Prepare for the next wave of cybersecurity threats is always music to my ears and it was a core focus last week at IBM’s Think 2022. This was a brilliant online event exploring data, AI, cybersecurity, and hybridcloud. The speaker sessions and thought leadership were a perfect mix of experts from within both leadership, society, and IBM’s own sector specialist leaders.
It was great to listen to Kiersten Todt speak, she is Chief of Staff at CISA, The Cybersecurity and Infrastructure Security Agency. In the USA CISA leads the national effort to understand, manage, and reduce cybersecurity risks and threats to physical infrastructure.
Kiersten was discussing with Sinead Bovell, how we best enable national cybersecurity and infrastructure security within a diverse ecosystem of stakeholders and at a time of an obvious geopolitical cybersecurity threat environment. CISA’s approach is looking at how they can work most collaboratively with industry partners, non-profits, small businesses, likeminded economic partners, and international allies to create a cyber resilient environment that really is based in human behaviour and Industry Collaboration.
IBM havebeen working with CISA for a long time but last year helped launch somethingcalled the joint cyber defence collaborative. This joint cyber defence collaborative environment isfocused on bringing together industry partners and government in real time to share data so as to give a broader and more meaningful threat landscape picture. Industry can share what they're seeing, but importantly, the government shares what it's seeing from an intelligence perspective, by bringing those data points together we get a much better understanding of the ever-changing threat landscape and can then formulate how to address it.
The relationship between technology and security is totally interdependent and can no longer be separated. When we look at how technology and security come together, acknowledging the role that human behaviour has in security and technology is a fundamental requisite.
One of the things that that CISA talk about is how to work with industry to move security away from the end user. How to build safety and security into products so that it makes it easy to do the right thing? Whilst still encouraging innovation and not just addressing the threats of today, but vitally the threats of tomorrow. This is why investment in artificial intelligence within the ecosystem of security is so critical to foster that innovation that addresses what we expect to see in the future and helping us to be moreresilient today,
It’s important to note that AI is based on the data and it’s only ever going to be as good as the data that goes into it. Together we have to make sure that we have thoughtful, clear, accurate data that reflects both today and the future we want to see. Cybersecurity has to be bakes in to everything we do, security and safety simply can’t be optional in the technology that any of us deploy (in the workplace or indeed our homes). Kiersten used cars as analogy, making the point that we no longer pay for an airbag or for seatbelts, we expect them to be built in, thankfully C-Suites are starting to wake up to the importance of cybersecurity, it's now the apex of the conversation rather than us having to bring that conversation forward.
The cybersecurity landscape accelerated once again during Covid and there's noquestion that the geopolitical environment and other recent events have made this subject much more of a kitchen table issue. Most people understand why this is important. We all carry a phone and have a number of computers, tablets and other connected devices in our daily lives. What hasn’t happened quick enough is a response to all of that technology in our culture, which reflects an appropriate culture of security. Thankfully there is now a noticeable effort worldwide (demonstrated by CISA in the USA and NCSC in the UK) to build these cultures of security into our working and domestics lives and our communities.
When asked if there was one thing critical for us to be able to get the next 5-10 yearsright. CISA’s campaign around multifactor authentication was a perfect illustration of how we educate the person that's using technology every day to do what they can to play their part in security. We have to eliminate single factor authentication and articulate the needs for 2FA or multi factor authentication, if we just do that one thing when it looks at human behaviour, the broader security benefits are exponential.
Ongoing cybersecurityeducation at every level is essential and we must encourage our leaders, peersand our families be a part of that that conversation to ensure we get our future right.