Perspectives
From advanced persistent threats to sophisticated AI-powered deepfakes, enterprises are having to contend with an entirely new breed of cybersecurity challenges. Emerging technologies and a constantly expanding defense perimeter mean even well-established tools and practices may not keep the organization safe.
In this issue of Perspectives, three of Thoughtworks’ top security experts explain how the risks facing companies are changing in a world where truth, and stability, are harder to come by – and the strategies business leaders should adopt in response.
An evolving international threat landscape
Source: CrowdStrike
i. AI changing the security picture – and possibilities
High-profile scams and data breaches made possible by the democratization of AI have raised concerns about new technologies fueling catastrophic cybersecurity events. At the same time, there’s growing interest in leveraging AI systems to enhance the organization’s defense capabilities.
As Thoughtworks experts point out, provided teams learn to query information and rethink some of their assumptions – and remember claims around next-generation security solutions aren’t always taken at face value – the analytical and pattern-matching powers AI brings to the table can make it a formidable security ally.
“It will become increasingly difficult to get real information, or to make judgments as to information’s trustworthiness.”
Lu Yang
Head of Incubator Service Line Security, Thoughtworks
ii. Constructing an effective security posture: Technology, models and practices
While cybersecurity may be viewed primarily in technological terms, overdependence on technical solutions can actually leave the enterprise more vulnerable. A genuinely effective cybersecurity approach has to be built on three equal pillars: people, process and technology.
This means establishing formal security frameworks and reviews, but also thinking deeply about how processes are designed, and investing in the ability of people to understand and anticipate problems. It’s also important to recognize that some infrastructure and software will remain out of the company’s control.
“Organizations that are less mature from a security point of view tend to go to technology first. There are some basic security tools that you need, but you also need to invest in your people and your processes.”
Robin Doherty
Principal Consultant, Global Head of BISOs & Business Information Security Officer (BISO), APAC, Thoughtworks
iii. Fostering a security mindset and culture
Cloud infrastructure, distributed workforces and as-a-service business models mean the boundaries of the enterprise are no longer as well-defined as they used to be, and that security has to be an organization-wide priority.
By starting off with strong executive sponsorship and involving different functions in the collective endeavor, organizations can cultivate the diversity of views and champions needed to take security from policies to practice. According to Thoughtworks experts it’s even possible to have a little fun along the way.
The security feedback loop
Source: Thoughtworks
iv. Embedding readiness and resilience
Regular reports of massive data breaches and devastating cyberattacks can make it seem like security is becoming more and more elusive. However, Thoughtworks experts believe all this bad news can play a positive role, by raising the awareness of and investment in security technology and practices.
Current trends mean enterprises may not ever be able to rest easy. But by remaining open to new technologies and techniques, investing carefully and fostering a culture of trust, the organization can develop resilience to whatever threats come next.
“While there’s a lot of apprehension, even panic about security at the moment, in a sense it’s positive that it’s become a bigger issue as it’s approaching a tipping point.”
Lilly Ryan
Global Secure Delivery Strategy Lead, Thoughtworks
Perspectives delivered to your inbox
Timely business and industry insights for digital leaders.
The Perspectives subscription brings you our experts’ best podcasts, articles, videos and events to expand upon our popular Perspectives publication.