The technological and digital landscape is constantly evolving – epitomised by the drastic shift from physical offices being the global standard to the majority of the population being encouraged to log into Zoom and work from home. As our digital environment changes, it’s essential that we also adapt our cyber security practices to try to keep up with new cyber threats and weaknesses.
Ryan Duplessis, Head of Cyber Security Engineering & Oversight at Sky, joins RiverSafe to discuss the constantly changing nature of cyber security, how COVID-19 has potentially altered how organisations approach cyber security permanently, and what industries can do to future-proof their strategies in the face of unpredictability.
How has the cyber security industry changed since you started?
“The industry has changed exceptionally because the world has changed. COVID-19 is just one example of this, but it’s an important and prevalent example felt by all sectors. What’s crucial for organisations to consider is whether they’ve adapted quick enough.
The security industry, and standard cyber practices, have been developed on the pre-existing framework of how businesses use technology. In essence – that most of us follow a very predictable routine of working 9 to 5 in an office, 5 days a week. However, this predictability has been entirely disrupted by the pandemic and the introduction of working from home practices, the use of personal devices, furloughs, and increased digitisation – overturning the old standards for organisational cyber security. Instead of the main office building’s network security being the priority, the securities in place for remote working securities now need greater attention.
This digital transition happened almost overnight, so it’s a security ‘trend’ that most organisations will be adjusting to and investing in for years to come. If this new working environment is due to endure, the way organisations secure their teams, processes and technology will likely have to change permanently. For example: how businesses can move their data around more securely is a consideration that has gained increased focus since people started working from home.”
What are some other trends people should be aware of?
“Many trends will gain attention as businesses across the globe have to adapt to remote security. Certain things that were in the pipeline for development in the next five years will have to be fast-tracked, such as zero trust platforms, cloud security, and identity and access management (IAM).
Just like with the impacts of COVID-19 though, we can’t necessarily predict future trends. What organisations can do is focus on and invest in what they know will be consistent. For the foreseeable future, this includes processes like end-point security and zero trust platforms. As using your own device becomes more prevalent, businesses need to do what they can to keep their own assets safe.
Integration is also a reliable way to encourage technological sustainability and future-proofed security infrastructures. Currently, integrating tools isn’t that straightforward; it can be complex, labour intensive and expensive, and yet it’s absolutely necessary. Organisations have a myriad of tools, from network security to application security to IOT security, that ideally should work together but weren’t designed in a compatible way. Unless you can buy all your tools at once from the same vendor, your teams and tools end up making decisions independently, making the sought-after concepts of orchestration and automation near impossible to achieve.
Consultancies can help businesses build more cohesive infrastructures and understand what tools work best together for specific needs, but technology developers themselves need to initiate a principal change to truly eradicate this issue.
What many organisations such as Sky hope to see is a significant improvement in standardisation in the near future, enabling organisations to incrementally build an integrated ecosystem which exploits their legacy solutions just as well as their new ones. This is already being approached in R&D phases by some larger vendors.”
What have been your key takeaways from working in cyber security?
“What I’ve come to understand about cyber security is that it’s a multi-faceted, complicated field with many working parts. There is so much so consider and it’s all about getting these parts to work together as seamlessly as possible. This needs to start at the beginning so the process gets started in the right direction. For example, by simplifying and improving the analyst stages, problems become much easier to diagnose and fix when they do arise it’s easier.”
My advice to organisations everywhere is to make sure your IT and security departments are working together. Too often organisations separate these two fields, but by consolidating them they can advance faster, work more efficiently and cost-effectively, and align their goals.”
How have you worked with RiverSafe?
“RiverSafe are an integral part of our engineering team that help us move and adapt with velocity. Their skilled staff support us with numerous cyber security initiatives, from implementing new security infrastructure or processes such as DevSecOps, to enhancing existing platforms, to managing integrations, ensuring our analysts consistently have a stable technology platform that works cohesively.
Their highly skilled team is a critical resource that allows us to move faster and make greater security innovations. Professional services organisations in this area are a great asset to companies looking to strengthen their cyber security. But what really makes RiverSafe so valuable to us is that they embed themselves into the company. Unusually for a vendor, they feel like a small operator who really understand our environment and our needs, and can give us individual care.”