Assess the challenges of securing emerging technologies
The rise of emerging technologies such as IoT, blockchain, machine learning, robotic process automation and dozens more have all become essential for the business as cloud adoption takes hold. firmly in the mainstream.
This proliferation of new technologies has been well documented over the past 18 months as the world grapples with a pandemic. The emergence of a multitude of organizational challenges focused on securing applications and systems in response to these emerging technologies is also well documented.
These challenges represent some of the most pressing issues IT teams face in 2021 and beyond. Assessing the issues is the first step – understanding the rules of the game can enable teams to take full advantage of emerging technologies while engaging in cybersecurity best practices.
Infosys CISO Vishal Salvi is well aware of the urgency of this challenge. Working in the cybersecurity industry for almost two decades, he has seen how threats have changed over the years and how they have intensified dramatically over the past 18 months.
Techday spoke to Vishal about the complex relationship between emerging technologies and cybersecurity practices.
What are the main risks associated with emerging technologies?
Innovation has always created opportunities for attack – this is not a new phenomenon.
Specifically, with today’s emerging technologies, like the adoption of the 5G network, for example, has opened the door to bolder, high-density distributed denial of service attacks.
Likewise, the adoption of wearable devices and biological data, and the availability of that data in the cloud, will pose a different risk in terms of monetizing that data. This, in particular, will create serious challenges for the confidentiality of personal data.
The massive adoption of the IoT, with anything that has an IP address so that businesses can collect data to use in planning future strategies – this will create a different set of problems in terms of the built-in security for that data. How can we make sure that these devices don’t malfunction and get corrupted?
All of these innovations and changes create a significant amount of risk and vulnerabilities for the system. And I think we need to take all of that into account and have a clear strategy to deal with it.
The world of cybersecurity has changed dramatically over the past 18 months in response to new threats. What exactly has changed?
It was a fascinating race. When there was a significant adoption of new technologies and digital tools about 18 months ago, the whole topic of cybersecurity became mainstream because it is about business survival and avoiding losses. reputation and financial.
This stemmed from the need for organizations to change their technology architecture overnight to facilitate remote working, of course. This led to a dispersion of access points and as a result data center architectures also faced a significant challenge.
But the main problem was the massive adoption of cloud-based services. Due to this change, we had to redesign the security architecture to support it, and we really didn’t have a lot of time to change it.
In short, the cybersecurity industry itself has seen a sea change in the way we think about security. But the industry had to respond to two different issues: securing the remote workplace and fighting against rising threats. And these threats have been relentless.
We have seen a significant increase in advanced malware, with ransomware arguably the most serious. This does not mean anything about significant supply chain attacks and attacks on utilities.
Is this the worst it has ever been? Is this cybersecurity “era” the most serious in terms of the severity and frequency of attacks?
We just hope the future will be better. And there are several things we can do to ensure a better future.
We know that constant innovation and change creates more vulnerabilities and attack surfaces, adversaries become more daring, and there are more and more daring attacks, which are on the increase.
It’s hard to say if this is the worst it has ever been, or if it can’t get worse than this. Having said that, there is a lot to do at a fundamental level.
Even now stakeholders are much more aware – you know, not all stakeholders think cybersecurity is their problem; they normally try to “externalize” it.
So I think there will be a change where everyone starts playing their part in building a more robust and secure system. We shouldn’t subscribe to this cat and mouse game where there’s a vulnerability, and then you’re going to fix it. We have to try to create an ecosystem where our systems are less vulnerable.
This is one of the most important messages that I and Infosys try to get across the industry: to ensure that safety is built into everything we do by design.
A lot of effort is needed to establish deterrence, develop regulations, etc., to ensure that we can apprehend the actors of the threat. I am convinced that we can do it; whenever things get worse, as humans we have always applied our strength to make sure we can control it. We will therefore be able to manage it.
It is therefore evident that the cybersecurity industry is extremely important in maintaining critical infrastructure across the world. What is the demand for a larger workforce in the industry? Is there a talent shortage?
The short answer is yes, and I think it is an urgent problem, and it needs to be addressed at the corporate and government level.
Basically there is a huge demand / supply problem – there is a lot of demand for highly skilled cybersecurity professionals, and there is a talent shortage across the world. But there are ways to fix it.
For example, at Infosys we have comprehensive training programs. Each person on my team must complete 16 weeks of basic cybersecurity training before being integrated into the job market. I see this as an essential investment because it is a very complex subject, and teams need to have both a good understanding of politics as well as an arsenal of skills and technical knowledge.
We also have a program where we give our employees a ‘sabbatical’ to train in cybersecurity, then come back and join higher positions. I see this as a way to solve the capacity problem.
These are the strategies that organizations must adopt to develop and attract talent to the industry and close the gap between demand and supply.
To learn more about securing your business, Click here.