Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Perspectives edition 32 banner
Perspectives edition 32 banner
Edition #32 | July 2024

Holistic cybersecurity: Connecting the dots between technology, people and processes

Read full edition
From advanced persistent threats to sophisticated AI-powered deepfakes, enterprises are having to contend with an entirely new breed of cybersecurity challenges. Emerging technologies and a constantly expanding defense perimeter mean even well-established tools and practices may not keep the organization safe. 


In this issue of Perspectives, three of Thoughtworks’ top security experts explain how the risks facing companies are changing in a world where truth, and stability, are harder to come by – and the strategies business leaders should adopt in response.  

An evolving international threat landscape

Source: CrowdStrike

 

i. AI changing the security picture – and possibilities  

 

High-profile scams and data breaches made possible by the democratization of AI have raised concerns about new technologies fueling catastrophic cybersecurity events. At the same time, there’s growing interest in leveraging AI systems to enhance the organization’s defense capabilities.  

 

As Thoughtworks experts point out, provided teams learn to query information and rethink some of their assumptions – and remember claims around next-generation security solutions aren’t always taken at face value – the analytical and pattern-matching powers AI brings to the table can make it a formidable security ally.

Photo headshot of Lu Yang, Head of Incubator Service Line Security, Thoughtworks
“It will become increasingly difficult to get real information, or to make judgments as to information’s trustworthiness.”

 

Lu Yang
Head of Incubator Service Line Security, Thoughtworks

ii. Constructing an effective security posture: Technology, models and practices  

 

While cybersecurity may be viewed primarily in technological terms, overdependence on technical solutions can actually leave the enterprise more vulnerable. A genuinely effective cybersecurity approach has to be built on three equal pillars: people, process and technology. 

 

This means establishing formal security frameworks and reviews, but also thinking deeply about how processes are designed, and investing in the ability of people to understand and anticipate problems. It’s also important to recognize that some infrastructure and software will remain out of the company’s control. 

Photo headshot Robin Doherty, Principal Consultant, Global Head of BISOs & Business Information Security Officer (BISO), APAC, Thoughtworks
“Organizations that are less mature from a security point of view tend to go to technology first. There are some basic security tools that you need, but you also need to invest in your people and your processes.”

 

Robin Doherty
Principal Consultant, Global Head of BISOs & Business Information Security Officer (BISO), APAC, Thoughtworks 

iii. Fostering a security mindset and culture  

 

Cloud infrastructure, distributed workforces and as-a-service business models mean the boundaries of the enterprise are no longer as well-defined as they used to be, and that security has to be an organization-wide priority. 

 

By starting off with strong executive sponsorship and involving different functions in the collective endeavor, organizations can cultivate the diversity of views and champions needed to take security from policies to practice. According to Thoughtworks experts it’s even possible to have a little fun along the way.

The security feedback loop

Source: Thoughtworks

 

iv. Embedding readiness and resilience 

 

Regular reports of massive data breaches and devastating cyberattacks can make it seem like security is becoming more and more elusive. However, Thoughtworks experts believe all this bad news can play a positive role, by raising the awareness of and investment in security technology and practices. 

 

Current trends mean enterprises may not ever be able to rest easy. But by remaining open to new technologies and techniques, investing carefully and fostering a culture of trust, the organization can develop resilience to whatever threats come next.    

Photo headshot of Lilly Ryan, Global Secure Delivery Strategy Lead, Thoughtworks
“While there’s a lot of apprehension, even panic about security at the moment, in a sense it’s positive that it’s become a bigger issue as it’s approaching a tipping point.”

 

Lilly Ryan
Global Secure Delivery Strategy Lead, Thoughtworks


Perspectives delivered to your inbox

 

Timely business and industry insights for digital leaders.

 

The Perspectives subscription brings you our experts’ best podcasts, articles, videos and events to expand upon our popular Perspectives publication. 

Marketo Form ID is invalid !!!