Guiding leaders to greatness

SecurityData privacyOperational agilityRisk management

Cybersecurity: The Fabric of Any Intelligent Organisation

By Haroon Malik, Kiam Cameron

Does today’s need for cyber vigilance conflict with the move towards organisational intelligence and its need to share data? We believe the opposite is true – robust cybersecurity can be a powerful enabler of progress.

01 February 2022 • 3 min read

Haroon Malik

Security Consulting Director & Principal Security Consultant, NTT DATA UK

More from this contributor
Kiam Cameron

Security Consulting Director & Principal Security Consultant, NTT DATA UK

More from this contributor

Photograph: Fly D/Unsplash

For any intelligent organisation, data is king. Facts, figures, numbers, case studies, and countless other pieces of information contribute to sewing up success. How, though, do we keep everything secure as threat levels rise? As leaders within NTT DATA’s UK Security Consulting business, this is an issue close to our hearts.

Most large corporate organisations face highly competitive environments driven by complex regulatory and compliance landscapes. Dealing with challenges while at the same time maintaining value is far from easy.

Intelligent organisations differentiate themselves by aligning their internal ideologies around working smarter, not harder.

One of the ways intelligent organisations differentiate themselves is by aligning their internal ideologies around working smarter, not harder. To enable this way of working, they make information and data freely available. When responding to recent global events, they also increasingly allowed staff to operate flexibly and access data remotely.

These daily activities present increased security risk, especially with servers being accessed offsite. Despite this, we argue that the current model of cybersecurity is evolving to help foster and drive this flexible, smarter-working ‘intelligence’.

The cybersecurity challenge

Cybersecurity risk levels have never been higher. The CyberPeace Institute reported 309 ‘major incidents’ in 35 countries between June 2020 and December 2021.

Hacking, phishing, malware, ransomware and denial of service attacks have all grown in scale and complexity, impacting all industry verticals and market sectors. The very organisations there to protect us – IT and communication leaders, governments and regulatory bodies – have also been victims of cyberattacks.

In June 2020, a global IT managed services giant announced hackers had stolen customer information in a ransomware attack. Another global hardware supplier reportedly paid $50 million to the REvil cyber-gang earlier this year.

The sensible frame of mind is now planning for when you are attacked, not if.

How intelligent organisations deploy cybersecurity

We have always assessed business security risks; it’s why we lock our office doors each evening. Despite this, cybersecurity still feels like an immature science, sometimes bolted onto existing operations as an afterthought. Siloed in this mode, it becomes inherently reactive. Some security professionals report ‘swivel chair fatigue’ as they spin inefficiently to glare at a myriad of constant alerts struggling to identify real active threats.

Rather than firefighters, intelligent organisations see cybersecurity personnel as enablers of safe data-sharing.

Rather than firefighters, intelligent organisations – more usefully – see cybersecurity personnel as enablers of safe data-sharing. Proactively adopting best practices can be a transformative experience that drives businesses towards organisational intelligence, not away from it. Let us look at how.

Considering costs

We tend to think of replacements when making security value judgements at home. Does it, for example, make sense to spend £250 on a state-of-the-art bicycle lock for a bike that would cost half that to replace? At C-suite level, security cost-optimisation is at the forefront of everyone’s minds, but how to demonstrate value? As with bikes, some business functions may have lower costs associated with them. Do they deserve less cybersecurity?

We would argue focusing on replacement and loss doesn’t necessarily fit with intelligent organisations; the success of cybersecurity needs to be measured differently. Does it act as a barrier to strategy or an enabler? That’s the real question.

Built from the ground up

In an intelligent organisation, security-by-design needs to be a key driver of business enablement, customer trust and innovation. For this to happen, cybersecurity needs to be seamlessly integrated across people, processes and technology. Developing a strong culture of security awareness and vigilance plays an important part in driving a risk-focused culture and promoting cyber-resilience.

As organisations continue to adopt hybrid working, the cybersecurity of data should be front-and-centre.

As organisations continue to adopt a hybrid working model, the cybersecurity of data should be front-and-centre during the development of all business processes.

When considering doing this within intelligent organisations, it’s clear that two cyber technology trends will dominate.

1 – Automation

Cybersecurity benefits from a reduced need for human intervention, making a whole series of processes more efficient. Today, assessing threats from incoming emails often happens before they reach user inboxes. Such automated detect-and-respond tools are set to grow in use significantly as technology improves.

2 – Artificial Intelligence

All security judgements depend on context. Leaving the windows open in your house is considered acceptable if you are home. Go out, and you’ve created a risk. The windows have, of course, not changed status.

Through artificial intelligence, understanding context is increasingly being automated too. Your team’s routine can be learned, so it’s not just out-of-hours logins that are flagged, but unusual and harder to define out-of-character behaviours too. For example, AI can quickly spot logins that don’t make sense geographically, such as someone logging in in one part of the world but logging off two hours later on another continent. This activity can be flagged as suspicious.

AI means dizzying quantities of threats can be simultaneously tracked, measured, assessed and acted on. Judgement calls can be made, and, perhaps most usefully, false alerts and alarms can be identified. Knowing systems are being monitored intelligently 24/7 leaves people free to be more productive elsewhere.

Security risks will continue to increase while the threat landscape evolves. Intelligent organisations need not see this as a barrier to success but rather can harness the opportunity that comes from it. This can be achieved by building cybersecurity into the fabric of your businesses.

