The future of Information and Cyber Security – Part 4
By Hylton Stewart
What the future will look like
In the last blog post, I spoke about some of the changes that are needed in both the Information Security and Cyber Security disciplines in order for them to evolve and take their place alongside other C-Suite disciplines.
In this post, I’ll discuss what I think are some of the elements that future Information Security and Cyber Security will incorporate, when they have stepped up to the C-Suite table and are actively participating in and supporting businesses to achieve their objectives while still protecting their assets and information. This will be from the perspective of a possible future looking back on the developments within the disciplines.
The future of Information Security is a bright and vibrant discipline, having grown from its beginnings as a relatively isolated silo that was ignored by most other business functions into a field that incorporates elements of many business disciplines. The need for InfoSec to understand the operating environments and drivers of business has lead to a marked increase of both traditional InfoSec professionals taking some forms of business classes to increase their understanding, as well as traditional trained business people and managers moving more and more into the InfoSec fields. This has brought with it an increase in the understanding of business risk, and general risk analysis and management methodologies outside of the narrow InfoSec focus, which has allowed the discipline to integrate holistic risk treatment controls and practices into businesses that fully support the pursuit of actual business objectives.
A knock-on effect of this is an increased understanding and trust between businesses and InfoSec professionals, as well as adoption of and adherence to the measures they recommend and implement.
The initial communication issues within InfoSec has encouraged an approach driven more by open, non-technical communication and storytelling to convey complex messages associated with Information Security concepts and requirements. Part of this has been an adoption of storytelling principles used to support the implementation of security in staged phases that businesses can understand and plan, following the idea of security as being a journey as opposed to a destination. This has not only reinforced the better communication between InfoSec and business but has also helped to re-establish the trust between businesses and Information Security professionals, encouraged businesses to adopt better security practices and protect themselves better.
These two evolutions alone have been responsible for more positive changes to how businesses protect themselves and their information than many other initiatives during the past decades combined. More professionals skilled in both business understanding and InfoSec practices have been drawn to the field of Information Security as its reputation has improved, leading to a decrease in the skills gap. This has also contributed to improved business security and developments in the field, taking Information Security to new heights and allowing businesses to pursue their objectives while being truly secure and compliant in a dangerous world.
The Cyber Security discipline has always been growing and evolving at a very fast pace, often outstripping practitioners and businesses ability to keep up and plan sufficiently. With the evolution and improvements in the overarching Information Security field supporting changes, Cyber Security has itself stabilized and matured.
The discipline has developed better measurements of implementation and success, allowing both professionals and the businesses they protect to more accurately select and evaluate the effectiveness of solutions. This has led to a consolidation of the vast number of disparate solutions that characterised the CyberSec market in the past. Having fewer products that address very similar issues, as well as better measurements to evaluate these solutions, has led to more integrated solutions being adopted by businesses, solutions that actually support the business objectives and protect against the actual risks the business faces – risks which have been better identified by the evolved InfoSec practices.
The evolution in the InfoSec discipline has flowed over to CyberSec professionals, who are now better able to communicate the often complex technical solutions and measures they propose and operate to management and decision makers, and are better able to understand precisely what business risks they are seeking to protect against. This new understanding and improved communication has led to the increasing adoption of technical measures that holistically protect the entire business from a wide range of risks, and are flexible enough to support the business in the achievement of its goals. Users are no longer as opposed to ‘security’ as they once were, and adoption and adherence to controls has increased markedly. This has helped to foster a general increased awareness of security risks and implications, both for businesses and individual persons.
The original major stumbling blocks for InfoSec and CyberSec, which were communication with users and management and understanding by security of business risks, have all but been resolved due to the evolution of the InfoSec and CyberSec disciplines. Support and commitment from Management is now a core component of security implementations, and trust and understanding has been reestablished and improved.
The benefits felt by both practitioners as well as businesses and their users are marked, and businesses and their information are better protected than ever before. Malicious attackers continue to evolve and the defenders are always on the back foot in the fight to protect businesses, but now the defence is united and strong.
The improved perception and adoption of security has also led to increased pressure on, and understanding by, regulators to review and adopt regulatory measures that keep up with the ever changing threats to the security of information. A tick box approach to compliance is no longer acceptable, and regulations are flexible and supportive while remaining stringent enough to form a good framework for security across all businesses.
This vision of the future evolution of Information Security and Cyber Security is currently just that, a vision of the future. The journey to get there will be a long and tough road, but the first steps have already been taken and the drive is gaining momentum.
Security has no choice but to evolve, and businesses that want to survive in the long term have no choice but to assist in that evolution. Malicious attackers will never stop trying to breach businesses and gain access to information for various reasons, and this war of Information Security needs all the support it can get from both businesses and professional practitioners alike.
At Conosco, our Security Division is committed to embodying the evolution in Information and Cyber Security, to operating efficiently at the business strategy and risk level as well as all the way down through the layers of security implementation to technical Cyber solutions that support business objectives and protect the business.
Securing the World, one step at a time!
Meet Conosco’s Security Division:
- Leads Conosco’s Security Team
- Cyber Security Champion
- Highly accredited & certified across industry standards
- 15 + yrs experience implementing Security for organisations
- Email: firstname.lastname@example.org
- LinkedIn: @HyltonStewart
- Find our more about our Security services here.