Faced with relentless growth in cyberattacks, coupled with the complexity of today’s digital ecosystem, how should your business respond?
Bas Burger, CEO: global at BT, shares his insights.
There’s no going back. Over the past 18-months, businesses have got to grips with digital transformation and developed a new understanding of its potential to unlock growth and prosperity.
It’s exciting to see this happen across every industry. But, regrettably, one of the sectors fastest to exploit this opportunity is criminal enterprise. Cybercrime is booming like never before.
We know that cybersecurity will make or break the digital business. It’s the number one enabler, allowing us to build customer trust, business resilience and investor confidence. Yet too many organisations are still working with a cyber defence model that was designed for a simpler age, when IT resources and data were kept behind a locked door with access strictly controlled. Those days are gone. Today, data, applications, services flow ceaselessly around global networks, through the cloud, across millions of digital devices in vehicles, in shops, in streets and offices and factories and our hands.
Of course, it’s understandable that businesses want to keep their cybersecurity operations close to home. It’s a boardroom priority, with genuinely existential implications if things go horribly wrong. But such is the extent of malicious activity that traditional defences – even with support from the most highly skilled human experts – cannot keep up. We’ve passed the limit of what human beings can do to protect the digital business. We need a new model, one that goes looking for trouble before it finds us.
We know this from our experience at BT and managing security for customers – from large multinational enterprises and governments through to SMEs. Like many of our multinational customers, we’re a big global organisation that’s been around for a while. We’ve wrestled with the transition from legacy to digital. We’re investing in digital transformation to provide our customers with the networks and services they need to achieve their ambitions. We’ve experienced at first-hand what this means for cybersecurity and can see it’s time for a step change.
The digital business needs cybersecurity to work in the same way that we enable the safe operation of self-driving vehicles: with sophisticated modelling and deep reinforcement learning that constantly looks out for, anticipates and outmanoeuvres new threats and vulnerabilities, and enables human beings to take better decisions.
It’s an evolution that mirrors how self-driving technologies have been adopted, from having both hands on the steering wheel, through the introduction of driver aids such as cruise control and automatic transmission to the ultimate aim of a fully self-driving vehicle with the driver simply supervising the journey.
This is the principle behind our new Eagle-i cybersecurity platform, which uses AI, machine learning and automation to learn through experience, foresee and outwit malicious behaviours. Eagle-i is a game changer, which will help us address the epidemic of cyber threats with confidence.
What does it mean for the market? Well, if your business still takes a DIY approach to cybersecurity, then get ready to up your game. Ask your CISO what plans they have to invest in AI tools and automation techniques. Ask how they’ll ensure the security measures built into technologies from disparate vendors will work together. To put it simply, will each of their vendors’ AIs know how to talk to one another? Or will a hacker’s AI exploit gaps where information is “lost in translation”? And be prepared for your cybersecurity strategy to occupy the same amount of management headspace as your mainstream business activity.
Alternatively, you can look for a cybersecurity partner who has already made the investment in technology and relationships with vendors, who can assume responsibility for protecting your operations while you focus on your core purpose. There’s really no halfway house. You either do it all yourselves, or you trust the specialist to do it for you.
We’ve often argued that cybersecurity is a business problem, not a technology problem, and that’s still the case. Cybersecurity is about managing risk, building operational resilience and creating the extreme flexibility that characterises a successful digital business. By leveraging automation and AI alongside our specialist skillsets and vendor knowhow, we’re taking cyber defence to a new level, and giving business leaders the confidence to go out and achieve their digital ambitions.