One of the best parts about reflecting on the past is the perspective it provides for how we look at the future.
This is a year in which I’ve done plenty of both – thinking about the past, as well as considering how it portends for the decades to come – in a technology and information security context, as 2019 marks the 50th anniversary for ISACA, the global professional association for which I am currently board chair.
What a remarkable 50 years it has been, and considering the ever-growing prominence of technology in all facets of our lives, it is a safe bet that the work performed by information security and other technology practitioners will be even more exciting in the 50 years to come.
Today, our professional community is largely focused on combating cyber threats and securing emerging technologies such as artificial intelligence, Blockchain and connected IoT devices. While it is impossible to predict exactly which technologies and threats will be top-of-mind in 2069, we do know that the pace of innovation and growth will continue to grow exponentially, following Moore’s Law, so it will be more important than ever that professionals adopt a commitment to lifelong learning.
Gone are the days when security practitioners can specialize in one narrow area of expertise and have a long, successful career. We will need to regularly learn new technologies, new techniques and explore the latest guidance from industry resources such as ISACA in order to be effective in our roles going forward. Those practitioners who lack an appetite for continuing education will have difficulty thriving where the industry is heading.
Think of how far we’ve come already. Back in 1969, when ISACA was founded as the Electronic Data Processing Auditors Association, the iconic Apollo 11 moon landing took place, harnessing computing power that pales in comparison to what we hold in our hands today every time we grip our smartphone. While the computing power back then was much less powerful than what we encounter today, assuring the security and reliability of devices is just as important – and much more challenging – as it was back then.
Just as the potency and capabilities of technology have evolved over the past five decades, so, too, has the threat landscape. In the 1970s and 1980s, insider threats were the focal point for security practitioners, with the Morris worm in the late 1980s helping raise awareness of the dangers of malicious code.
As personal computers proliferated, the spread of viruses through floppy disks presented a new security challenge, and later, the ascent of the internet – making it far easier to attack information systems – opened the door for cybercriminals and nation-states to become the most problematic adversaries for the people that we have come to call cybersecurity professionals.
It’s not only individual practitioners, but also their organizations, that increasingly will have to rise to the challenges presented by the morphing threat landscape. In recent ISACA and CMMI Institute culture of cybersecurity research, 95% of respondents identify a gap between their organization’s desired and actual culture of cybersecurity. Those organizations with a significant gap are spending less than half on training and tools as other organizations, highlighting a direct correlation between providing adequate training resources and stronger organizational security culture. That means organizations will need to give more serious consideration to allocating sufficient training budgets for their teams to make the people they have more effective, even if it means making sacrifices elsewhere within their security budgets.
Despite the many legitimate risks, threats and ethical considerations that new technology presents, we must not lose sight of technology’s positive potential, as evidenced by the past. In the past 50 years, we have seen enhanced technology lead to longer life expectancies, more sophisticated capabilities for law enforcement and the ability to connect with our fellow citizens around the world in ways that were never thought possible.
I have no doubt that the innovations of the next 50 years will have an even more profound impact on society, at work and in our personal lives. It’s up to security practitioners to adopt a continuous learning mindset to ensure the promising advancements to come are integrated into our lives securely and responsibly.