Cybersecurity blindspots when adopting emerging technologies by Anu Kukar
Identifying Security Hotspots With Emerging Technology
In today's rapidly evolving technology landscape, it's crucial to stay alert and aware of the potential security risks accompanying emerging technologies. Whether AI and machine learning or cloud services, these tools can pose significant threats if not properly managed. In this post, I will share five key takeaways to guide you as your organization navigates the challenging waters of emerging technologies.
Use Multiple Lenses For Proof of Concept
When evaluating a new potential technology, utilizing a variety of lenses allows for a comprehensive view. With emerging technology, it's common for organizations to adopt through a Proof of Concept in isolation without considering the broader spectrum. I urge you to approach this with multiple lenses: cost, risk, employee, finance, and – most importantly – security. Be certain that security considerations are part of the early evaluation process.
Don't Allow Isolated Implementations
Proof of concepts – and the broader implementation of new technologies – often happens in isolation. It is essential that these isolated processes become integrated within your organization's governance structure. This integration allows for comprehensive risk management and regulatory compliance, resulting in improved security outcomes.
Design for Security
When you think of design, does security come to mind? It should. When it comes to implementing emerging technologies, the design phase is the prime time to incorporate security requirements. Building these necessities in from the start can help save time, money, and even lives.
Verifying Third-party Providers
Emerging technology often involves third-party providers. How deeply do you understand their practices? It’s crucial to ensure that your vendors have the appropriate security controls in place. Just as you would explore a beautiful building before buying, dig deep and verify the security aspects of your third-party providers.
Shared Responsibility Concept
With the use of cloud services and other multi-vendor environments, determining responsibilities becomes increasingly complex. It's essential for organizations to clearly establish who is handling different elements of security, such as identity access management and back-ups.
Bonus Tip: Think Like a Gourmet Chef
Think of data like ingredients in a gourmet meal: Just as you care about sourcing environmentally friendly, fresh ingredients, you should also care about how data is handled. Where is data being stored? Who has access? The answers to these questions are essential to you understanding how the emerging technology that is driving your organization is influenced and modified by the data it uses.
Conclusion
In the end, Navigating the rapidly-evolving landscape of emerging technology requires a proactive and conscious approach to security. Recognize the risks, understand your responsibilities, verify your third-party providers, and ensure that security is tightly woven into your strategy from the start. This approach will go a long way in ensuring your organization's success.
If you found this article useful and would like to explore these concepts further, feel free to connect with me on LinkedIn. I'm always open to discussions about technology and security, and I frequently share tips and news stories to keep my network informed.
Video Transcription
Uh welcome all from wherever in the world that you've dialed in. I'm uh from Sydney Australia.So coming to you live from here and I'm going to give you five key things that you can take away and use in your organization to try and identify the security hotspots and avoid some of the disasters that we've seen around the world. So let me start by, we'll start doing some traveling and we're gonna start with my hometown Sydney Australia. And the reason I like starting with here is think about how many organizations are doing some kind of transformation at the moment. The latest global CEO surveys show 90% of organizations are doing some kind of digital or cloud transformation. One thing all of those transformations have in common is they're using some kind of emerging technology. Now, what do I mean by an emerging technology? It could be artificial intelligence, machine learning, internet of things, etcetera. And with that use of those new technologies, there are new security risks and threats that we need to think about. And that is exactly the five things I'm gonna give you today that you can take away and help protect your organization. So if you're with me, let's start. So here's a fun little question to think about when you look at the amazing Sydney Harbour bridge in Australia.
Did you know that there is actually an emerging technology on that right now? There is in fact 100 and six IOT sensors on it and it tells um the authorities and people overseeing it various data points, those data points allow them to understand the level of risks, whether it's safety, physical security. Because all those data points are providing real time information.
And so what they're able to do is they're able to constantly 24 7 monitor the safety and security elements of this critical infrastructure um and landmark of Australia. So rather than looking at it, if you look at it, does it look safe to you? Well, it looks pretty safe. But how do I know? And this is where emerging technology is playing such a key role that it can rather than just sort of looking at it and going looks ok, rather than just telling me, um I want you to show me and emerging technology is showing through data, how things are safe or not safe. I want you to think back over the last five years, the number of failures from using emerging technology, people really see the benefit and so they're adopting it, but there have been a number of failures we've looked at um a 3D mask has been able to, uh, get entry into private and sensitive areas.
