Rushing into implementing the newest technology or trend isn’t the most efficient way to encourage sustainable security practices, according to Alex Woodward, Senior Vice President – Consulting Delivery, Cyber Security, CGI UK & Australia. He tells us why inspiring a mindful approach can reap the most rewards, especially when it comes to fuelling visibility for the next generation of talent.
The technology landscape is becoming a melting pot of innovation and cutting-edge research. In many ways, this is driving society forwards and unlocking new opportunities for businesses across all industries. But as IT systems grow more sophisticated, organisation must always remain vigilant to the persistent cybersecurity threats that exist.
Such extensive innovation could be considered a double-edged sword, as it in itself has enabled threat techniques to evolve at pace, keeping security professionals on their toes in a bid to keep up. This has triggered a need for greater emphasis to be placed on businesses to feed resources into their existing cyber functions and invest in the right technology and talent to adapt to these rising threats.
As a result, decision-makers and CISOs need to consider how future innovations may impact their cyber health. Investment in cybersecurity isn’t just a method to plug existing gaps, but a mechanism for proactivity and preparedness to defend against theoretical and tangible risks in the mid- to long-term.
The need for the right technology
At the core of what drives cybersecurity decision making is ensuring that technology aligns with organisational needs and goals. Attack surfaces are complex and dynamic, built upon layers of IT infrastructure, across multiple business units and sectors. CISOs must ensure that all facets are considered when it comes to isolating security gaps or existing vulnerabilities, to minimise risk.
There are always inherent challenges when it comes to upgrading legacy infrastructure or replacing them. Organisations can sometimes follow the attitude of ‘newer is better’, when this may not be the case. Smarter tools may offer greater independent benefits, but when considered as part of a larger network, can be more detrimental to operations. This is especially the case when looking at siloed business units, as pitfalls appear when adding additional tools to the mix.
It’s essential to weigh up all the options. Investing in more sophisticated cybersecurity technologies that integrate well, and enhance current systems is essential to providing more robust protection. Identifying and isolating any gaps, and integrating the correct solutions, be it endpoint, cloud, network, or broader, can be the difference maker in defending against a breach.
The cybersecurity skills revolution
The cybersecurity – and broader technology – talent crunch has become quite acute in recent years. In fact, the World Economic Forum found that approximately 52% of organisations reported resourcing and skills to be the biggest challenge when building out their approach to cyber-resilience. Additionally, nearly all (95%) of CISOs and felt there should be a greater effort on recruiting talent into the cyber workforce.
There are several factors that contribute to this challenge. Cybersecurity careers have been associated with certain stereotypes, but those in the industry are working to dispel this. Highlighting the importance of the role, curating healthy and rewarding working environments and setting out a tangible and measured career progression is essential.
Furthermore, eliminating the perception of a high barrier to entry and enabling options for education, upskilling and reskilling will encourage fresh minds to consider cybersecurity as a viable career path.
But those in the cybersecurity industry cannot achieve this alone; working alongside education providers is an essential part of this. Prioritising STEM (science, technology, engineering and maths) pathways in education, and offering more visibility on security professional progression and reskilling are important first steps to take. There’s a common misconception that cyber professionals need to have a computer engineering degree to excel. This isn’t necessarily the case, as there are so many viable pathways for professionals to pick up skills that can set them in good stead. CISOs need to improve the optics around this through in-house training, or investment to make these pathways more accessible.
Investment today to protect the future
CISOs and decision-makers need to be forward-looking in their approach to cybersecurity investment. Proactivity is a core element to defend against threat actors and mitigate the risk of vulnerability exposures. Anticipating what future pressures CISOs and security operations teams may have on their radar can be the deciding factor between whether a breach is successful or not, so it is crucial to remain a step ahead.
We’ve already seen the significance of AI and its utilisation to simplify both attack pathways and defence, but new technology threatens to shake up the ecosystem yet again. CISOs need to have their finger on the pulse of these new technologies and the impact they will have. This goes beyond High-Performance Computing (HPC) and looks towards more futuristic and theoretical deep technologies.
For example, quantum security, whilst still heavily under research, will disrupt the approach needed to protect security systems. Developments in quantum alone could significantly shorten the time needed to break even the most sophisticated encryption algorithms. Incorporating these technologies into organisational cybersecurity design will be vital in protecting businesses and building resilience for the future.
Decision making for decision-makers
Ultimately, the discussion around security investment is quite broad, and the wider business all need to be informed on the benefits it brings – but only when utilised in the right way.
Not only do decision makers and CISOs need to consider upgrading existing technologies but integrate new ones that align with current and future infrastructure together with their organisational needs. Plumbing in misaligned or obsolete technologies will be detrimental to an organisation’s overall security system and can open the doors for threat actors to exploit new vulnerabilities.
Additionally, CISOs need to be mindful of the resources available to security teams. Ensuring current staff are supported with the right tools, and providing new pathways for reskilling and upskilling lowers the barrier of entry into the cybersecurity industry, is central to improving visibility and appetite for the next generation of talent.
Finally, organisations need to be mindful of future threats to the cybersecurity landscape. Disruptive technologies such as quantum technology and Generative AI, while potentially hugely beneficial, may prove to be a double-edged sword. Organisations need to anticipate their impact and how they can be utilised to build more resilient infrastructure and business processes. Investing in these new technologies and weaving them into security design can set businesses in good stead to take future challenges head on.