You are a speaker at the GoTech World event. How do you like this event?
I am very honored to be speaking at GoTech World. This especially today, in the midst of a pandemic, when the digital transformation has been accelerated exponentially and organizations are, by necessity, more reliant on digital tools. It is so critical for leaders to understand how they can best protect the growing attack surface that remote work has created from the increasing threat of cybercrime. I am pleased to be speaking at GoTech World, because it is dedicated to not only helping the business ecosystem increase in efficiency and productivity but also to protect digital assets from theft and exploitation.
What is FPOV?
Future Point of View is a digital consulting firm driven to help leaders and organizations navigate the digital transformation. We guide leaders in many different areas. First, we teach leaders how to become High Beam leaders with the ability to peer out three to five years into the future and anticipate trends that will impact their organizations and industries. The goal is to be able to foresee these trends so that they can steer their organizations through disruptive times and even gain competitive advantage in their industries. We also help organizations find the correct HUMALOGY® balance.
HUMALOGY is determining the proper blend of human effort and technology to maximize efficiency and customer experience. This allows organizations to achieve profit amplification. Finally, we guide organizations on best practices to protect their digital assets in a connected world by minimizing risk and maximizing proactive incident response.
How do you see the future from your point of view?
I don’t believe it is a stretch to say we will continue to move to a more digital world. A greater amount of our lives will be conducted in a digital environment.
Meanwhile, we will be augmented with technology which will give us superpowers that we can’t even imagine. However, with these superpowers will come increased risks. So if I were to look at the future with cybersecurity or digital security in mind, I do see the following: With more and more devices connected to the internet it makes these devices vulnerable to cybercrime and exploitation in unintended ways.
In the future we will see people susceptible to novel social engineering techniques and more individualized spearphishing that combines catphishing and will also include manipulated or synthetic audio or video. We will see more intimate devices (such as personal health devices) and dangerous devices (such as vehicles and weapons) be the targets of ransomware or controlled takeovers. The fracturing (or nationalization) of the internet may lead to more frequent and brazen nation-state cyberattacks with devastating consequences.
In the immediate future, organizations will face increased risk from downstream or third party attacks, as they become ensnared in cyberattacks that involve data they have shared with a third party that has been mishandled by that third party. Ransomware will continue to be an enormous problem and the cyber insurance market may face upheaval as insurers flee the market and organizations are forced to endure more limited coverage. This fact may require increased government intervention.
What important changes should companies expect in the future?
From a cybersecurity standpoint, companies need to move as soon as possible from a reactive approach to a proactive approach to cybersecurity. Most organizations have not built the mindset that it is not IF but WHEN they will be the victim of a cyberattack. A greater emphasis needs to be placed on proactive incident response. This includes building incident response playbooks and constantly refining those playbooks through tabletops. It means a larger investment into detection and response, including a 24/7/365 response program. It also means ensuring that your vendor contracts are ironclad, because we will continue to see more downstream attacks, where organizations are impacted when their vendors are hit with a cyberattack and leak organizational data.
Were these changes accelerated by the current Pandemic or is it just a normal evolution?
I believe these changes were absolutely impacted by the pandemic. The pandemic dramatically increased the network surface for organizations. In many organizations, the number of endpoint devices rose which enlarged potential attack vectors. While this trend was already occurring, it was accelerated by the pandemic. Because many organizations have seen the benefit of remote work, they will continue to allow employees to work remotely, which means that this increase in endpoint devices and network size will remain. While this is not necessarily a bad thing, it will require greater diligence in organizational cybersecurity.
Do you think that companies are ready for these changes?
I believe many leaders still see cybersecurity as an organizational cost and not an investment. This is improving; however, many leaders view cybersecurity as an iT irritation and not a business requirement. I have seen too many leaders realize the value and necessity of cybersecurity only after they have watched their organizations be mortally threatened by a devastating cyber incident. It is sad that it comes to this, but human nature allows us to believe risk will not happen to us. Hence, why proactive cybersecurity is now paramount. Too often, leaders discover weaknesses after it is too late. These weaknesses could have easily been discovered and remediated, but leaders did not want to make the investment in cybersecurity until they wish they had.
How do you see people adapting to the changes of the future. Do you think they will accept the change or will it be an opposition?
I think leaders will eventually have to come around to proactive cybersecurity practices. Regulation will help, as organizations will be forced to adhere to more stringent cybersecurity practices to receive cybersecurity insurance or even to remain in business because of government regulations. While initially, organizations may continue to fight increases in cybersecurity spending, eventually this will become normalized as a cost of doing business. Younger leaders, having grown up as digital natives, will be more willing to see cybersecurity as an organizational benefit as opposed to a cost.