We've had, um, hospital equipment that was using emerging tech hacked in and it led to patients dying. There has been, uh, chat bots that have been, uh, perhaps not using the most appropriate language and they've been causing some reputational damage. So the point I want you to really think about is organizations are transforming and in transformation, they're using emerging technology because they provide lots of benefits. However, there have been a lot of failures. And so today, we're gonna go through five ways that you can actually, um, help prevent and protect your organization from the security risks that needs to be considered with emerging technology. So we'll do a bit of traveling. So from Sydney, we've actually traveled to a place in Asia.
So for those of you listening, I'll just give you a moment to think about. Where do you think we might be in the world? Feel free to drop it in the chat box. Um And I should say there might be a prize for the winner, but we'll see. Um, we are, in fact, in Thailand, this is one of the heritage places in Thailand and a few years ago when I was there, when you look at that window, have a close look. And so how many lenses can you see? So when I was there, I found it really difficult. And while you're thinking about how many lenses the reason I'm asking you to think about the lenses and sharing this story. The number one tip with emerging technology is emerging technology is generally adopted by organizations using a proof of concept, it's done in a trial in isolation. And so it's very important that doing that proof of concept that you apply multiple lenses. So the right answer is in Thailand, if you go to this heritage spot, there is seven lenses and I want you to take away. The first point is when you are trying or thinking about doing a proof of concept, you need to have multiple lenses, a cost lens, a risk lens, an employee lens, a financial lens, and most importantly, a security lens.
It's very common for proof of concepts just to think about the costs and the customer outcomes. I want you to ask the question in the organization. Have we considered the security lens like we see in this photo in Thailand? All right, we'll move on from Thailand. We've now traveled to Middle East. Have a think if you can guess where we are. We are. In fact in Dubai where by the beach? Um And when you look at this photo, it um it actually looks like a real set of stairs, but in fact, it's actually a flat photo that gives that 3d effect. And the reason I like this is because the two doors at the opposite ends actually is the second key element of the security risk that you need to think about with emerging technology, a lot of proof of concepts and um use of emerging technology can be done in isolation like the two dolls setting apart.
And what's really important is to make sure that these two dolls are together similarly the way that security in emerging technology and emerging technology is being implemented. So take artificial intelligence, if you're adopting A I or machine learning, have you made sure that it's not in isolation, it is together as part of your governance structure. And the reason that's important is so that you can identify the risks, you can manage them, you can monitor them and you can oversee them fulfilling your regulatory obligations. So again, second tip don't allow emerging technology in your organization to be like the two dolls in the photo.
You want them all to be playing together and we'll continue traveling. We've now traveled over to North America. We are in fact in us L A and this is the other example that I really like is if you look closely at the photos, you will see the buildings. If you notice very carefully, the buildings, what do you see? It is in fact flat rooftops in every building. And if you look to the right hand side, you'll see the airport there. And during bushfire seasons, what was happening was helicopters were flying and going out to the um other side where they were rescuing people taking care of the bushfires. The n the distance that the helicopters had to travel was one costing money in terms of petrol, but more importantly, it was costing time which meant loss of lives and loss of um land and property. So what they did was the emergency services and the local council, they collaborated, they came up with how do we actually work better together to solve this problem? And so the emergency services were able to work with the local council. And part of the mandate is that any new building being built or tall enough needs to have a flat uh top so that there is a helipad so that helicopters can land.
And what that did was it reduced the petrol and the money in terms of flying back and forth because the distance was shorter. But most importantly, they were saving more lives. They could quickly go out to the bushfire areas, come back, drop people there and quickly fly back that saving the time that it would have taken to fly all the back to the airport. And the reason I share that is the third takeaway that I want you to do today is it's security by design, the way the emergency services worked with the local council and integrated it in to get a better solution. When your organization is designing your processes, designing how the A I machine learning is going to be used, make sure that your security requirements are built in right from the beginning, it can save lives, it can save money and most importantly, it will protect your organization.
And rather than you spending money later on having to um incorporate new requirements. It's a very important third one security by design as you're designing um and the use of the emerging technology. All right, we'll keep traveling. We're now back in Asia. We are in fact in, back in Thailand. And I want you to look at this photo very carefully. What do you think that is? I'm just showing you the outside. Have a think. What do you think? This is my guess when I was there. Uh many years ago, I said it looks like a church and we were asked, would you bet money on it? Um How confident are you? And I looked at it and I said, we're pretty confident and this is what's inside. It is actually a Buddhist temple inside. And the reason I share this is with emerging technology, your organization is often going to use third party providers. All your third party providers today are using emerging technology themselves. And what I want you to do is I want you to understand in the organization. Do you just look at the outside and go? Yes, we're using emerging technology and we've got the right controls and the right security elements or as what I'm suggesting, do you go in and verify? Do you check and make sure that the way emerging technology is being used by your third party providers and vendors that they've got the right security controls. So again, the fourth takeaway, third parties using the emerging technology.
