“This is a story about control
Control of what I say
Control of what I do
And this time I'm gonna do it my way
I hope you enjoy this as much as I do
Are we ready? I am.
'Cause it's all about control,
And I've got lots of it."
~ Janet Jackson; Control, 1986, A&M Records
On this week’s InSecurity podcast, Matt Stephenson welcomes Amar Singh in for a conversation about the notion of trust, security, risk, and control.
This week’s podcast is concerned with the most critical challenge of the last year: how do we maintain cybersecurity when a high percentage of employees at most businesses are now working from home? Many organizations have gone from a situation in which their network was based in a building, to one in which their network is provided by dozens of commercial Internet and WiFi providers.
How are we supposed to maintain control in this situation?
To make matters worse, many companies rely on in-person interaction for security, such as through biometric systems or networks that are simply hardened against external intrusion. How do we secure these in an age when the vast majority of office workers are working from home?
Mr. Singh’s response is typically controversial. The reality, he says, is that “everyone has lost control”. Or, put another way, “what little control you think you had is gone.”
In the era of COVID-19 and home working, it is almost impossible to secure networks in the same way that we have up until now. And this is not a temporary situation. This is the new normal, and organizations are going to have to adapt to it. This includes providing regular employee cybersecurity training, using dynamic application security testing to scan applications for vulnerabilities while they are running, and remaining fully current with your software integrations.
But while the current situation is a potentially dangerous one, it might also provide opportunities for those brave enough to embrace the full consequences of it. It provides, Mr. Singh argues, an opportunity to completely rethink what we mean by control, and what we mean by visibility in the world of cybersecurity.
Realizing these opportunities will take leadership, an area in which Mr. Singh has plenty of experience. In this episode, he talks about his new company, Cyber Management Alliance Limited, which he co-founded five years ago. His aim, he says, is to make as many organizations as possible cyber-resilient.
Specifically, Mr. Singh’s goals, and those of his company, are to reduce organizational exposure to cyber risks by creating a global network of security experts in the industry that provides a platform for mentorship and collaboration, and also to offer special operational and strategic training programs across data protection and information risk domains.
Those are ambitious aims right now, when many companies are scrambling to secure their networks in the context of home working. But for Mr. Singh, this could be the defining moment of the coming age: if we can respond in the right way to the pandemic, and use it as an opportunity to transform the way we think about control, we might come out of it stronger than ever before.