Sage Advice - Cybersecurity Blog

Automation, Algorithms and AI — Oh My

Automation-Algorithms-and-AIFuturist, author, and consultant Mike Walsh spends 300-some-odd days a year traveling the globe researching technology trends, keynoting industry events, and guiding organizational leaders through the complexities of digital disruption. Appropriately, then, his 2018 CyberCrime Symposium presentation took attendees on a whirlwind tour of the transformative forces they’ll manage if they want to thrive in an increasingly AI-driven world. As he told the info-sec and privacy officers in attendance, the goalposts that marked 2020 as AI’s future zone have been pushed back a decade or so, but he warned them not to get complacent.

“We may be talking about 2030, but the decisions you make today will determine your organization’s success and security posture going forward,” said Walsh, CEO of Tomorrow, a consultancy that helps businesses design operations for the 21st century. He encouraged attendees to challenge their assumptions about the future, their business models, and the kinds of talent they recruit going forward. Rather than worry about their jobs as they continue to automate routine processes, CISOs, CPOs, and CIOs should focus on tapping the potential of their workforce.

“We live in not just an algorithmic age, but an age defined by systems that can learn and get increasingly smarter,” said Walsh. “Once we’ve automated all the routine back-office functions, the next big jump in productivity will come from elevating the people in our teams.”

The algorithms that power the entertainment that mesmerizes kids, said Walsh, will transform data centers and optimize logistics. They’ll also enable rogue groups to weaponize cyber-threats and help cybersecurity teams fight back. To better grasp the landscape they’ll navigate over the next decade, Walsh urged attendees to think about the impact algorithms already have on their daily lives.

He singled out three trends and impacts as particularly compelling:

Anticipating Needs

To the youngest generation of online denizens — kids 10-years-old and younger — “personalization is so 2017,” he joked. They’re growing up in a world where providers use data to design and curate their every online experience. Data-driven giants are using the massive volumes they collect to be not just more responsive, but actually anticipate consumer needs and actions.

Amazon, Walsh said, can now run algorithms that predict the specific products that individuals will order and send them to geo-located fulfillment centers. Those people protective of their privacy, he added, won’t be happy when the company starts sending packages of products they haven’t ordered — especially when they open them up and realize they actually need what’s inside. Algorithmic-directed supply-chain logistics models will pressure organizations to rethink the way they design their own systems and platforms.

“Organizations will have to be agile to anticipate the needs of this new generation of consumers,” Walsh said. “All this data we once thought of as something to be warehoused will fuel future algorithms and AI, which will learn and create the ever-more immersive, compelling experiences these consumers demand.”

Interfacing with Technology 

Today’s youth — that future workforce — connects with technology in a completely different way than preceding generations. As they improve their language skills, they use them to interact with people as well as the technologies that surround them. Therefore, the second important area to consider is the way future employees will interface with technology. Younger generations may be obsessed with screen time now, said Walsh, but they won’t be by the time they enter the workforce. Instead, they’ll expect to tell IT systems and devices what they need.

“They may have seen Alexa in their living rooms, but they'll expect it in the boardroom of the organizations they join,” he said. Voice recognition and other biometrics will change the way organizations secure networks and systems through authentication, authorization, and privileged access. “As the body becomes the interface to technology, it creates a new set of authentication challenges — as well as opportunities,” said Walsh.

In Asia, particularly China, “facial recognition technology is already part of the national infrastructure,” Walsh added. “China’s going to be a preeminent force in the world of artificial intelligence because it’s gathering massive amounts of data, and it’s not just clicks or searches or likes,” he said. It’s continually collecting data on the minutiae or daily life, making the “offline-to-online” model its cultural norm.

Securing IoT

The third area of interest involves, not surprisingly, the Internet of Things. It’s already creating massive headaches on the cybersecurity front, an issue not likely to trend to downward. Essentially, practically everything — toothbrushes, toilets, jet engines, humans — can and will be Internet-connected. “The real challenge will come when all of these sensors, devices, and wearables start to get weaponized by neuroscience and behavioral economics,” Walsh said.

Already, he said, the first life insurance providers have announced they will require customers to be part of “vitality” programs — another way, said Walsh, of saying they’ll refuse to sell them life insurance policies if they don’t use apps that collect and track data on their daily activities. 

All of these developments led Walsh to conclude that the “threats to privacy and security in the algorithmic age are much more nuanced and complex” than the typical data breach.

Listen, Learn, and Lead

If data’s in the driver’s seat going forward, said Walsh, organizations will have to reexamine not only the talent they want to recruit, but observe how young hires react to entrenched workflows and processes. These reactions, as well as the way they use apps and data-driven devices, can provide CISOs and CPOs with valuable insight into new kinds of security and privacy threats and ways they might defend against them.

Also, Walsh advised attendees to run data workshops, which challenge departmental leaders to tell their most compelling stories of how data is driving organizational change.  “If you can make data the language of the organization through powerful stories, you can train employees to, for example, practice good security hygiene.

As for concerns that their jobs will disappear as machines get smarter, Walsh told the audience that he believed leaders in theirs and all fields will become more important as the future comes into sight. Their responsibilities may become more high-level and they may need to develop new skills, he said, but ultimately, “I think we’ll need people more than ever.”

To succeed in this brave new world, he continued, leaders will need to master two sets of skills. One, “they’ll need to have a flair for computational thinking and be able to adapt their decision-making style to an algorithmic age.”

Second, they’ll have strong people skills and understand human complexity. “It’s no secret that the biggest security threat is not IT systems, but the people using them,” Walsh said. “Future leaders will understand what drives risk in a situation, and be able to put it in a context that helps change behaviors.

This is the tenth in our series of posts presenting key takeaways from our 2018 CyberCrime Symposium, held November 1-2, 2018. The program — “The Future of Privacy and Security” — featured an incredible line-up of speakers. If you couldn’t get a seat at the event or want a refresher on various sessions, this is a not-to-be-missed series!


Topics: CyberCrime Symposium, IoT, Privacy

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More