A little while ago I bumped into a journalist friend at a trade conference. We chatted about the event to try and identify hot topics and trends from our discussions and supplier meetings, and both sat there deflated when the stories that came to the surface were the same old ones of fear-mongering around APT and “cyber” threats.
“CISOs have a habit of missing the boat,” I said, thinking of how virtualization, social media, and consumerization had all crept into wide-scale adoption before many security teams had managed to turn their attention to them, “so, what topic should we be looking ahead to that CISOs are not talking about?” This question was much more interesting and we came to realize that the elephant that is currently pushing its way into the room is the Internet of Things (IoT).
My friend pointed out that he had raised this topic with several CISOs and was surprised at their lack of appreciation for the potential change that the IoT could bring to industry, consumers, and the Security & Risk (S&R) role — as the digital and physical world entwine, for example, we can envisage huge safety risks that the CISO would be best placed to address. We also decided that the stakes were surprisingly high, as the IoT has the potential to revolutionize technology innovation to such an extent that the eCommerce and social media bubbles will appear both sluggish and trivial by comparison.