Today’s digital security environment offers no shortage of opportunity for industry observers to fret about our collective shortcomings: our enterprises still are plagued by too many security vulnerabilities, too few skilled practitioners and, in many cases, lack a true sense of what security priorities most urgently require their attention and financial investment.
While all of this is true, we rarely take stock of the strides that enterprises are making in response to the flurry of challenges that have emerged in recent years. In my final blog post in this space, rather than lament the state of cybersecurity or the worrisome threat landscape, I would like to salute the admirable progress that is being made by security practitioners and their organizations around the world.
Organizations rising to the challenge
For millennia, change has been the lone constant in the human experience, but the pace of technology-driven change in our modern era places unprecedented responsibility on enterprises leaders and their security teams to create a culture of security and instill organizational cyber resilience. While there is much work to be done in both of those regards, with each passing week, month and year, more organizations are recognizing the need to prioritize these areas and make the corresponding investments in people, processes and technology to rise to the considerable challenge.
ISACA research shows that the majority of organizations are increasing their security budgets, that most boards of directors are now adequately prioritizing information security, and that there is a continued, year-over-year uptick in aligning security strategy with organizational objectives – all hopeful indicators that the need to fortify security preparedness is resonating with industry leaders. Further advancements will come with wider recognition of the value in hands-on, performance-based training and testing, and the need for enterprises to self-assess their cyber resilience against their risk profile, allowing boards and the C-suite to benchmark their resilience against industry peers.
I have maintained that data is the new air in our society, a catalyst of innovation and disruption. But clever use of data also can make us safer and more secure, equipping law enforcement, municipalities and other entities with the ability to devise data-driven approaches to protecting critical infrastructure, reducing crime and more efficiently preserving resources to make our communities sustainable over time. Data’s growing prominence in our society also is increasingly applied to cybersecurity, where big data is powering more advanced threat detection and providing actionable analytics in timely fashion, supplying security teams with new ways to anticipate and mitigate threats.
The GDPR breaks down silos
As data privacy concerns have commanded the public’s attention, I have noted an overlooked benefit to the enactment of the General Data Protection Regulation (GDPR), which has prompted new layers of cross-functional collaboration and coaxed privacy and security practitioners away from the siloed approach that often undermines organizations’ potential. In the professional fields that ISACA serves, it has been heartening to observe a heightened understanding of the cross-pollination that today’s technology environment demands, not only among privacy and security professionals, but in the growing recognition that IT auditors need to gain and refresh cybersecurity knowledge to bring a more impactful perspective to their audit roles.
I’ve highlighted the need for organizations to modernize their hiring practices, business models and explore how to effectively deploy new technology to be better situated for success in our digital economy. On that front, too, there is encouraging progress, with nine in 10 organizations having plans in place to embrace digital transformation, according to recent ISACA research. Factor in corresponding investments in security and risk management, and there is tremendous potential for a booming, innovation economy in the coming years – one that will still depend on the uniquely human characteristics of creativity, empathy and critical thinking skills, even as automation accelerates.
Cybersecurity truly is everyone’s business; no single entity can meet the challenges of the digital era alone. Securing our digital futures will require the public and private sectors, academia, industry professional associations and individuals, across international borders, to share resources, intelligence and best practices to cultivate forward-looking solutions and keep one another safe as we deal with current and future challenges. There are promising examples of this playing out all around us: many nations are putting forward thoughtful cybersecurity strategies that, if properly executed and updated, have the potential to put national security on stronger footing, while the recent announcement of Massachusetts Institute of Technology investing $1 billion in an AI-focused college provides a prime example of the bold mindset that will be required to effectively and securely leverage technology in the future.
I’ve tackled many topics in this space, but none were more personally meaningful than laying out the society that I want my granddaughter to enjoy as she comes of age. We can’t fully anticipate what the next 50 or 100 years will look like, but with the proper diligence and collective resolve, we can evolve toward a society that not only is more technologically advanced, but also marked by greater security and prosperity for all of us. While the pace of change today unquestionably creates major challenges, harnessing the positive potential of technology, combined with humans’ time-tested penchant for adapting to new challenges, makes for a future worth anticipating. In the meantime, let’s take a moment to celebrate the strides that already are on display all around us.
Originally posted on CSO Online (US).