Cybersecurity professionals have always had to be ready for the next threat to arrive or vulnerability to be exposed. But the last few years have brought even more. The rapid transition to cloud technologies, shift to remote and hybrid work, and arrival of AI have created massive shifts in the foundations of cyber-risk management and defence.
Old assumptions, like all users being inside the firewall or links between applications being easily catalogued and managed, are no longer valid. Instead, users expect to work from anywhere on a variety of different connection types using cloud-based applications and services that scatter corporate data far and wide.
Peter Soulsby, the Director of Cyber Security and Government at Brennan, says “We’ve seen new technologies like artificial intelligence machine learning and quantum computing change the borders we had for cybersecurity and pushed us to a new security topography. We’ve moved from being business enablers to a lot of us have regressed to a block and defend mindset.”
The new security topography deals with machine identities, machines doing things that we don’t know and understand and artificial intelligence making decisions on our behalf.
“The new security topography is less about humans or defending humans, “explains Peter. “It’s about looking at machines and robots and artificial intelligence and understanding the identity of machines, the behaviour of machines and how to make sure that machines do things in a safe and secure manner.”
Cybersecurity practitioners must find ways to understand the risks that come with new technology and allow users to do things that potentially we’re uncomfortable.
“We don’t want users going rogue and off the network. We want to ensure we have visibility. If we have a block and defend mindset and we tell people no, they will just do things that we don’t have visibility into,” says Peter.
AI and machine learning have transformed work, and cybersecurity can’t be a gatekeeper that blocks adoption. Security teams must act as partners that enable innovation while protecting systems, identities and data. Instead of saying “no,” teams need to ask “how” and find ways to measure and manage risk to enable organisations to innovate with confidence.
