问候旅行! Since you have been navigating the wonderful 和 informative world of the ISACA®杂志 for some time, you have likely been inspired to explore 和 question the world around you. I invite you to take a break from staring at screens for I have a tale to tell. 它会让你思考一个不同的世界, the seemingly magical devices we use every day 和 the fabric that connects them to each other. 你看到...
童话镇...
...网络空间里有海盗和牛仔. Men 和 women seeking their futures 和 fortunes in an untamed digital l和scape that had yet to be touched or changed by mankind. Forging ahead 和 making names for themselves as great pioneers 和 adventurers, 他们展示了新的设备和软件的存在. These new discoveries interested not only academics 和 technologists, but slowly caught the eye of the general public as the new technologies helped make life slightly easier with each new innovation.
比如家用个人电脑, 互联网和, 最终, the smartphone paired with cellular technology brought all of these conveniences not just to our fingertips at home or in the office, 但是在世界上任何地方. With the mass adoption of these devices came the building of the backend infrastructure to house large data sets 和 processing power, 是什么催生了下一次数字创新革命. This also was the starting point of accelerating technologies such as the Internet of Things (IoT), 人工智能(AI)和云. 然而, 在全球数字化转型中, there was another mythical character lurking in the shadows—the dreaded wizards (also known as hackers).
These villains sought to exploit vulnerabilities 和 overlooked coding 和 security errors in new products for their own benefit 和 educational gain. Posing as regular players in this fairy tale kingdom by day, at night they played with forbidden magic such as scanners 和 fuzzers to circumvent protocols 和 bend devices to their will, 和, 这样做的时候, 获得未经授权的访问, 放弃组织的声誉, 控制和政策混乱不堪. Sometimes these intruders would send sys admins 和 coders information on what they found, 他们是如何利用它的, 有时甚至是如何解决它, but they did not have explicit written permission to do so 和, 因此, 会因为好奇而受到惩罚吗. 然而, 一些组织, 实现这些实践的好处, offered these wizards jobs to help them discover these vulnerabilities 和 fix them. And some of these wizards traded robes 和 staffs for khakis 和 polo shirts. 因此,网络安全诞生了.
赛博洞穴的寓言
当然, 这只是一个跨类型游戏, silly 和 overly simplified interpretation of the history of 互联网和 cybersecurity. 除了愚蠢, the extreme speed 和 leaps we have made in technological innovations in the last 50 years are astounding 和 noteworthy. This innovation is so fast, in fact, that humanity is having a hard time keeping pace with it. Despite advancements in technology, cyberattacks are on the rise with no end in sight.1 The support from senior leaders for adopting emerging technologies is there, but there is hesitation2 because implementing any technology into current infrastructure brings with it the possibility of increasing cyberattack surfaces 和 possible vulnerabilities. 换句话说, it is hard to implement new 和 emerging technologies while we are still trying to secure traditional infrastructure, 而且似乎没有什么希望.
It was recently pointed out to me that when I talk about emerging technologies, 我更倾向于谈论这项技术的历史. 虽然乍一看这似乎违反直觉, every forward leap we make in innovation is weighed down by the fact that the underlying security of devices does not improve. 在一个童话般的世界里, I would say that this exemplifies the fact that humans are doomed to repeat history. The more practical explanation is that past behaviors often predict future ones. 没有真正改变我们使用和保护技术的方式, 我们很可能继续目前的趋势.
And, once again, there is the interconnectivity between technology 和 humanity. As the old adage says, end users are the weakest part of any network. 我越是深入研究新兴技术和网络安全, 我越意识到这种说法有多愚蠢. 不是因为这不是真的, but because humans or end users are the only reason networks exist in the first place. As IT practitioners inundated by technology on a daily basis, it is easy to lose sight of that. 在一个童话般的世界里, we would defeat the security issues that plague our networks 和 make the world safer for emerging technology implementations by throwing the one ring of vulnerability into the fires of Mount Doom, 从而结束了可能的剥削统治. 当然,这不是童话故事. 在现实生活中, 这种改变需要时间和努力才能成功, but all too often we try to look for the one thing to fix it all. The truth is that to secure our older technologies 和 create space for the new ones to grow will take effort, patience 和 underst和ing to teach all users—whether C-suite or customers—the importance of governance, 风险评估, 网络安全和IT.
这很难实施 NEW AND EMERGING TECHNOLOGIES WHILE WE ARE STILL TRYING TO SECURE TRADITIONAL INFRASTRUCTURE.
尾注
1 ISACA®, 2021年网络安全状况, 第2部分:威胁形势, 安全运营和网络安全成熟度,美国,2021; http://5wb7.baileherculane.net/go/state-of-cybersecurity-2021
2 ISACA, 脉搏:新兴技术2021,美国,2021; http://5wb7.baileherculane.net/go/emerging-tech-2021
Dustin Brewer, CISM, CSX-P, CDPSE, CEH
Is ISACA’s senior director emerging technology 和 innovation, a role in which he explores 和 produces content for the ISACA® community on the utilization benefits 和 possible threats to current infrastructure posed by emerging technologies. 他在IT领域有17年的经验, 从网络开始, 编程和硬件专业化. He excelled in cybersecurity while serving in the US military 和, 晚些时候, as an independent contractor 和 lead developer for defense contract agencies, 他专攻计算机网络安全, 渗透测试, 和 training for various US Department of Defense (DoD) 和 commercial entities. 可以通过以下方式联系布鲁尔 futures@baileherculane.net.