Technology Futurist and Information Risk Consultant Simon Moores believes the world is currently occupying a vulnerable moment between two technology waves in the information security space. It is just one important issue Moores explored in a recent virtual conversation with ISACA Now.

Moores will present 'The Time has Come' - Cybersecurity in the 21st Century as the closing keynote speaker at the inaugural CSX 2016 European Conference in London 31 October – 2 November.

As a frequent advisor to government and businesses on the evolution and development of new technology, Moores has been closely involved with some of the largest names in technology and was Prime Minister Tony Blair’s technology advisor to the UK government’s Office of the e-Envoy. He is an expert on disruptive innovation and information security as expanding information models converge.

Here is his recent conversation with ISACA Now:


ISACA Now: You’ve said that for “… the most part, distracted by gadgetry, we have been sleepwalking into a future that may look very different to the comfortable assumptions we hold today.” What did you mean by that and can you tell us what things may look like to the average person ten years from now?

SIMON MOORES: Some fifteen years ago, when I was involved with the UK government’s roll-out of the Internet and early broadband, I warned we needed to anticipate the known and unknown consumer risks that would accompany an ‘always-on’ society. Government’s view at the time was very much that universal connectivity was a priority and that the security industry would solve the growing problem of online crime; then still relatively primitive in nature. It didn’t.

Those “comfortable assumptions” I refer to, surround the belief, still held by many, that a decade or more further on, achieving a confident level of information assurance still remains as simple as buying a ‘black box‘ or installing the latest anti-virus update. This simply fails to take account of the serious nature of the arms race we are experiencing, one involving highly sophisticated and well-funded organized crime groups and state-sponsored hackers.

My personal view, which I’ve been peddling to audiences for over a year now, is that we are occupying a vulnerable moment between two technology waves in the information security space. The first appeared around 2004 when information risk ceased to be associated with nuisance exploits and attracted the attention of organised crime. The second is just in front of us and the future looks vaguely as if it is following the plot of Mr. Robot or an equally dystopic William Gibson, the cyberpunk science fiction writer, vision of tomorrow, as billions of independent and increasingly autonomous smart devices appear online.


ISACA Now: What are some of the key lessons of past sudden disruptive changes that we can apply to disruptive changes now and in the future?

MOORES: The novelist, Ray Bradbury was once asked “Are you trying to predict the future?” "Hell NO," he replied. “I’m trying to prevent it.” We invariably wrap ourselves in knots when we discuss disruption in any industry and whether it is disruptive or simply economic Darwinism.

We can start by admitting that we cannot easily imagine what an anti-virus product, a SIEM service, or even an internal process might look like in five years, because technology will continually reshape the security market or indeed, what the market is becoming.

A well-known example of disruption is the digital camera, invented at Kodak in 1975, but suppressed because the company realised it would have a negative impact on its core film business. When they finally introduced the DCS 100 in 1991, it cost nearly £10,000 and boasted a maximum resolution of 1.3 megapixels; storing its images in a separate, ten-pound hard drive.

Kodak swiftly went to the wall and then, what happened in 2007 was that a bunch of converging, enabling technologies; mobile CPUs, ubiquitous networking, touch screens, application deployment, social networks, cloud, and mobile payments; simultaneously converged and became “good enough” to support the arrival of the iPhone where the camera was just one part of a much wider user experience.

The security industry is following along the same path and today it’s machine-learning and artificial intelligence which will set the pace of change; something I plan to explore in my talk at the CSX 2016 European Conference in London.

ISACA Now: What will be the key takeaways from your CSX Europe presentation?

MOORES: Without delivering my presentation in advance, let me give you a quote from George Orwell: “We have now sunk to a depth at which the restatement of the obvious is the first duty of intelligent men.”

I think we can apply it to the information security space and perhaps what is most obvious is that human beings alone can no longer cope with the raw scale of the threat we now face from the Internet. For some security industry incumbents this may prove challenging as agility is now very much an advantage and tomorrow’s big security industry players might look rather different to today’s.

(This article originally appeared on the ISACA blog, which can be viewed here)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access