Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Cybersecurity's 'Moral Imperative'

Cybersecurity professionals often talk about the economic drivers of security. But should the conversation shift to include a moral component? At least one analyst says "yes."

(Image by <a href="https://stock.adobe.com/images/stopping-and-defending-from-digital-pixels-flow/127729231?prev_url=detail" target="new">Photocreo Bednarek</a>, via Adobe Stock)

When the audience files into a keynote session at a computer industry conference, they can be primed to hear many different words. "Moral imperative" are rarely among them. But those are exactly the words that were part of the opening at last week's Gartner SYMposium.

Mbula Schoen, senior principal analyst for Gartner, was charged with talking about business' role in a digital society, which she defined as "the sum of all our interactions between human and technology." As part of the responsible business role, she says that companies must invest in a safe digital society while protecting the enterprise.

And just to put a point on it, she told the audience that, "Security is a moral imperative in a digital society." That moral imperative covers the responsibility the company has to society at large, as well as to all of the organization's stakeholders — partners, employees, customers, as well as shareholders.

But what does that imperative look like when turned into action? Schoen had several examples of issues IT security teams should be looking for in their work. One of the first she talked about was inappropriate use of technology.

Big, splashy examples of inappropriate technology use aren't hard to find. Schoen pointed to the drones that were sighted near England's Gatwick airport, closing it for 33 hours in December 2018. More insidious cases, she pointed out, could be in bias introduced in AI systems.

Researchers have known that those AI biases are a potential issue for years. But the impact of bias took on heightened urgency when it was recently shown that some AI models favored white patients over black patients for healthcare treatment. When Gartner data shows that 30% of organizations will use AI to make decisions by 2022, the potential for those critical biases to increase reaches a critical level.

In another example, Schoen pointed to the increasing collection of personal data for use by businesses. The data is being collected, processed, and stored, often without the understanding of the customer. And each of those steps requires security.

"Finding data to collect isn't hard, but society is skeptical about how it's being used," she explained. As a result, "There is more regulation of privacy than ever before, and less privacy."

ISC(2), the organization of CISSP and other cybersecurity certifications, also sees moral and ethical components to cybersecurity.

"I think [morality is] very relevant today. It's about doing the right thing for society," said COO Wesley Simpson in an interview at the ISC(2) Security Congress, in Orlando this week. "For every one of our 145,000 members, it's not just about passing an exam or getting endorsed. The third component is that you have to accept, abide by, and live up to our ethical canons. That gets to the moral obligation of our members."

Simpson pointed out that ISC(2) has, and will continue to, revoke the certification of members found to have violated moral or ethical standards within cybersecurity.

Back at Gartner SYMposium, Schoen said finding data to collect is easy, but society has become skeptical about how that data is being used and secured. To build great trust, she said, companies must institute solid information governance and provide greater transparency regarding security and privacy controls.

Finally, Schoen said every organization should institute "three Ds" regarding using and protecting user data:

  • Decide to manage security and risk to protect all stakeholders

  • Design to be a responsible custodian of customer data

  • Drive to identify and build a societal value proposition

Here at the Edge we're curious: How important is the moral component in your cybersecurity work? Is it the driving factor in what you do, or is morality a word best left out of the conversation among cybersecurity pros? Let us know what you think in the Comments section, below.

Related Content:

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights