1
Tell us about your career in cybersecurity to date
I’ve been working within the technology sector for over two decades. Within that time, I’ve helped secure the defences of global governments, militaries, intelligence organisations, and enterprises at the highest level, helping them utilise developing technologies and defence methodologies effectively.
2
What does Cyber Safety mean to you?
Cybersecurity has been too focused on tackling breaches once they’ve occurred, but not doing enough in the first instance to limit the frequency and likelihood of success by malicious actors.
For me, cyber safety is common sense. It’s about finding solutions designed to predict and tackle threats before they occur. Equally, it’s about setting your organisation up for success, with clear communication between cyber teams, IT departments and senior decision makers and moving cybersecurity toward the top of the business agenda. Only by adopting this mindset can businesses, governments, and public organisations stay ahead of the attackers.
Outside of this, investment in the right partners and tools is crucial to match a change of mindset with tangible results.
3
Why is Cyber Safety important to you and your organisation?
Cyber safety forms a clear path toward better defence, fewer vulnerabilities, and a safer environment. The principles of cyber safety are crucially simple. We need to move beyond sector-specific jargon that adds unnecessary confusion to our already complex sector and focus on delivering cyber reporting and strategies in a more accessible way.
In doing so, the C-Suite can better understand the cybersecurity dynamics within their organisations, and make better-informed choices and investments that will position them as cyber safe from the top down.
4
What are the three biggest Cyber Safety challenges facing businesses today?
The biggest cyber safety challenges have been around for some time. First, there’s a lot of misunderstanding around the real risks faced by businesses globally. Without understanding the business-specific cyber risks they are exposed to, organisations have little chance to put the most appropriate defences in place. SMEs are particularly at risk here, as they often lack the resources to educate their organisation on cyber risks on the scale the discipline demands.
Second, cybersecurity efforts are still largely underfunded, which is, in part, due to that lack of understanding. Without a clear grasp of the threats they face, the C-Suite will struggle to invest in the correct tools and protocols.. Only by gaining accurate context into the environment can impactful investments, with strong ROI, take place.
Finally, and as a result of low understanding or investment, firms resort to treating cybersecurity as a tick-box exercise. By this, I mean they focus on cybersecurity compliance but do not go beyond this, failing to implement defensive strategies that meet the business's specific needs.
There is too much confusion within cyber safety, and compliance is like putting a plaster over a gaping hole and expecting this to fix the problem.
5
What more can be done to support businesses with improving their Cyber Safety?
Technology and telecommunications sectors can do more to support businesses in achieving cyber safety, by helping roll out tech products equipped with cybersecurity in mind.
Large enterprises have a better understanding of the need for a cyber safe environment and can afford military-grade security, when their customers - SMEs - don’t have anywhere near that level of budget. If they invest in more cyber safe tech, it protects their customers.
When SME customers are vulnerable to cyber attacks, so is the associated enterprise, so there’s a clear motive for large enterprises to take a more holistic view.
6
Why do you think businesses generally prioritise cybersecurity ‘compliance’ without striving to champion best practice and true Cyber Safety?
Most businesses simply don’t understand that cybersecurity compliance isn’t enough to adequately protect their business. This has filtered down from governments and insurers, and time and resource-poor businesses are unable to explore the subject in any depth so tend to take their word for it.
In reality, compliance is nothing more than the initial foundation on which tailored defence mechanisms must be built. Awareness is the key challenge here. Only by understanding the nature of cyber attacks and the various tech-led solutions that can stop this, can businesses accurately decide the best strategy for their business.
7
How will online security continue to evolve in the years to come?
Emerging technologies, such as quantum computing, will revolutionise the technological landscape; cyber attack and defence methodologies will evolve simultaneously.
However, I don’t believe there is a clear prediction of what our sector will look like after these innovations have reached maturity. The way cybersecurity is handled throughout all manner of organisations is ultimately immature. Under serious threat for far too long, it’ll take a catastrophic event to truly move beyond compliance and bring cyber safety to the fore of C-Suite priorities.
8
Which technology with the potential to improve Cyber Safety are you most excited about?
There’s not an individual technology I’m excited about, but rather the way I hope cyber tech will evolve. Businesses, whether they know it or not, need to be able to prioritise unique risks on a real-time basis. Equally, systems must be capable of communicating with businesses and alerting them when systems are under threat, or the status of vulnerabilities has changed.
AI, ML, and automation will form the crux of these more communicative cyber tools and can offer a level of support previously missing from previous solutions.
In simpler terms, we need technology to do more of the heavy lifting and accurately communicate why at the same time. In doing so, businesses can better understand their threat landscapes more thoroughly and the practices involved in shoring up defences.
9
Are there any other businesses you believe set the standard for Cyber Safety?
Trialled by fire, some law firms have learned the hard way that the cyber safety of their ecosystems is imperative, and have duly made appropriate investments in their cybersecurity.
That said, other regulated or data-rich sectors have not yet followed suit, with governments, healthcare companies, and defence contractors still lacking the level of cybersecurity relative to the sensitivity of their operations.