What about cyber security keeps me awake at night?


Posted on: November 21, 2017 by Phil Aitchison

I see plenty of media coverage lamenting the arrival of the General Data Protection Regulation (GDPR) and with evocative tales of the growing cyber threat. Whilst I understand that this is not necessarily scaremongering and that every business must wake up to the realities, my own view is very different. I see cyber security as an enabler for organisations to achieve their digital dreams. I see the cyber security industry as an entrepreneurial hothouse where hungry SME start-ups are revolutionising decision-making at cyber security operating centres using machine learning technology. Cyber security is a risk. And if we truly understand risk, we can apply the controls needed to achieve our business goals.

What worries me most about cyber?

I’ve heard it said that sleep liberates the mind from previously held truisms. I have three major gripes about cyber security.

  1. Businesses lock themselves into bleeding-edge technology.

Decisions made about cyber security need to be expressed in business terms, not technical jargon. Cool new cyber technologies will regularly burst onto the scene then fade into the background. This is a good thing. Staying relevant to the evolving cyber threat requires innovation at pace. But care should be taken to stick to the fundamentals. Businesses who take evidence-based decisions to reduce their overall risk must buy services which deliver outcomes, not individual products. This avoids vendor lock-in and outsources the technology obsolescence risk to vendors. It also enables businesses to optimise the quality and coverage of service, rather than funding individual technology roadmaps.

  1. The scarcity of skills and experienced people.

Plenty of educational courses, recruitment drives and reskilling programmes already exist. Industry must look to work together to take existing collaboration to a new level. Pooling of threat intelligence, shared incident investigation and remediation should happen across supply chains, not just within individual organisations. As stakeholders, we are all in this together.

  1. An improved balance must be found leveraging both automation and human insight.

Granted, not everybody can afford detailed threat analysis or the latest behavioural analysis tools, but all organisations need to apply some combination of auto-remediation and specialist human experience to combat their cyber threat. Technology can instantly block well known threats, or alert based on activity that is similar to what has been seen before. This allows rapid flagging of novel threats for human intervention. The magic is in ‘learning’ how to move as much of the latter group into the former group, so-called machine intelligence. The Atos response to this is an end-to-end solution which continually learns and orchestrates automated security actions to quickly resolve current threats and anticipate the ones to come, at scale and across global enterprises.

How to create value from these ideas?

Against this backdrop is the reality that businesses must commit ongoing investment to cyber resilience as a cost of doing business. Secure by design is an oft-abused term, however the failure to adhere to such a notion would see organisations fail to attract external investment, or worse, be no longer regarded as economically viable. The answer lies with technologies knitted together into end-to-end solutions which enable organisations to realise their digital transformation ambitions.

Digital Vision for Cyber Security

This article is part of the Atos Digital Vision for Cyber Security opinion paper. We cover what every business should know about cyber security, why a concerted response is essential, and how to protect data, systems and services from any attack.

 

Share this blog article


About Phil Aitchison

Head of Cyber Security & Mission Critical Systems, Atos UK&I
Phil leads the team responsible for the design, build and running of Atos UK&I’s cyber security portfolio. Currently, he is executing our strategy to work with clients to apply cyber security controls into the digital transformation of public services and private sector organisations. Phil has 15 years’ experience in developing and delivering mission-critical infrastructure, cyber resilience and surveillance solutions for critical national infrastructure clients. Educated in Scotland at Strathclyde Business School, Phil also holds a First-class Master’s Degree in Business & Technology from University College Dublin.

Follow or contact Phil