The Digital Transformation and the Impact on InfoSec
A recent World Economic Forum report identified six mega trends in the impact of software on society in the next ten years, and 21 shifts, “tipping points”, that will transform global society. The report fed the development for the 2016 Davos meeting, “The Fourth Industrial Revolution,” and had the byline of “software eats the world.” Smart connectivity continues to grow, enabling digital technologies to flourish and connecting more people with new capabilities daily. Our ability to generate and combine data grows by leaps and bounds, limited mainly by our ability to absorb and utilize it. As we discussed in depth last year, the connected devices that IoT brings are changing our security challenges, and the expansion of AI, the reality of 3D printing, and the possibilities of virtual/augmented reality will do so too.
What do these developments really mean for our organizations, approaches to strategy and business/operating models? Established companies, both B2C and B2B are therefore changing how they operate, adjusting to the fact that software and data are becoming key enablers, even drivers, in many areas of business. We are witnessing profound shifts across most industries marked by the emergence of new business models, the disruption of incumbents and the reshaping of demand, production, transportation, delivery, consumption and payment systems. Given the pace of development and acceptance of digitally-enabled change, those who don’t address these shifts risk being left behind.
But the impact of all of this is on information security and risk is great, especially given the ever more sophisticated attack environment—never has the need been greater, nor the challenge tougher. Our discussion will focus on how we can respond to adequately address information security needs today. We will seek inputs to and address questions such as:
- What are your company’s chief information security/risk concerns today and how have they changed in the last year? How is the cyber threat landscape continuing to change? What’s the three-year trend?
- What business decisions has your company made that are impacting your information security posture or creating new challenges?
- What steps have you taken to design, deploy and operate more embedded security to protect our corporations and the information / people within them? Do you collaborate along your value chain/network at all?
- How are you addressing the changing organizational (digital) landscape? How is your infosec organization structured now? How has it changed, grown, or shifted within the firm? How does it coordinate differently in the rest of the business?
- How is your governance changing? Who does your information security organization report to and how is it changing?
- How do you build up the organizational capability and increasing resources that you need in what is generally considered a lean environment? What are the frameworks and best practices you have encountered?
- Have you seen any movement in your corporation’s security culture, awareness and behavior given the large public breaches we have witnessed? How?
- How is the talent you need in your organizations changing? Is the breadth of roles needed in security today affecting your ability to get the right people and work collaboratively? Do you do modeling and analysis? Cyber forensics? Have a threat intelligence capability and/or partner with other organizations/consortia to get that? A SOC and CSIRT?
- Could robust government/industry collaboration provide the intelligence network needed? Are the individual CERTs serving a useful role?