If 2019 has taught the cybersecurity industry anything at all, it is that regardless of size or sector, every organization is a target of a possible cyberattack. According to Norton, more than four billion records were breached in 2019. As the number of breached records continues to grow, so does the cost of defending against malicious actors.
It can be downright eerie to think about the global threat landscape, particularly amid undulating geo-political tensions. Yet we are far beyond the point where we can ignore the reality that cybersecurity is everyone’s job. Evidenced in the RSAC 2020 Trend Report and this year’s Human Element theme, it’s time to break down silos and open the doors of communication.
According to Gartner’s Top Strategic Predictions for 2020 and Beyond, technology will become even more intertwined with all aspects of human behavior. What does that mean for 2020? We again looked to our Advisory Board, who bring rich and diverse experiences to their work, to understand how the relationship between humans and technology will continue to evolve. Recognizing that there is hope in looking ahead, the Advisory Board tried to focus on some forward-thinking and optimistic predictions of what to expect in the year ahead.
Top-Level Changes
As we finalize all the makings of a conference rooted in the Human Element theme, it’s not surprising that many industry leaders are thinking about the ways in which both humans and technology will evolve and move toward a more secure digital world. According to Joyce Brocaglia, CEO of Alta Associates, Board Suited and the Executive Women’s Forum, “2020 will be the year for cybersecurity executives to educate themselves on how boards operate and where they can add value so they are best prepared and positioned to meet this demand. Given the laws and institutional efforts driving board diversity; women in cybersecurity will have an unprecedented opportunity to bring their technology and business acumen to the boardroom.”
Not only will executives advance their understanding of how boards operate, but the board members themselves will hone new skills. “Cybersecurity is a board level imperative creating more opportunities for those with cyber expertise to serve on boards, but cybersecurity experience alone, however, is not enough, Brocaglia says. “In 2020, the composition of boardroom directors will become more diverse in skills and gender. Digital Directors; those who provide oversight to a company’s digital strategies and help them to mitigate risks will be in high demand in Non-Profit, Advisory and Corporate Boards.”
Who’s Got Skills?
While the industry definitely recognizes the skills and has taken many endeavors to address the problem, it remains true that hiring managers struggle to write information security-related job descriptions while candidates have trouble discerning which positions they should actually apply for and how they should go about the application process, says Caroline Wong, Chief Strategy Officer at Cobalt.io. “We have this pretty severe matching problem. That being said, I think that 2020 is the year when someone is going to come out with some sort of platform or matching technology that helps us to do this thing better. Maybe it’s a platform that helps hiring managers put together job descriptions or get the word out. Maybe there’s some sort of application or wizard that helps a candidate describe their skills and experience in a way that’s easily accessible and useful for a recruiter or hiring manager. A sort of Tinder for cybersecurity jobs,” Wong says.
Scammers Gonna Scam
Advisory board member Todd Inskeep, Principal, Cyber Security Strategy, Booz Allen Hamilton, anticipates that scam artists aren’t going to take a break in 2020. “Con artist-type scams will continue to be successful,” says Inskeep. The problem is that our nature as humans is to be trusting. “Con artists have always preyed on this trust. At Internet scale, their methods are almost scientific—playing to fears to incite a quick response. This is core to this year's theme of the "Human Element." As we see exponential growth in computing power, and across technology, I fear we are creating changes so rapidly that people can't adapt to these new threats, or even adapt to the pace of changes that we'll see in the next decade and beyond. The gap between technology and our ability to adapt will leave gaps for con artists to exploit.”
More Conversations about Technology
Recognizing that there is an inherent challenge to AI, Wong believes there will be more conversation about what kinds of cybersecurity problems can be solved by automation and what must be solved by humans. “The data set you have regardless of how large and deep it is, will never actually match a future scenario—it’s called ‘concept drift’—pattern matching on old data, and the predictions can never be exactly right,” Wong says. As a result, she predicts that in 2020, “We are going to move away from this idea that technology is going to come and save us, and have a more nuanced conversation and maybe even see some models emerging with regards to how does a cybersecurity professional determine what problems are good candidates for technology to solve versus which problems are much better for humans to solve.”
Indeed, Wong is not alone in her thinking about the challenges presented with AI. Inskeep says, “We are going to get a lot of new lessons from the usage of AI in cybersecurity this coming year. The recent story about Apple Card offering different credit limits for men and women has pointed out that we don’t readily understand how these algorithms work. We are going to find that we have learned some really powerful things next year. We are going to find some hard lessons in situations where an AI appeared to be doing one thing and we eventually figured out the AI was doing something else, or possibly nothing at all.”
In this first part of the 2020 predictions series, many advisory board members looked at what might change for people. In part two, we’ll hear more from those who have great expectations of what is to come from processes and technology.