New technologies and endless amounts of data prompted businesses to expand digital footprints and adapt to a changing cyber landscape.
The COVID-19 pandemic, however, revealed a global cybersecurity interconnectedness tech leaders can no longer ignore, said Sue Gordon, former principal deputy director of national intelligence, during a keynote speech at the Gartner IT Symposium/Xpo Americas on Thursday.
"Digital connectedness, combined with ubiquitous technology, has really just transformed how adversaries, competitors, partners, allies interact in this world, very different from the physical world constraint that they have," Gordon said.
The interconnectedness of the world erases traditional borders, making every organization responsible for the cybersecurity of its neighbors, according to Gordon. But all actors bring their own interests and intent to the table as they exist and make security decisions in cyberspace.
"Today, cyber is the means by which both adversaries and competitors, state actors and criminals advance their aims to seek advantage," said Gordon, so acting in self-interest seems beneficial.
It's similar to the tragedy of the commons, an economic principle arguing people act in line with their own self interest to an extent undermining what's good for the collective — and ultimately themselves.
In this case, if one player fails to protect their piece of cyberspace for any reason, partners are left exposed too, and everyone is more vulnerable, according to Gordon.
"COVID[-19] revealed in a way that we can no longer ignore our interdependence," Gordon said. "We're making decisions for each other."
With the weight of global cybersecurity on every organization, first tech departments must invest in modern infrastructure that allows integration across systems. "We have to be faster to be able to adapt our infrastructures to the needs of mission, not make [the] mission slow, because our infrastructure wasn't designed to change as the world is changing now," Gordon said.
Grappling with the abundance of data available today to put it into practical use will ensure businesses are able to function effectively. Data integrity and sharing — alongside a strong ethical foundation — allows businesses to operate at scale in the connected world, Gordon said.
Devote time and resources to cybersecurity training for the entire organization. Frequently, security posture is only carried by the tech departments when an attack is more likely to occur through a human error. Including policies focused on people creates an end-to-end security ecosystem that protects the entire operation, according to Gordon.
"Security is too often considered a cost," Gordon said. "Those who don't feel the threat pressure will assume it's not there. But I will promise you there's no hiding anymore."
Security efforts stretch beyond the basics and should include investments in operating at a distance and supporting a remote security culture, too. Translating interpersonal operations in the remote work environment improves decision making, Gordon said.
In essence, the security processes surrounding the technology should be as modern as the infrastructure it's built on.
"Too many times, we have cool things that we can do but if it goes to a human resources or security or contracts teams, they haven't been invested in order to upgrade their processes to take advantage of the new work that's been done," Gordon said.
These efforts ultimately hinge on leadership. While the current security landscape brings new challenges, "We've been in this place before just with different parameters, and we found a way forward … All it took was leadership," Gordon said.