In recent years, the development of massive computing and storing capacities in the hand of a few internet juggernauts led to the rise of the cloud economy. Companies of all sizes have been moving their mission-critical servers and operations to the data centers. On the face of it, the development of Infrastructure as a Service (IaaS) should be good news for the state of cybersecurity. In this context, it is easy to believe that moving to the cloud could mean solving many of your cybersecurity issues.
Many large organisations now assume that breaches are simply inevitable, due to the inherent complexity of their business models and the multiplication of attack surfaces and attack vectors which comes with it. This realisation changes fundamentally the dynamics around cyber security. Historically, cyber security has always been seen as an equation between risk appetite, compliance requirements and costs. Compliance and costs were always the harder factors. Risk (was always some form of adjustment variable.
Privacy and security considerations are the key ingredients of digital trust and must be at the heart of any industry’s digital transformation. The necessarily transversal nature of security and privacy matters needs to be woven into the fabric of an organisation for the digital transformation to succeed over the long-term. At this junction, the traditional role of the CISO – heavily influenced by a technical bias, tactically-oriented and project-driven in many firms – could become exposed.
Cybersecurity has developed a high profile in many organisations over the past few years. But, who wants to be a Chief Information Security Officer these days? And at which stage in your career should you consider the move? What balance of managerial and technical experience do you need to have? And where do you go from there? Those would be valid questions for many executive positions but when it comes to the role of the CISO, they seem to acquire a different meaning.
In the current business paradigm, replicated since by a number of online platforms, individuals willingly provide their personal information in exchange for a service. Personal data is subsequently repackaged and sold to advertisers and marketers. The unavoidable rise of the Internet of Things will only make the issue more complex, as increasingly more intrusive and personal data will start to be collected about each of us. This poses new challenges around the issue of consent and privacy:
IoT security issues arise from ill-advised prioritization and the inherently short-term culture of the tech world. Security should be seen as a fundamental requirement for any IoT product—even MVPs. As the attitude of consumers and regulators shifts around those matters, it's becoming a simple matter of good business. Frankly, given the virulence and widespread nature of cyber threats, the need to take security seriously and embed it natively into IoT products should be seen as a simple matter of common sense for product developers and investors.