During the next couple weeks, we’ll see countless stories and interviews with experts and thought leaders forecasting 2020’s hottest cybersecurity innovations and trends. AI, Blockchain, better tool integration–all flashy and exciting, but in reality, the innovation I am most looking forward to is not technical. It is one of talent availability and taking care of the fundamentals of information security.
Not So Fast
When truly evaluating how feasible it is for some of these innovations to be in 2020’s spotlight, most of these “latest and greatest” trends can be refuted or are simply not ready:
- AI-powered information security tools are heading in the right direction, but are not “there” yet. Most (if not all) of the tools require a massive amount of tuning and configuration (as well as specialized knowledge) to be made useful to the everyday IT professional. Until the level of calibration subsides, AI will likely be more of a time-consuming headache for everyday IT teams than a ground-breaking solution.
- Blockchain has some real use cases, but they are limited and will require wide-reaching industry consensus to become a standard (health records are an excellent example). As a more colorful example–trying to find ways to use blockchain in information security feels like someone walking around with a hammer looking for things that look like nails…
- Consolidation and integration of tools throughout the industry would be fine if that consolidation resulted in a logical, intuitive suite of tools rather than the same point solutions loosely strapped together with a central (and sometimes fragile) management portal.
This seemingly cynical viewpoint is not actually cynical and is not meant to discount the brilliant tools and capabilities being developed. Rather, it is from the perspective of many small and medium businesses that have a limited budget, limited manpower, and are trying to substantially improve their organizations and protect them against compromise.
I’ve encountered this and similar instances many times throughout my career: an organization buys the newest technical innovation, successfully deploys it, but still doesn’t have basic multi-factor authentication enabled (for at least their admin-level users). Sound familiar?
Mastering the fundamentals of two-factor authentication, effective password management, automatic patching and updating, proper backup practices, and others will place you in a much better place to tackle newer, more advanced tools. Diving into new innovations without mastering these basics will more than likely create complications or vulnerabilities down the road.
A Well-Rounded Approach
Solid information security involves good communication and coordination, a deep understanding of the technical environment (and the data contained and handled therein), and taking care of the fundamentals. Once the fundamentals are addressed and information security is well integrated with the technical parts of the organization (and not perceived as a bottleneck or speed bump), you’ll then be ready to deploy and integrate more of these cutting-edge tools.
Beyond mastering the basics, the heart of the challenge is the small number of people with cybersecurity skillsets. We need to find ways to leverage a small population of qualified practitioners while simultaneously developing new security and risk professionals with a mindset of fundamental best practices.
Master the Basics, Keep Pushing Forward
All this being said, for the coming year (and thereafter), my resolutions are three-fold:
- Help organizations address information security fundamentals to protect themselves from some of the most common attacks and compromises.
- Collaborate and communicate regularly with fellow information security experts to remain ahead of the curve.
- Foster new talent by sharing new methods, and shedding light on what a career in information security really looks like (full disclosure, it’s pretty awesome).
Here’s to a year of improved security, progress with innovation, and cultivation of the newest talent. I think it’s safe to say it’ll be a good one.