Are you just looking at the outside or are you verifying and getting some comfort by checking by going inside? What appears like a church? And we travel further to the Middle East and we are, in fact at the biggest candy store uh in the world, I'm told it is in Dubai. Um and the fifth takeaway I want you to think about is with emerging technology, especially when you've got cloud involved as well. Moving and transitioning to um applications and systems to the cloud. You might find the organization like this candy tree, lots of different vendors and cloud providers.
And so one of the key security risks I want you to think about is given the concept of shared responsibility, who is actually responsible for. What if you've got multiple cloud providers like this? Multiple candy? Do you know exactly who is managing and responsible for the identity access management on boarding and off boarding? Who's responsible for backup all the different elements around security becomes a really important element when you have got cloud and emerging technology because you've got multi vendors.
So my tip to you is ask and find out now they're my five takeaways. But as a wrap up, I wanna give you a bonus one to takeaway and given it's a late evening here in Sydney, it's dinner time, probably close to dessert. I, I want to give you a food example. This is some of my favorite food. Uh, a nice Indian entree go uppers. We've got a nice Mediterranean dinner and a French dessert. If you can only take one takeaway from this presentation today, I want you to take this bonus tip. Think about when you eat this amazing food. What do you normally do? We normally find out? What kind of ingredients are they? Um Where has it been cooked? How long ago has it been cooked? Has the right hygiene been applied. We expect safety standards when we go into a restaurant and eat. We wanna know has it been sourced economically and um environmentally uh well, is it sustainable? I want you to take the same mindset with emerging technology with their food. We've got ingredients with emerging technology. It's data. You want to understand. Where is the data stored? Who's got access to the data? How is it being used and manipulated within machine learning?
Don't leave it as a black box. Find out how it's being transferred, who's accessing it? How is it being modified? Um Understand how new data is created very, very important with emerging technology because it's all driven and based on data similar to the way we eat food, which is based on ingredients. And with that, I'm going to say thank you so much. Uh five key takeaways for you with a bonus one around security hotspots that you need to look out for for when you're using emerging technology and given emerging technologies used in all the transformation and cloud and digital transformation that's going on. You're only going to find more and more organizations are either starting or have already adopted emerging technology. If you found this useful and you would like more tips like this. Feel free to connect with me on linkedin. I share regular tips and um news stories online. Thank you so much. If there is any questions, feel free to send through any comments or um uh in the chat. All right, there's lots of questions. Let me try and uh go through and answer a few here. Hey,
there's so many interesting comments. Love this session. Thanks for sharing. Great session. Interesting session. OK. Hello. Um Which question did you like particularly?
I'm just uh just catching up.
Uh OK. Fantastic. OK. Thanks for sharing. Yeah, amazing. I see that people really love your session. Interesting ways of depicting the entire topic. Great session. Thank you. Thank you so much. How did it feel to be at the virtual conference today with so many amazing people.
I'm reading through all the comments and I can't find a question just I think everyone loved the travel and I love the fact that there were people from UK Dubai, there were people from areas that I was talking about um really, really nice comments and, and I thank you again for putting this amazing, amazing session on and um for anyone if you do have a question and you haven't asked it here, um Feel free to reach out to me on linkedin and more than happy to answer any questions.
Yeah, absolutely. More comments are coming and I think it would be great if you know, drop your linkedin. If people have some follow up questions or they want to ask you something just to thank you and connect or follow you on linkedin. That would be really great. I think. What do you think? Yeah, absolutely. Sounds really good. Fantastic. So, thank you so much for being with us today and stay for the rest of the conference. I'm sure there are many people in the chat and would love to connect with you and talk one on one perhaps. So. Yeah, more comments are coming. So we have, I don't know hundreds of things.
No, that's great. I'm glad you all enjoyed it and um it's such an important topic. So thank you for giving it the prominent space and time to share Anna. That's really a thanks to you.
Absolutely. Thank you for joining us today and thank you for preparing your session. Thank you so much. Bye bye. Take
care. See you.