Executives and industry experts have given their views on new cybersecurity threats that have appeared in the wake of the global crisis – and shared their best strategies for defeating them.
I recently participated on a panel during the Transformation Tune-In virtual event on The Evolving Cyber Threat Landscape, hosted by Dell Technologies and Intel.
Bobby Ford, CISO at Unilever, began by discussing risks emerging from the increase in working from home, “While most of the technology was already in place to allow people to work safely from home – what many organisations didn’t have was line of sight to the distractions that would come with home working. The biggest threat is the ability to remain focused. We ramped up our education and awareness program to make sure everyone was mindful of trying to keep that office-like awareness while working from home.”
Richard Curran, Global Security Officer at Intel, agreed, adding that cybercriminals have moved to exploit this vulnerability and the global focus on the pandemic. “What we have seen from intelligence across the market is that the volume of threats remains constant, but criminals have focused in on an opportunity around COVID-19. From February to May there were 67,000 bogus COVID sites established; made to take advantage of opportunities around phishing and so forth. Also, from speaking to governments in the last few months, there has been a fundamental change in investment from criminals from disruption to espionage. The ability to extract IP from companies. Business leaders need to remain very much aware of the seriousness of the potential impact of threats. Look at your overall base – your IP and your business continuity – and ensure you’re cognizant of what is needed to remain operational to continue to serve your customers every day.”
From security to resilience
As the conversation shifted to strategies for combating emerging threats, Michael Imeson, a Contributing Editor at FT Specialist said:“Businesses have to take a more holistic approach than they have in the past…you have to start moving away from just thinking about cybersecurity and think more about cyber-resilience. How do you respond, recover and learn from that experience?”
Yaniv Harel, GM Cyber Solutions Group at Dell Technologies, agreed that, as companies look to adopt new technologies to gain business advantage, they must take a new cyber-resilience mindset: “Companies must balance technology with the right methodologies, talent and personnel. We are in continuous discussions with CISOs concerned about their strategies to adopt multi-cloud, consolidate their data center, reduce the number of systems that they have, to recover from cyberattacks; and this is before I mention containers, AI, blockchain and so on. We believe in what we call ‘intrinsic security’ – how security is built from the inside, from the base of the organisation and its technology infrastructure. This is how you balance the demands from all of these different priorities.”
Bobby Ford, Unilever, offered advice to security leaders struggling to address many complex technology priorities while ensuring cyber-resilience: “You cannot do everything. You have to have a conversation with the business stakeholders and establish what are you in business to do and how does your organization make money? Once you really understand that, that’s when you start to build your security strategy.”
From my perspective, companies must not only think about making security intrinsic to technology infrastructure, but also making security professionals intrinsic to future product development – where previously they have often been left out of the process until the end. One of the trends we’re seeing is the idea of moving from project-based to product-based organizations. Instead of having a network-storage-security, silo-based model, people are breaking down those silos and creating product teams. And instead of security being the “project prevention team,” they’re being incorporated into the product design from the beginning. This means they can think about where that work is going to run and where that data is going to live and wrap security around it.
It has never been more important for organizations to be supported by their technology partners. Richard Curran, Intel, agreed, “We want [organizations] to reach out to their technology partners. We want to understand how we can help them become more secure, and to ensure that the impact to business is mitigated as much as it possibly can be.”
Watch the replay of this Transformation Tune-In webinar on demand (registration required).