Data privacyOperational agilityRisk managementSecurity

Discover more in

Security

5 Minutes On… Cybersecurity and Bridges of Trust

20 July 2022

5 Minutes On… Trends in the Metaverse

24 February 2023

Cybersecurity is Everyone’s Job

In a hyperconnected world, cybersecurity is a vital part of protecting both corporate reputation and the safety of employees. While IT departments might be responsible for putting systems in place, it takes every employee from the C-suite down to ensure those systems remain intact.

16 August 2022 • 4min read

Digital Trust: The Difference Between Future-Fit and Obsolete

Ignore digital trust at your peril. Customers are talking with their feet, cutting ties with brands that display poor data security. The essential ingredient, in this age of digitization and mass data collection, is unwaveringly strong cybersecurity.

20 July 2022 • 4min read

Educating the Next Generation for a Sustainable Future

Education is not just a fundamental right for everyone: it’s also a pathway to a better quality of life, playing an instrumental role in attaining many of the UN’s Sustainable Development Goals. Through sharing skills such as cybersecurity, businesses can spread knowledge and help to shape more resilient, informed future global citizens.

01 September 2021 • 4min read

Get Proactive: Managing Third-Party Vendor and Supply Chain Risk in a Digital World

As supply chains have steadily grown in sophistication and complexity, the accompanying risks have also increased – and as we’ve seen in recent years, disruptions can have far-reaching consequences. Effective third party vendor risk management and harnessing technology are both crucial in streamlining and strengthening global supply chains. But where should leaders start?

30 March 2023 • 4min read

Information and Cybersecurity in the UK

The different needs of cybersecurity continue to evolve, in the same way that businesses must adapt and respond to these cybersecurity risks and challenges. Partnerships are just one of the many ways in which businesses can protect themselves and move with the times.

20 June 2022 • 4min read

Lessons From the Past to Guide the Future: Humanity in Cybersecurity

Creating effective cybersecurity systems is about so much more than understanding your vulnerabilities and putting measures in place to mitigate them. It begins with understanding what has made human beings feel safe in the past, and using those lessons and behaviors to build an electronic world they can trust.

15 August 2022 • 5min read

Make life easy for customers, not for ID fraudsters

Strict ID checks become increasingly imperative in our rapidly evolving digital landscape, but sometimes they can be arduous. How can companies protect themselves and their customers from cyber risk while ensuring their processes are convenient, effective and user friendly?

22 June 2022 • 4min read

Misconceptions Around Zero Trust

There are misconceptions around Zero Trust, as businesses may be fearful of a perceived need to completely rebuild their security architecture, but all it takes is a step-by-step approach. What is the journey to making the security of your business airtight?

20 June 2022 • 4min read

NTT DATA’s Zero Trust Journey 2: Architecture (and What We’ve Learned)

The zero trust journey is all about taking measures to assure your business security at every level. While it sounds complex, it is more simple than it seems, and is worth every effort to ensure that access to data is only granted to those who have sufficiently proved their identity at every stage necessary.

13 June 2022 • 4min read

Protecting Customer Accounts and Information in a World of Digital Connectivity

As our digital abilities become increasingly sophisticated, our cybersecurity measures develop at the same pace that a cybercriminal’s savviness also can. Businesses must continue to take the right measures to protect their futures with the developments of remote access and other digitization efforts.  

22 June 2022 • 5min read

Protecting Data Starts With Good Governance

Whatever the trigger, significant technological and other business changes should never damage your customers’ trust in you. This means keeping their personal data safe. In fact, done well, data protection ought to increase confidence in your business. How to get there? It starts, as with many things, with a detailed understanding of the challenges and strong governance around the solutions.

20 June 2022 • 4min read

Technology, Ethics and Customer Trust

Companies that want to differentiate themselves will have to take a long, hard look at their practices around safeguarding customer data. Practices need to comply with the relevant laws, of course, but they also need to be rooted in ethics. Risk governance technologies make it easier than ever before for companies to be both compliant and ethical – and prove to customers they can be trusted.

20 July 2022 • 4min read

The CXO Podcast: Safeguarding Our Digital Lives

16 August 2022 • 0min read

The Media Sector Transformed in Covid Times

Covid has accelerated the trend towards “digitally-oriented” consumers. Companies in the media sector must be ready to seize the opportunities linked to this evolution, investing in key areas including security, data and blockchain. This will be crucial for companies in the media sector to survive in a hyper-competitive and fragmented market.

01 June 2021 • 4min read

Trust: The New Currency of Business

In a world where skepticism and misinformation have now become the default, trust has become the new currency for business. And those companies that know how to spend it well can create a competitive advantage by making sure that their actions speak louder than words.

20 June 2022 • 7min read

Zero Trust – It Begins With Identity Management

Zero trust is a necessary evolution for businesses to be cyber secure in our digital modern landscape. To eliminate cyber risk and threats, businesses can implement a zero trust approach to protect data and systems every step of the way.

20 June 2022 • 3min read

Zero Trust: Your Digital Transformation Requires a Risk Transformation

New and evolving technology landscapes need evenly-matched cybersecurity: as new opportunities arise through digital tools, so too do new risks. Using a framework such as Zero Trust – which assumes every entity attempting to access the system or network may have malicious intent and therefore, as a default, should not be trusted – provides the visibility and controls needed for modern businesses to protect themselves and their customers.

19 July 2022 • 1min read