菜单
Perspectives edition 13 banner
Perspectives edition 13 banner

Edition #13 | December 2020

Facing the new security frontiers

A mindset shift


At many enterprises, cybersecurity is now top of mind. Yet as the threat landscape grows in both scale and complexity, business leaders are losing faith in their ability to keep their organizations and customers safe. This crisis of confidence can only be addressed by a new approach that shifts security from a process to a mindset.

Confidence in cyber resilience measures slipped from 2017 to 2019

Diagram - Confidence in cyber resilience measures slipped from 2017 to 2019
Diagram - Confidence in cyber resilience measures slipped from 2017 to 2019
Source: Marsh/Microsoft

Know your weak spots 


The proliferation of connectivity, data and cloud-based platforms has put many of the security tools and techniques enterprises traditionally rely on at risk of obsolescence. In pursuing the opportunities emerging technologies bring, businesses should also be conscious of the security challenges they present. 


Cloud computing


Ubiquitous connectivity means any system is only as strong as its weakest link, and opens the door to a broader range of bad actors. 


Data


Enterprises are getting better at protecting customer information, but the massive volumes of data they generate and use is a tempting target, and represents a new dimension of risk. 


The IoT


Connected devices have become a security soft spot as more appear on corporate networks and the lines between work and home blur. 

Quote from Robin Doherty, Lead Security Architect, ThoughtWorks
“The idea with zero trust architecture, is that you don’t trust devices just because they’re on your network, and you don’t trust everything that a system does just because you created that system.”


Robin Doherty

Lead Security Architect, ThoughtWorks

Complex supply chains


Most businesses depend on a large and tangled web of suppliers, vendors and partners to take care of day-to-day functions and deliver to customers, meaning it’s not just their own security practices they have to consider.

From security policies to security culture  


A fresh, more future-proof approach to security starts with the acceptance that there will be occasional failures, and the acknowledgement that it’s a shared responsibility. By focusing on extending security capabilities beyond the security team and making it clear that effective risk management is also a means to create value, business leaders can help ensure any security breach is a learning experience rather than an existential threat.

Quote from Harinee Muralinath, Capability Lead, ThoughtWorks
“There’s a problem when you think of security in isolation. You need to build the talent in existing teams so they understand the extra things they need to do to put security in place.”


Harinee Muralinath

Capability Lead, ThoughtWorks

Conclusion: Planning for the unknown 


No organization can predict with certainty what security risks lurk around the corner, but that’s no reason not to try. Even as the nature and variety of threats evolve, experts see reasons for optimism about enterprise security as new digital tools and techniques, and better practices, emerge in response. Businesses are learning that it pays to focus on the basics - and to think outside the box.

Quote from Jim Gumbley, Cyber Security Principal, ThoughtWorks
“Will you always see what’s coming perfectly? No chance. But can you do better than passively waiting? Absolutely.”


Jim Gumbley

Cybersecurity Principal, ThoughtWorks

Perspectives delivered to your inbox


Timely business and industry insights for digital leaders.

The Perspectives subscription brings you our experts’ best podcasts, articles, videos and events to expand upon our popular Perspectives publication.