The tech industry has always been fast paced. In under a century, we’ve gone from the first ever commercially produced digital computer (UNIVAC I, 1951) to almost everyone having a small, portable, internet-connected device in their pocket. The pace of innovation (or, more broadly, ‘change’) is truly remarkable - and no small feat. Many of our personal and working lives have been transformed by tech, with perks including increased productivity and greater global connection. However, with any sort of innovation comes risk, naturally. But there also comes opportunity, for better or worse.
Since the 1970s, cybercriminals have seen the potential of the digital landscape for nefarious gain, whether that’s (among many other factors) financial motivations, government-backed disruption, or personal intent. As such, cybercrime has snowballed. Notably, our recent research found that a third of organisations have suffered from three or more breaches in the past 24 months. It feels like we’re reaching a crescendo. What started as ‘Creeper’ and ‘Reaper’ has spiralled into threat groups that resemble legitimate corporate organisations, networks expanded far beyond what anyone may have initially predicted, and attack vectors that once would have been a thing of science fiction (see deepfakes, for example). These are very real issues affecting every organisation in today’s world, regardless of size, data held, industry, and/or revenue.
For IT and security teams, having been on both sides, it can often feel like cybersecurity is a laborious game of cat and mouse. New tech appears quickly and needs securing, along with ensuring everything else already on the network is secured. That’s a lot of things to juggle, and we’re all navigating the changes blind. But from this comes an opportunity to collaborate.
One way that community comes together to make the world safer is through the sharing of known vulnerabilities. When a team has found and flagged a vulnerability properly, other IT and security teams can proactively protect themselves, using this intelligence, from potentially devastating attacks. The standardisation of vulnerability reporting is something the community is talking about increasingly more. At ACDS, we have joined the soon-to-be-announced EPSS vulnerability classification that aims to standardise some of this reporting. More information on which will be released in the coming weeks.
Additionally, another way the industry has recently come together to make the world safer in times of change is the Secure By Design Pledge, which actively encourages organisations to build tighter security into software design, from the get go. ACDS were proudly early supporters of this pledge, as we’re committed to creating lasting and impactful change for good.
By working with and learning from each other alongside partners, peers, governments, and nonprofits, we can become stronger and more secure faster. You can go quickly on your own, but faster and farther together.
In cybersecurity, it’s easy to forget that change also brings opportunity to the good people too. New cybersecurity innovations ultimately mean a more secure world. Additionally, the (once harrowing) move to hybrid working post-covid has meant that our teams can be expanded and more diverse (owing to increased flexibility and the potential to build teams without geographical borders), and new regulations, like the soon-to-be-announced EPSS, strive to standardise reporting for clarity and ease. Similarly, with a recent change in the UK government comes fresh ideas, new perspectives, and different people to collaborate with in the cyber realm.
We have navigated cyber change before and will no doubt have to do it again, whether we like it or not. We can choose to embrace innovation securely or bury our heads. If we open ourselves up to collaboration as leaders, we can learn more quickly and with less risk.