Re-imagine: a world without boundaries
At a Glance
Microsoft’s Chief Security Advisor, Sarah Armstrong-Smith, examines the impact of recent global instability on it is changing appetite for risk and what this could mean for how we approach cybersecurity in the future. Sarah goes on to look at the prospects for building frictionless, trusted and integrated networks, where organizations can successfully re-imagine themselves as digital-first ventures.
5 Minute Read
If I could sum up the last few years with one word, it would be resilience. Whilst pandemics are nothing new, the world was not prepared for an event of the magnitude of COVID-19, and it forced many organizations to operate in ways that may have seemed incomprehensible just a few years ago. As organizations contended with waves of lockdown, there was a rush to ensure services remained available and accessible. Despite the closure of many physical locations, digital services had to remain open as demand soared. As the weeks turned into months, apprehension eased, and stories of defiance started to appear. The rhetoric of ”we can’t do this” gave way to ”we must do this.” The risk-averse became the risk-tolerant. If there is one thing we know about humans — when faced with major global events and extreme adversity, we bounce back stronger and rebuild. To do so requires us to continuously innovate. But despite every opportunity that presented itself for organizations, they also presented opportunities for attackers.
Attackers don’t respect boundaries
As many organizations revised their policies, such as enabling personal devices or collaboration tools to keep people online, cybercriminals took advantage of the situation. We witnessed a level of recklessness by the attackers and a willingness to test the boundaries of the defenses, to push further than they had dared before. Changes to working practices, technology and infrastructure opened a variety of new and evolving attack vectors. These are no longer just focused on disruption but also destruction. It’s a reality that we can’t ignore, as we consider the effect of deliberate and sustained sabotage on an already weakened supply chain.
A world without boundaries should not mean a world that is not secure. It means our evaluation and perception of risk must continue to evolve. It requires a shift in mindset, from “it may happen” to “it will happen.” Rather than fear the change, let’s embrace it.
Cybersecurity for the Olympic and Paralympic Games
Crossing the boundary of technology and cybersecurity
We often talk about hybrid, as the divergence of legacy and cloud infrastructure. But to go beyond boundaries, we need to consider hybrid more holistically. No longer can CIOs and CISOs just consider the security of IT infrastructure. With opportunities for digital innovation extending further into the physical and biological worlds, they should also secure IoT/OT/ICS and robotics, combined with augmented and mixed reality and AI. This fusion, known as the internet of everything, is an ever-expanding ecosystem of digital connectivity and smart technologies that enables enhanced consumer and employee experiences and engagement. In parallel, it introduces additional risk and attack vectors that can be exploited. This intersection requires us to consider the interplay between digital security and safety, where the traditional need for confidentiality, integrity and availability also requires us to build for quality, endurance and reliability.
To be safe and secure in this digital world
You must start from a position which assumes you are neither safe nor secure. We must therefore design for and assume failure, by thinking of the myriad ways in which it could be physically and logically accessed by exploiting vulnerabilities. Having an assumed compromise/failure mentality requires that safety and security controls be deployed to counteract this. This is an evolution for chaos engineering, which is designed to test against these severe (but plausible) and turbulent conditions — pushing it beyond its boundaries.
Modernize with longevity and sustainability
We know that no system is infallible, and that risk is relative. Hence, it needs to be dynamic and constantly evaluate and react to the changing landscape. Speed and agility are of the essence, along with built-in digital protections that reduce complexity and provide longevity for our investment — especially considered against the backdrop of an economic downturn. It sounds scary to re-imagine a world without boundaries, but what we’re really building is a frictionless, trusted and integrated network, where siloes are removed and complexity is reduced by having end-to-end visibility of each interconnected touchpoint. Many organizations are already re-imaging themselves to be digital organizations, opening new lines of business, supply chains and experiences for employees and consumers. To do this in a safe and secure manner requires a network of trust. This means adopting an identity of everything mindset to explicitly verify and validate each entry and data point. Forging new links between the physical and digital worlds dramatically increases the scope of enterprise security and safety. This is perhaps the next step in the evolution of zero trust, where we re-imagine a trusted network without boundaries that enables us to operate end-to-end to explore the art of the possible.
Digital Vision: Cybersecurity 3 – Further Insights
From across Atos and beyond, find out more about cybersecurity challenges and how organizations can respond to cyber threats