Building Back Stronger – Security as the Foundation for the UK’s Digital Transformation
Sally Eaves
Emergent Technology CTO | Global Strategy Advisor - Blockchain AI 5G IoT FinTech | Social Impact | Keynote Speaker and Author
We have been experiencing ‘a perfect storm’ when it comes to accelerated change and accelerated cybersecurity risks. In the opening plenary to CYBERUK 2021, the National Cyber Security Centre’s flagship annual event, John Lambert, General Manager at the Microsoft Threat Intelligence Centre commented that ‘resilience is created by being tested, and this last year it was tested!’ – a reflection and experience I think we can all relate to. This set the stage for a deep dive webinar session on how Cyber Security is the foundation for the UK’s Digital Transformation.
It explores exactly what has changed, what we have learnt and the challenges we face to move beyond the pandemic and catalyse sustainable digital transformation success, supporting economic recovery, and accelerating digital government. This was a timely discussion hosted by Andy Trotman, Head of News at Microsoft UK with contributions from Chris Perkins, Public Sector Lead also at Microsoft UK, and Pete Cooper, the Deputy Director of Cyber Defence, at the Government Security Group (GSG).
With the National Cyber Security Centre (NCSC) announcing that it had observed a record number of cybersecurity incidents in 2020, with attacks targeting different business sectors and COVID-19 vaccine research groups alike, this discussion session firstly provided key context on the challenges faced. Chris Perkins from Microsoft UK described these as:
· Rapidly securing access and identity across remote then hybrid working environments, without compromising on productivity or user experience
· Increasing sophistication and frequency of cyberattacks with a 300% increase in identity attacks in 2020, with motifs and methods evolving and automating
· Navigating skills gaps - 43% of organisations find it hard to fill vacancies and 30% of businesses report critical skill gaps including security, architecture and testing
In many ways this combination of factors coming together has created the perfect storm:
‘It's that perfect storm of the financial challenges, the multiple risks, the cacophony of noise and pressures on all of the teams that go across all that. And in the middle of all of this, we've got to be maintaining the cybersecurity postures that that we know keeps the organisation secure’. Pete Cooper, Deputy Director of Cyber Defence, GSG.
So how do we address this? In combination, this means the need to secure an ever expanding security perimeter and this starts by implementing a zero trust approach that assumes breach, verifies explicitly and uses least privileged access. And this is not only about the technology, this a cybersecurity mindset embedded across leadership and culture too, and with benefits that move beyond embedding security to enabling organisational agility, innovation capacity, trust building and sustainable competitive advantage.
‘It's our vision mission at Microsoft to empower everyone at every organisation to achieve more. As we reflect on the past year or so, what we want to do is support our customers and partners in building back better. We as organisational leaders have to take the learnings and build an integrated inclusive strategy’. Chris Perkins, Public Sector Lead, Microsoft UK.
And positive learnings can indeed be taken! Despite the pressures of urgency, rapid change and complexity placed on IT estates and cybersecurity teams in particular, organisations have responded. Pete Cooper stresses that now is the moment to reposition defences as we move into hybrid working models. Wherever you are in your security posture development, it is critical now to go back and re-examine it, to re-check all assumptions and to do this on a continual basis. This is an imperative to stay ahead of always evolving threats and to ensure that security posture is fully linked to what organisations are doing from a business perspective too. I believe this is key to moving beyond business resiliency, that by its nature is often reactive, to a more proactive agility to change.
Supporting this, investment in training and awareness is crucial. Security is a shared responsibility that must be understood at every single level of the organisation, and an organisations’ sphere of influence in this regard can be applied across the stakeholder ecosystem too. This is something that takes time and dedicated effort by everybody, every day. With the right information flows in place, this will enable a shared appreciation of what risk really means – the capacity to talk about it, understand it, escalate it, manage it and prioritise it.
‘Now you've got one perspective of the risk that you're facing. And actually, one understanding of how you're tackling it and the pathway that you're on’. Pete Cooper, Deputy Director of Cyber Defence, GSG.
And as a final thought from this discussion, the power of partnership also comes to the fore. Firstly, from the perspective of democratising access to learning of sector relevant skills, especially to address gaps across security, architecture, testing and beyond. A great example of this here. And secondly regards co-creating solutions and fostering knowledge sharing. As bad actors continue to collaborate for mal intent, we must do the same both within and across organisations, industries and research communities to negate that threat. And from the UK’s perspective, it is clear that Cyber Security is now a strategic issue that needs a united approach to optimise the benefits of technology for business and for wider society too.
To find out more about building an integrated and inclusive security strategy, visit https://aka.ms/SecurityandRisk and as a reminder the Cyber UK session is available to view here. Additionally, the full plenary is also available here.
?About the Author
Dr. Sally Eaves is a highly experienced Chief Technology Officer, Professor in Advanced Technologies and a Global Strategic Advisor on Digital Transformation specialising in the application of emergent technologies, notably AI, FinTech, Blockchain & 5G disciplines, for business transformation and social impact at scale. An international Keynote Speaker and Author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations in 2018 and has been described as the ‘torchbearer for ethical tech’ founding Aspirational Futures to enhance inclusion, diversity and belonging in the technology space and beyond.
Multimedia Producer & Student at The Hang Seng University of Hong Kong
3 年Great read! The zero trust approach is a really interesting idea - how should a company implement it properly?
Technology Advisor | 3TB Podcast Host | Author | Keynote Speaker My Credo - Making technology fun for everyone. Me First.
3 年As this is future-looking, we should not ignore the ramifications of #cybersecurity in the age of #quantumcomputing and what it will do to existing #cryptography protocols. The security community along with government bodies and industry needs to start developing the entire ecosystem of post-quantum safety to meet this near-future #risk Stiepan Aurélien Kovac | Davor Pavuna - thoughts?
Generative AI | AI | business growth finder and advisor. Get the most from AI with minimal risk - AI strategy, AI insights and leading AI advice - Contact me today - CEO - MikeNashTech.com
3 年Great article Sally. In the next 10 years the landscape of work including access and increase in data is simply going to explode. We have seen a huge change already in the past year. As more companies embrace a flexible working world, with data legislation getting tighter, there will be pressing need to consider 'Zero trust' and consider cybersecurity as an integral foundation to any business structure. Prior planning will mean a lot less pain in the future! So good that the UK GOV, Microsoft and others are helping business address this head on, as the part of their digital transformation journey. Thank you.
?? The AI Recruiter! ?? | Scaling AI, Machine Learning and Robotics Teams Globally | Winner of Outstanding Advocate for Women in Tech 23 ???? | Neurodiversity First Aider ? |
3 年I could not agree more about the skills shortage - literally every area of tech is struggling to make key hires due to this shortage.
Keynote Speaker | Host Our Connected Life podcast | CEO & CoFounder Dark Cryptonite | Top 30 Women in AI | Cyber Woman of the Year Finalist | Top Global Cybersecurity | Board Member | Fmr DIA Cyber Chief | AI security
3 年Great share Sally Eaves!