Telstra Purple is a technology services business, comprising of 1,500 specialists in Australia, EMEA and Asia. Bringing together Telstra Enterprise’s business technology services capabilities and a number of acquisitions, Telstra Purple is focused on outcome-based, transformative tech solutions.
Why cyber resilience counts today
Geopolitical risks and the impact of COVID-19 have put security technology at the top of every business leader’s agenda as the world rapidly responds to the threat. Manoj Bhatt, Head of Cyber Security Advisory and Consulting at Telstra Purple EMEA, has seen first hand the increased focus on risk management and cyber resilience in response to the crisis.
“The coronavirus has demonstrated the importance of cyber resilience as businesses move to remote working whilst ensuring they do so securely,” says Bhatt. “Cyber security isn’t just a concern for the security or IT department, and those organisations that already have a strong, ingrained security culture that is business wide, will weather the storm best.”
As business leaders begin to evaluate their technology stacks to understand their efficacy, and consider how well they integrate with the current business while supporting its future needs and goals, security teams must remain one step ahead with answers to potential questions.
Rob Robinson, Director of Security and Network Services at Telstra Purple EMEA, believes that organisations must think of security as a business enabler.
“It goes back to the conversations we’ve been having with CISOs recently. For a security strategy to be successful, all lines of the business - HR, Finance and IT - must stay informed and aligned with its goals,” explains Robinson. “CISOs admit to friction within companies, saying they don't think their boards see information security as important a function as they do. It’s important that this thinking changes and security leaders offer guidance on how businesses can protect themselves and mitigate risk. Security has to be considered an enabler rather than something that is negatively impacting the business.”
Getting cyber security right: best practice and learnings
Cyber security doesn’t sit still, and understanding the latest threats, risks and solutions to these problems is a collective industry effort.
Bhatt also sits on the advisory board of ClubCISO. Explaining the community’s benefits he states: “One of the things we really like about ClubCISO is that it’s a community of CISOs for CISOs – that’s the key thing. It’s a peer group to share thought leadership and provides a platform to talk to one another about the latest cyber security threats and issues, and also to share best practices.”
Each year, ClubCISO surveys the community in a live vote to get a collective view of the current security landscape, and understand the contemporary issues faced by security specialists. The latest ClubCISO Information Security Maturity Report was released in May 2020. This year’s Live Vote, which was held virtually for the first time due to the COVID-19 outbreak, drew over 100 CISO respondents.
“One surprising finding from this year’s report is that there isn’t as much maturity around the cloud as expected,” states Robinson. “We have asked that same question five years in a row, expecting the percentage to increase considerably each year. However, interestingly it has remained the same.”
Robinson postulates that this stems from a shortage of skill sets. Another related conversation in this space revolves around how to encourage more diversity in security – sparking an interesting debate around what security teams can do to be more inclusive and build up capabilities. To resolve the issue for future generations, Robinson believes it’s important to start talking about security apprenticeships early, and begin to raise the importance of it in schools now. “It’s vital to talk about the importance of security and feed that interest into the security industry, at a time where we increasingly need that help and capability,” he says.
The coronavirus pandemic has caused disruption in industries worldwide. Uncontrollable circumstances such as these highlight the importance of adopting a ‘future state’ mindset, reassessing business needs now and in the future, and evaluating what kinds of technologies and implementations can support these. The priority in the current environment is supporting home working and guarding against cyber threats.
Bhatt sums up the current situation and issues a warning: “We're certainly seeing a big drive from a number of vendors talking about how their security products are going to be ‘the silver bullet’, but it’s impossible to determine a solution without a proper assessment and understanding of business needs first.
“You must first understand what already exists within your organisation, and what the current technology set up is, before you can consider what the best technologies for the job are. If you bring this thinking together, it makes you more resilient against threats, whether that be COVID-19 or an out-of-the-blue cyber attack. It’s important to join the dots and take a holistic perspective.”
The power and the threat of emerging technologies
As emerging technologies such as machine learning (ML) and automation become increasingly sophisticated, so do those with malicious intent. Businesses must be prepared to keep pace with the threat environment to remain secure.
“The world’s changing,” states Robinson. ”We’re not in a traditional bubble where security is at the perimeter and everything’s protected centrally – there’s a much wider attack surface. There’s a lot of information sitting outside of non-traditional environments and you have to apply technology and modern approaches such as ML and automation to that,” he affirms.
“It’s important that we apply these technologies in a way that’s appropriate, as well as maintain an accurate understanding of how we address and manage security incidents, otherwise businesses will not be in a position to respond and protect.”
Whilst cloud is not exactly an emerging technology, many businesses are still at the nascent stage of their cloud journey. Bhatt has observed that businesses are split into three different camps when it comes to their cloud security strategies.
The first camp thinks about cloud, but has not embarked on the journey because they haven’t considered where it might take them. The challenge is in identifying what cloud will achieve for the business, and how much can be saved by implementing it.
In the second camp are businesses that have implemented cloud, but are not recognising the benefits it is delivering. These are typically organisations that have not set out a clear path or taken an objective-driven approach to their cloud strategy.
In the final camp sit the businesses with cloud expertise that focus on cloud enhancement. This is where a company has moved to the cloud and is now looking to enhance it with approaches such as containerisation. This marks the start of the next stage of the journey, where technologies such as automation and robotics become increasingly influential in the business.
With the pace of technology adoption showing no sign of letting up, it’s vital that businesses and their employees practise good cyber hygiene at their workplaces and homes.
”Security is a continuous journey that must be grounded in what the business is trying to achieve,” says Robinson. “Business leaders and their security advisors must assess the environment the business operates in, understanding the risk landscape, the threat profile and how you place people, processes and technology around security to address these evolving needs. And finally, cyber security must align with all business functions to ensure there are no weak links.”