The future belongs to Information Security champions, here’s why….

• by Ellie Hurst
• Advent IM Blog

From Advent IM Head of Client Development, Derek Willins

What will the world be like in 10 years? No one knows for sure. So maybe it’s easier to think about what will not change, and develop plans based on that. This is exactly what Geoff Bezos said when asked about the future. He believed understanding what will not change is the key. He said, “In our retail business, we know that customers want low prices, and I know that’s going to be true 10 years from now”. Figuring out how to keep prices low now becomes the basis for Amazon’s strategy.
In the world of information, similar thinking can be applied. In other words, what will not change in ten years’ time? Here are some thoughts. People will still want access to goods and services at the touch of a few buttons. They will continue to need the convenience, choice, and options that our digital society has now created as expectations, and they will expect their information to remain private. Leaders will still want their organisations to be trusted, to be productive, and to be innovative. Criminals will remain greedy and will want your money. Hostile countries will want your secrets or will disrupt you, and the data we generate will continue to rise as our smart cities, workplaces and homes will adopt more data-creating technology as it develops.
The pursuit of knowledge and wisdom is a human condition that is eternal, therefore will still be with us in 2023. Current evidence shows a significant growth in data analytics and data science to squeeze elusive new insights and meaning from our data lakes. 79% of organizations have more than 100 data sources and 30% have more than 1,000, according to a December 2021 IDC survey of global chief data officers. Making this data work for them in better ways is the goal. In 10 years, it will be better developed, but the need to use data will be like breathing air.
However, most organizations haven’t standardized their data quality function and nearly two-thirds haven’t standardized data governance and privacy. The race to use data more effectively via ‘digital transformation’ has created a shortage of skilled technical people with knock on effects for many industries including data security. I expect future data mining and analysis, will become an everyday activity with ever more data to feed the system. Training and education will have to change. Data literacy will become a core subject like reading and writing. Societal dependence on data and information for everything we do, will be complete. However, the risks society will carry as a result of digital everything will be enormous.
Unchanging basic human needs plus constantly changing technology, tell us a lot about the future. It tells us that certain current challenges will remain. For instance, how do we continue to keep data and information safe, and in good shape to be harnessed for infinite applications? My view is, that the foundational activities which ensure data confidentiality, integrity, and availability, will remain as important in 2032 as they are today. Data integrity in particular needs work. A KPMG survey in 2018 found that just one-third of CEOs trust the accuracy of their own data. There will be new methods, standards, rules, and laws of course, but the disciplines required around data governance and information security management will come of age. They will have to.
The connectivity of supply chains and their growing vertical and horizontal interdependence with customer systems are already at high levels. The need to be connected will continue to increase and could result in the end of government ‘tolerance’ towards parts of the private sectors with limited uptake of better data standards and protection. The private sector as a whole will be expected to manage their data as well as they do their finances, and if they do not the consequences will become more severe. In early 2022 Toyota closed all its factories in Japan after a key supplier was infected by ransomware, and risked the entire Toyota business. This kind of incident illustrates the risk that exists in the new world we have created. The UK Government’s recently published Cyber Security Strategy documents are full of intent and expectation about raising security and the data protection bar, and the onus on all parts of the supply chain to be responsible towards each other is expected.
My message to any private or public enterprise that is not fully on board with adopting better standards and processes around how they manage the safety and quality of their own and other people’s data is: make this a business as usual activity and soon. Most organisations are evolving and aligning their data security and data management to their overall strategy. But there remains much work to be done. Poor data quality costs large organizations, on average, $13 million a year, according to a Gartner report in July 2021. But it’s not just the immediate effect on revenue that’s at stake. Poor data quality leads to poor decision-making and ultimately existential threat. Continuous improvement has to be the norm.
At the very least, organisations should pay as much attention to the people and the process of managing and protecting data, as they do to technological solutions. Understand what information you’ve got, how it’s managed, and by whom. Get a good Data Governance programme set up. Potentially add a Master Data Management program to ensure one truth instead of five competing ones (i.e., the sales department coding customers differently to the finance team and so on). Then figure out how you are protecting your information, and what special measures exist for the most valuable data sets. Who owns what and who is responsible for what. How this is managed reported and represented at a board level. Adopt a standard to work towards that suits your business or your industry, and ensure management is behind it.
Train your people in data protection and information asset management. Let them change your culture from the bottom up and give them the tools and the support to do it. In summary, revisit the data management and security plan you have, and be confident it is fit for purpose. There is no escape, and no alternative if you wish to be around in ten years time.