Coined in 1995 by Clayton M. Christensen, the term ‘disruptive technologies’ refer to innovations that create a new market. While the term is believed to be one of that overused jargon, and there has been a lot of discussions revolving around what is to be defined as disruptive or otherwise, the replacement of telephone over the telegraph, smartphones over rudimentary phones, and private jet over supersonic transport are few developments we can agree on calling disruptive.
While the automobile, electricity, and television were disruptive technologies in their own time, in recent years, the superior attributes of the cloud, artificial intelligence (AI), and the metaverse have helped them earn a spot among the big leagues. However, as businesses jump to invest in new technologies to enhance business performance and user experience, many tend to overlook the security flaws capable of disrupting the very essence of these innovations.
Even after two decades, we still are busy patching the security concerns of the once-disruptive internet, and it is critical to do the same with emerging technologies. Businesses that slack on addressing the security concerns embedded in these technological advancements might risk losing business and eventually face a shutdown. As technologies like blockchain, digital avatars, and their monetary equivalent, cryptocurrency, continue to disrupt the real world and the digital real estate, it is time to take a step back and evaluate where businesses stand in terms of their digital security hygiene.
Artificial intelligence: more than just data processing
Artificial Intelligence, the 387.45-billion-dollar industry, has been fundamentally restructuring the swaths of our society. Augmenting human intelligence, this technology has helped us go beyond our computational power to tackle a broader set of ideas successfully. AI-powered robots in the manufacturing sector, virtual tutors in education, bots in customer services, and disease mapping in healthcare; AI is already the main driver for technologies like big data, robotics, and IoT. It was once perceived that machines have begun to understand humans. While the underlying concept of collecting more data has made AI smarter, intelligence is also its Achilles heel. Moreover, the inception of the fifth-generation technology further boosted AI’s data-procuring process.
Unfortunately, the same technology that helped us achieve personalized user experience through its reliable speed and connectivity has helped attackers gain an easy entry point to systems. Therefore, before getting excited over delegating critical functions to AI, CISOs must begin by evaluating their current security posture. Developed nations like the United States have already begun to witness the mayhem that these data-hungry technologies can unleash if not addressed adequately.
AI’s decision-making algorithm has found applications across HealthTech, FinTech etc. For instance, within FinTech, apart from advanced sentiment analysis that focuses on training chatbots and enhancing client experience, AI has helped banking institutions keep financial fraud at bay by keeping track of fraudulent wire transfers and fake insurance claims. However, in an era where financial data sells expensive on the dark web, taking a second-hand approach on security for AI-powered decision-making systems could offer adversaries the potential to jeopardize the integrity of the system. Another risk factor involved is the possibility of poisoning data fed to systems. For example, autonomous cars that travel with the help of sensors, radars and AI, without the presence of a human operator, are likely to be involved in an accident if a hostile actor tampers with the training data or remotely exploits the vehicle's software.
Various governments have been pushing for AI plans and initiatives; however, most of these strategies concentrate more on funding more AI activity, training more workers and encouraging more innovations than addressing security hygiene. With deepfakes, algorithm bias and smarter phishing, the threats of AI go beyond just tampering with data sets. This calls for the attention of policy makers to emphasize the importance of having transparency and accountability in AI systems.
Internet of things: house of cards
Leveraging the cloud's scalability, the edge's computing power, and 5G's reduced latency, intelligent connectivity has become a reality through IoT. Today, powering the very breath of smart homes and buildings, IoT’s application span numerous verticals, including automotive, telecommunication and energy, and has interwoven into facets of our daily life. However, despite outrageous attacks on ‘IoT,’ businesses continue to rely on legacy security solutions.
As we integrate IoT into critical infrastructure, cybersecurity must never take a backseat considering its ability to paralyze societal functions. To begin with, businesses must take stock and identify the remotely scattered devices connected to their network. In 2018, hackers could steal a casino's database information just through a smart thermometer. Unfortunately, IoT’s sheer strength in promoting connectivity is its own weakness. Vulnerability in one of the devices becomes a threat to the entire network. As the adage goes, you can’t protect what you can’t see, admins should consider securing the vulnerable endpoints with an IT strategy. A strong endpoint management system provides an overview of the corporate’s IoT structure and help them secure the entire device mesh by enforcing password policies and configuring restrictions. Moreover, combiningthe potential of endpoint managementwith the power of Secure Access Service Edge(SASE) can help IT admins limit how much network is available to these endpoints.
Considering the positive impact connected devices promise in terms of a sustainable yet efficient environment, the IoT industry will see accelerated growth. However, the growing number of connected devices means a growing surface area for attacks, and one needs to remember that without security, the internet of things is just an internet of threats.
Metaverse: the digital abyss
The debut of Metaverse blurred the lines between physical and digital spaces, stirring waves in 2022 as the concept entered the year’s hype cycle. Coined by Neal Stephenson in Snow Crash, a science fiction novel in 1992, the technology was described by Gartner as one of the disruptive innovations that will take a decade or more to become mainstream. Furthermore, in an effort to monetize the potential of the metaverse, Facebook recently garnered attention by rebranding itself as ‘Meta.’ While the metaverse doesn’t identify with a single technology, it brings in every technology that contributes to enhancing user interaction. If done right, this closer-to-reality virtual technology is expected to improve teleworker camaraderie, collaboration and efficiency. However, as new as the technology sounds, the security concerns of the metaverse still remain a realm untapped.
To begin with, the metaverse runs on Augmented Reality (AR) and Virtual Reality (VR) technologies rich with biometric data, facial features and gestures. These data treasure troves, if compromised, could lead to impersonation and deepfakes. The solution to this vulnerability is to seal off the endpoints with a Zero Trust approach. Having device security solutions, endpoint management solutions, cloud security solutions, Zero Trust Network Access (ZTNA) solution, and anything that fits the enterprise’s requirements for in-device security solutions, helps achieve the idea of zero trust.While the otherwise conventional world where we live and breathe saw about 1.4 billion identity thefts in 2021, the inception of the metaverse has further exacerbated the identity landscape. The virtual positioning of these rapidly proliferating identities have made organizations even more vulnerable to identity attacks. However, by implementing Identity and Access Management(IAM) technologies, admins can efficiently allocate resources to the right person at the right time. In addition, the decentralization mechanism Web 3.0 relies on will put more power in the hands of users, ensuring that users retain ownership control over their data.
After shuttling between remote and hybrid work, metaverse has taken work to a virtual space. This has allowed us to re-imagine a new work environment by simulating co-presence. However, in this proliferating world of diversely scattered identities and avatars, fencing every resource with perimeter-based technologies isn’t going to work. Answering these concerns, ZTNA verifies the identity of every user, device, and network, irrespective of their IP address, port or protocol.
As blurred as the lines between the parallel universes are, the Big Brother malware that was capable of preying on susceptible VRs is an excellent example of how attacks in the virtual world can creep into your physical space. While the notion of the metaverse is laudable and has found applications in IT, gaming, and fashion, it is built on disputed AI technology, the authenticity of which is dependent on the designer. We are yet to realize how this concept of 3D internet will transform the future workplace environment.
Final note
More than chasing trends, preparing for the future of business calls for strategic investment into resources that align with businesses’ future needs. While disruptive technologies help businesses gain a significant foothold in the industry, companies must assess and evaluate their security posture before onboarding them. Undoubtedly, AI and its successors promise enhanced user experience and business performance; however, funds set aside to build their security must be given just as much consideration as allocated for their investment.
