A little while ago I bumped into a journalist friend at a trade conference. We chatted about the event to try and identify hot topics and trends from our discussions and supplier meetings, and both sat there deflated when the stories that came to the surface were the same old ones of fear-mongering around APT and “cyber” threats.
“CISOs have a habit of missing the boat,” I said, thinking of how virtualisation, social media, and consumerisation had all crept into wide-scale adoption before many security teams had managed to turn their attention to them, “so, what topic should we be looking ahead to that CISOs are not talking about?”
This question was much more interesting and we came to realise that the elephant that is currently pushing its way into the room is the Internet of Things (IoT).
My friend pointed out that he had raised this topic with several CISOs and was surprised at their lack of appreciation for the potential change that the IoT could bring to industry, consumers, and the Security & Risk (S&R) role — as the digital and physical world entwine, for example, we can envisage huge safety risks that the CISO would be best placed to address.
We also decided that the stakes were surprisingly high, as the IoT has the potential to revolutionise technology innovation to such an extent that the eCommerce and social media bubbles will appear both sluggish and trivial by comparison.
The IoT is starting to happen now and this is a wave of change that S&R Professionals cannot miss. If we are to build acceptable levels of security into the products and services of the future, we need to understand where that future is headed and ensure that security and risk management are fundamental to the initial designs.