction: There will always be an arms race between the software trying to break in and the software trying to keep the unauthorized out. IT security teams cannot rely on the hope that they will always be ahead of their opponents. Instead, they need to rely upon the rest of their organization to help them too. Is the workforce aware of the dangers? Do employees think of themselves as part of the company’s security defense? Are operators keeping their software up to date? Are they making conscious choices about who really needs access to what, and how those people are going to be authenticated as they work? Having buy-in and knowledge throughout a company can be the difference maker in cybersecurity, just as it is in so many other elements of the business.
Again, we could probably do an entire article about each of these points. For this first blog post, why don’t we stop here for now and all agree the attendees of the first North American Information Security Summit are going to have a lot to talk about?
—
Geoff Micks
Head of Content & Research
Executive Platforms
Geoff joined the industry events business as a conference producer in 2010 after four years working in print media. He has researched, planned, organized, run, and contributed to more than a hundred events across North America and Europe for senior leaders, with special emphasis on the energy, mining, manufacturing, maintenance, supply chain, human resources, pharmaceutical, food and beverage, finance, and sustainability sectors. As part of his role as Head of Content & Research, Geoff hosts Executive Platforms’ bluEPrint Podcast series as well as a weekly blog focusing on issues relevant to Executive Platforms’ network of business leaders.
Geoff is the author of five works of historical fiction: Inca, Zulu, Beginning, Middle, and End. The New York Times and National Public Radio have interviewed him about his writing, and he wrote and narrated an animated short for Vice Media that appeared on HBO. He has a BA Honours with High Distinction from the University of Toronto specializing in Journalism with a Double Minor in History and Classical Studies, as well as Diploma in Journalism from Centennial College.
