Cybersecurity in 2025
An emergency call from the World Economic Forum
The critical technological transformations that will sustain the future of prosperity: ubiquitous connectivity, artificial intelligence, quantum computing, and the next generation of ways to manage (user) identity and access to information; will not set up just one (more) incremental challenge for the (information) security (managing) community – by the year 2025.
The fragment above is a clear call from the World Economic Forum to the attention of information security managers, business leaders, and other interested third parties about the actual risk that must be analyzed and addressed almost immediately to consolidate effective strategic plans for the management of information security, and in a broader sense, of Cybersecurity by 2025.
But what does it mean exactly?
Let’s start with the required definitions.
Do Cybersecurity and Information Security Management mean the same thing?
In order to understand the size of the challenge, it is necessary to start by explaining what Cybersecurity and Information Security Management is, to identify how these areas are related and differ from one another.
Cybersecurity is the broadest layer of a strategic information security management plan.
It responds and is deployed to guarantee three core principles: confidentiality, integrity, and availability of the information in the system it intends to secure.
Its technological and knowledge framework provides the basis for any strategic information security management plan in an organization or institution.
Cybersecurity goes from including specific hardware such as firewalls to addressing the risk of intrusions into networks (a.k.a integrity and availability attacks), to training users of a digital ecosystem to learning how to manage their access credentials in a safe manner and how to act and react in the case of potential and real attempts to steal their identity or kidnapping their information, which represents the clear violation of the principle of confidentiality for the user’s information assets.
Information security management is defined as the management model chosen by the organization for creating, implementing, operating, monitoring, reviewing, maintaining, and improving the protection of information that enables the operation of the business; even, going a step beyond, it might include the incorporation of “resilient” measures that –in the event of an emergency– allow for the recovery of the attacked computer assets (personal databases, passwords, transaction information, accounting information, among others)
The objective is –in such a catastrophic case– to be able to guarantee again the three basic principles of cybersecurity in the system: confidentiality, integrity, and availability of information.
The answer to that question goes in the way that the pace of development for ubiquitous connectivity, AI, quantum computing, IOT, and the new ways for identity access and authentication; disrupts the productivity models of our societies thus boosting their competitiveness and prominence in the international context; Increasing at the same time and exponentially their exposure to cybersecurity risks.
According to the WEF, 2025 is the year in which threats to businesses and institutions’ cybersecurity can overwhelm the defensive capacity of information security management in the world.
This is why this organization recommends its own approach to address the situation.
This approach deploys in five specific dimensions:
- Closing the cybersecurity knowledge gap: For companies, it means acquiring new human talent while cultivating and expanding the capabilities of their current workforce with the competencies to design, implement, measure, and scale an information security management program as effectively as possible.
- Awareness of political/technology fragmentation: In an organization, it is about being aware that controlling cyberspace is an impossible mission and that the policies for processing personal data and privacy management, as well as the access to computer assets, and the implementation of remote work; all of them, must go hand in hand with the understanding and effective incorporation –tailored to the needs of risk management– of the technology that supports them.
- A new look: The WEF concludes that the existing capabilities and technologies to respond to the current challenge of information security will no longer fit that purpose in the immediate future (2025). Therefore, it is mandatory to develop –collectively and individually– new ways, attitudes, and skills that enable companies and institutions to respond to incidents and threats that are just starting to take shape in 2023.
- Lack of budget: In companies and institutions, information security must be considered a key item in the budget dedicated to technology innovation and updating. The necessary resources must be provided so that new technologies are developed incorporating into their DNA the best practices of information security (Apple has taken a first step in this direction, restricting as much as possible the access of applications to the behavior and the private information of iPhone users, with Facebook taking one of the biggest hits).
- Accountability as a capacity in constant development: In the outlook of businesses, accountability is a capacity that the organization must constantly scale up and make awareness of among its members so that it is not affected by contexts where the interdependence of work teams and breaking down the silos of different areas, cause individual responsibilities to be diluted.
The conclusion
If you are a person with the potential to exert influence in your organization related to strategic planning and long-term business sustainability, call for a review of the current strategic plan for information security management and business continuity.
Discuss with your team this approach proposed by the World Economic Forum and review together how it can inspire improvements in your organization.
…One fine day, a Shaolin master was sharing a moment of recreation and reflection with his disciples in a lush forest, and one of them asked him 'Master when is the best day to plant a tree?' The Shaolin master replied, 'Yesterday'.