Assessing the challenges in securing emerging technologies
The rise of new technologies like IoT, blockchain, machine learning, robotic process automation, and dozens more have all become business critical as cloud adoption becomes firmly entrenched in the mainstream.
This proliferation of new technology has been well documented over the past 18 months as the world struggled with a pandemic. Also well documented is the rise of a variety of organizational challenges focused on securing applications and systems in response to these emerging technologies.
These challenges represent some of the most pressing issues IT teams will need to address in 2021 and beyond. Assessing the issues is the first step – understanding the framework can empower teams to take full advantage of new technology while developing cybersecurity best practices.
Infosys CISO Vishal Salvi understands the urgency of this challenge. He’s been in the cybersecurity industry for nearly two decades and has seen how threats have changed over the years – and how they have increased significantly over the past 18 months.
Techday spoke to Vishal about the intricate relationship between emerging technology and cybersecurity practices.
What are the biggest risks with new technologies?
Innovation has always created opportunities for attack – this is not a new phenomenon.
In particular, with emerging technologies such as 5G network rollout, the door has opened for bolder and higher density distributed denial-of-service attacks.
Likewise, the introduction of wearable devices and biological data, and the availability of this data in the cloud, pose a different risk to the monetization of this data. This will pose serious challenges in particular for the protection of personal data.
The massive rollout of IoT, where everything has an IP address so companies can collect data to plan future strategies – this creates other issues related to the embedded security of that data. How can we ensure that these devices are not malfunctioning and not damaged?
All of these innovations and changes create a significant amount of risk and vulnerability for the system. And I think we need to take note of all of this and have a clear strategy for dealing with it.
The world of cybersecurity has changed dramatically in the past 18 months in response to new threats. What exactly has changed?
It was a fascinating ride. When new technologies and digital tools were rolled out on a massive scale about 18 months ago, the whole topic of cybersecurity became mainstream – because it’s about surviving the business and avoiding reputational and financial loss.
This arose from the need for companies to change their technology architecture overnight to make it easier to work remotely, of course. This led to a dispersion of the access points and consequently the architectures of data centers also saw a great challenge.
The main problem, however, was the massive adoption of cloud-enabled services. Because of this shift, we had to redesign the security architecture to support it – and we really didn’t have that much time to change it.
Long story short, the cybersecurity industry itself has undergone a massive shift in how we view security. However, the industry had to respond to two different problems: securing the remote workspace and combating the increasing threats. And these threats were relentless.
We have seen a significant increase in advanced malware, with ransomware being arguably the most serious. Not to mention prominent supply chain attacks and attacks on utilities.
Is that the worst thing ever? Is this “era” of cybersecurity the most severe in terms of severity and frequency of attacks?
We just hope the future will be better. And there are several things we can do to make sure the future is better.
We know that constant innovation and change creates more vulnerabilities and areas for attack, opponents become bolder and there are more and more bold attacks that are on the rise.
It’s hard to tell if this is the worst that has ever been or it can’t get worse. However, there is still much to be done at the fundamental level.
A lot more awareness is needed from stakeholders already – you know, not all stakeholders believe cybersecurity is their problem; usually they try to “externalize” it.
So I believe there will be a change where everyone will begin to play their part in building a more robust and secure system. We shouldn’t subscribe to this game of cat and mouse that has a vulnerability and then go and fix it. We have to try to create an ecosystem in which our systems are less vulnerable.
This is one of the most important messages that I and Infosys are trying to get across the industry: making sure security is embedded from the ground up in everything we do.
It takes a lot of effort to build deterrence, craft regulations, etc. to ensure we can arrest threat actors. I am confident that we can achieve it; Whenever things get worse, we as humans have always used our strength to make sure we can control it. So we’ll be able to manage it.
So obviously the cybersecurity industry is extremely important to maintaining critical infrastructures around the world. How great is the need for a larger workforce in the industry? Is there a lack of talent?
The short answer is yes, and I think it’s an urgent problem that needs to be addressed at both corporate and government levels.
Basically, there is a huge demand / supply problem – there is a huge demand for highly skilled cybersecurity professionals, and there is a shortage of talent worldwide. But there are ways to deal with it.
At Infosys, for example, we have extensive training programs. Every person who is part of my team must undergo 16 weeks of basic cybersecurity training before they are accepted into working life. I think this is a critical investment as it is a highly complex topic and teams need to have both a solid understanding of the guidelines and an arsenal of technical skills and knowledge.
We also offer a program where we give our employees a sabbatical to study cybersecurity and then come back and move into higher positions. I see this as a way to solve the capacity problem.
These are the strategies companies must employ to build and attract talent to the industry and to bridge the gap between supply and demand.
To learn more about how you can protect your business, click here.