Cyber criminals don't care whether there is a pandemic raging on or not. Leaders across industries have to build cyber resilience into their businesses. That was true before the coronavirus, and it's even more true now, as teams everywhere operate remotely and with a wider digital attack surface.
On Tuesday, DC Inno hosted a virtual discussion on how to continue operating and scaling successful businesses while implementing technologies and strategies to protect against cyberthreats. The State of Innovation in Cybersecurity featured insights from thought leaders across the diverse cybersecurity landscape from the Washington, D.C. area and beyond.
Neha Joshi, Growth and Strategy Lead at Accenture Security, highlighted the innovative ways that Accenture is helping its clients tackle the most complex security challenges. Joshi leads a team that produces security solutions that leverage technologies like robotics, machine learning, Artificial Intelligence (AI), data analytics and more.
Dr. Ellison Anne Williams, CEO and founder for Enveil, described how the proliferation and increased collaboration over data is presenting a challenge across sectors to keep sensitive data secure. Enveil is pioneering the use of homomorphic encryption, which allows data to be encrypted while in use. Williams calls this the "Holy Grail" among privacy-enhancing technologies.
Jennifer Quarrie is the COO and Strategy Director of MACH37, a cybersecurity accelerator in Northern Virginia, as well as the COO of VentureScope. Quarrie described all the ways startups are approaching the world's most daunting cybersecurity challenges and how they're competing with legacy firms in unexpected ways.
Here the key takeaways from the event.
The pandemic’s impact on the cybersecurity industry
All of the panelists described having to adapt in some way to outmaneuver uncertainty by navigating the never normal brought about by the coronavirus pandemic. But they all seemed to agree that these aren’t new challenges; they’re old challenges that have been accelerated by the crisis.
Joshi said that Accenture Security has seen organizations experiencing a resurgence in phishing attacks, for example, taking advantage of people’s altered alertness and attention spans amid the pandemic. Organizations have been seeing more attacks in general, thanks to an increased attack surface as so many things have newly gone virtual.
“Initially, a lot of the work was really about how we can help everyone safely move to cloud, and move remote,” Joshi said. “Now it's like, okay, all of our systems really need to move to the cloud. How do we continue to evolve the longevity aspect of that goal?”
With everything going virtual, organizations of all sizes are spending more time and money on solving cybersecurity problems. Quarrie explained that that means new opportunities for the startups going through the MACH37 cyber accelerator.
“The pandemic has really shone a spotlight on the necessity,” Quarrie said. “We're seeing a lot of big organizations pay more attention, putting more resources, time and dollars towards figuring out solutions. And a lot of people in the startup community are already getting funding even though things are tight in terms of venture right now. We're seeing a lot more investment. I think we're going to continue to see that trend.”
For Enveil, the most popular use cases for its homomorphic encryption technology pre-pandemic were in the financial sector, due to the need to enable different jurisdictions to share data while respecting each other’s privacy regulations. But the pandemic has brought about demand in other sectors for the same reasons.
“We are seeing the interest in [secure data sharing and collaboration] move from financial services and start to blossom over in health care, where due to COVID, there is a global rise in the need to have a complete and enriched health picture of an individual or an entity,” Williams said.
The biggest cybersecurity challenges of the past few years
Independently of the pandemic, the cybersecurity landscape has evolved rapidly in recent years, and the industry has had to find innovative solutions for problems of all kinds.
For Quarrie, one of the big challenges has been creating and supporting technology that allows different industries to work with each other when they operate at different levels of security.
“Finance tends to be very locked down; healthcare tends to be very locked down. And then you have industries that are inherently open,” Quarrie said. “One of the questions is going to be how do you work and let those systems touch and allow that data to remain secure at every place.”
Of course, partnering with other organizations and across industries presents a risk of its own. Joshi says that Accenture looks at risk and security at a bigger scale and across the supply chain.
“If you look at factories or partner ecosystems, they're very, very interconnected and they’re becoming even more so. So, the weakest link in that supply chain can actually increase exposure for all,” Joshi said.
That risk can present itself in a whole host of new ways as more devices are connected. Joshi says this calls for a new focus on OT [operational technology] security as opposed to just IT security.
“How do we secure manufacturing, secure IT, secure medical devices? Even oil rigs, right? How do we actually patch those types of devices?” Joshi posed.
New technologies emerging from startups and innovators
Innovation can both enhance cybersecurity and present it with new risk. All the panelists agreed that simply adopting a new technology doesn’t necessarily make an organization more secure. In fact, it might leave it more exposed without proper planning.
Joshi illustrated the problem with the example of 5G adoption.
“There are legacy issues as we move from the old networks to 5G that we sometimes carry over with us. There are new issues with some of the new features that it brings forward, like virtualization and location tracking,” Joshi said.
“I think people naturally assume that newer technologies are more secure, because there's such a heightened awareness of security,” Joshi said. “I can understand that assumption, but as an industry and as practitioners, we need to make sure that we are dispelling that myth very quickly. Or making it true, which is even better, right? Let's make it true.”
For Quarrie, quantum computing is top of mind when it comes to new tech that will disrupt the security space. Once quantum is ubiquitous, older encryption standards will in many cases become obsolete. Quarrie is looking forward to startups that ensure that security isn’t hindered by the leap in innovation.
“Ensuring that the data is quantum resilient is something that basically we should be doing now. So that's something that I think we're seeing that we didn't expect to see necessarily out of the startup world quite as soon as it has emerged,” Quarrie said.
Predictions for the next five years
Joshi: Extended reality, which encompasses virtual reality and augmented reality, will become more ubiquitous. This presents a whole new class of technology that the security industry needs to think about protecting.
“If we're dependent on people using extended reality for their jobs, for training, for things like doing surgery, you can imagine the implications of tampering with some of that,” Joshi said.
Quarrie: Cybersecurity will become more of an all-community approach. It will become a skill that everyone is expected to have as part of their jobs.
“We have all these players that are in very separate worlds. … I think these demands that are coming out of COVID and other major events like the election are forcing people to have these conversations and realize: ‘Oh my gosh, we're trying to solve the same problems,’” Quarrie said.
Williams: The global demand for privacy for privacy solutions will become ever more ubiquitous. Makers privacy-enhancing technologies (PET), such as the Enveil and its homomorphic encryption, will have to further take into account the broad reach and demands of their tools.
“It's going to change everything. It's going to change the way that we do business because the backbone of the digital economy is data. And so if there are regulatory requirements around the majority of our data in terms of privacy implications, that really changes how you build a whole suite of cybersecurity products,” Williams said.
Check out the full conversation below:
Learn more about Accenture's 5 power plays for secure and continuous innovation here as well as view their third annual 'State of Cyber Resilience' report here.
