Cybersecurity Trends

The cybersecurity workforce gap is on pace to hit 1.8 million by 2022

"Cybersecurity is the preservation of Confidentiality, Integrity, and Availability of information and information systems through the cyber medium. Besides, other properties, such as authenticity, accountability, non-repudiation, and reliability, can also be involved. The cybersecurity workforce gap is on pace to hit 1.8 million by 2022- a 20% increase since 2015 due to essentially lack of qualified personnel," said Prof. Frank Yam in a webinar hosted by the Institute of Internal Auditors Qatar on 'Cybersecurity trends and challenges for internal auditors.'

Prof. Yam is the Chairman of Focus Strategic Group Inc, a consulting firm providing Business and Technology advisory services, focusing on IT auditing, risk management, and cyber-security.  Yam, most notably, served six terms as the Director and International Vice President of Information Systems Audit & Control Association (ISACA), USA. He also has an Executive Master's degree in Innovation and was selected as the ISACA 2021 Outstanding Chapter Leader for his "effective and inspiring leadership."

Yam started his presentation with a statement, "but it is not just about covid-19, but in the new normal, everything is digitized." For organizations, priority is on keeping everyone safe, Customer Experience Management, Business Continuity, and New technology-related strategies. For Internal auditors, it is about Remote Auditing, Change in skills for digital transformation, and the economic downturn that increases fraud risks.

Emerging Technologies are radically novel and relatively fast-growing technologies persisting over time and potentially impact the socio-economic domains. The common risks with emerging technologies are overestimating AI capabilities, algorithmic bias, programmatic errors, cyber-attacks, legal risks, and liabilities.

'Agile is a mindset, not a methodology,' said Frank and explained agile compared to a waterfall methodology.  The agile methodology process follows creating a vision document, kick-off, and the rest of the activities are iterative until project completion.

Cybersecurity starts with understanding the real web. There is the World Wide Web (www) with only 4% of internet content such as Google, Amazon, Wikipedia, etc. Deep Web internet content is over 90% generally not accessible by search engines such as academics, medical, government, subscription information, etc. The dark web has only 6% internet content with encrypted data of illegal sites and stolen data. Frank displayed market prices from the Dark Web for information related to credit card, bank account, medical, FB, spam, etc.

Prof. Yam speaking about impact and challenges for auditors, said, "Too many auditors worry about threats and vulnerabilities that pose no actual risk to an asset, prioritizing compliance over risk and wasting precious time and resources." The strategic audit planning and usage of the NIST (National institute of standards and technology) cybersecurity framework as a benchmark guideline is needed.

"The training encompassed a strong message to Assume Breach. At a time of constant change where technologies will continue to evolve and disrupt, the Board expects Auditors to understand technology-related risks and recommend controls to adopt a sensible business model. The KEY for success is building teams that can thrive in the future that can't be predicted. The acronym for KEY is Keep Empowering Yourself," said Sundaresan Rajeswar, Board Member and Chief Advisor of the IIA Qatar chapter, who coordinated the event.

Christain Adonis, Past President of the IIA Qatar, addressed the gathering and introduced the speaker, Muralikrisha, and Murtaza hosted the meeting.