These three tech trends will ‘change the way we interact with others’

Christine Bejerasco of WithSecure explains why cloudification is just one of the trends she’s most excited about and why there’s no “finish line” when it comes to sustainability.

Christine Bejerasco has been in the cybersecurity industry for 19 years. It started during the age of network worms. She has seen the threat landscape evolve with the technologies that have been introduced, as well as changes in regulations and user behavior.

Bejerasco has worked in a variety of capacities during this time, from analyzing threats to building defense capabilities to leading teams to deliver those capabilities effectively.

She is now the chief technology officer of Helsinki-based cybersecurity firm WithSecure (formerly known as F-Secure). In her role, she leads a team of experts examining how technology, threats and user behavior evolve to see what cybersecurity capabilities make sense in the future.

‘Threat actors are agile and do not have to respect borders’
– CHRISTINE BEJERASCO

What are some of the biggest challenges you face in today’s IT landscape?

The increasing complexity faced by organizations as they adopt new technologies faster than old ones are retiring. This increases the attack surface of organizations. Today, we’re addressing this by prioritizing protection in the early stages of the attack.

The logic is that the faster we respond and eliminate the threat, the less impact the attacker will have on the organization’s estate. However, not every organization has the capacity and budget to protect every area in their digital domain.

That’s why we’re introducing a results-driven approach that links cybersecurity priorities to the prioritized outcomes the organization wants to achieve. Identifying cyber risks for the organization is then not separate from the business goals.

What is your take on digital transformation?

Digital transformation brings many new opportunities for different companies and society in general. The new platforms and capabilities that are either already available or will be brought about by cloudification, the metaverse and new methods of connectivity, will open up new opportunities for an even larger population.

We have to learn from the past when it comes to how we design these technologies. Cybersecurity should be embedded in the fabric of these technologies and not as an add-on after they have already been produced. We don’t want a repeat of Mirai on IoT devices, or network vulnerabilities that would allow massive worm spreads.

As a cybersecurity company, we tackle this by introducing the co-security approach. We have capabilities like cybersecurity consulting that help organizations secure their capabilities from the very beginning, and we also have managed services that help them offload many of their cybersecurity needs.

But ultimately, they should still take responsibility for ensuring that vulnerabilities in their products are patched in a timely manner and that they communicate with various organizations within their industry to understand similar attacks.

How can sustainability be addressed from an IT perspective?

Sustainability, like cybersecurity, should be seen by organizations as a fundamental consideration before taking action. I don’t believe there is an end point for sustainability.

There is always a way to optimize and minimize waste and energy when producing and operating a given capacity, and the organization must discover what is right for them and then evolve as needed.

As the world’s population increases and environmental problems escalate, this should be an ongoing consideration in any future venture we pursue.

What major technology trends do you think are changing the world?

Cloudification of everything – move from proprietary endpoints and data centers to SaaS, PaaS and IaaS.

The metaverse – with VR and AR that allows people to interact like never before.

Satellite and 5G/6G Internet – with the ability to reach new places and users that have never been before and at speeds that enable new ways of interacting.

I am excited about all three. They will change the way we interact with others in our work and relationships, and they will become a platform for us to build new places and opportunities.

How can we address the security challenges your industry is currently facing?

We need to align cybersecurity with the business outcomes an organization wants to pursue, and we can use the co-security approach to reduce or eliminate the issues.

Cybersecurity should be seen as a tool to help an organization achieve its goals. This means that cybersecurity budgets should be prioritized toward organizational goals.

For example, if an organization receives 50 percent of their revenue from just one month in a year, it would need 100 percent uptime from their e-commerce capabilities during that month. They also want to ensure low latency and an excellent customer experience during these times.

Cybersecurity must specify the risks to 100 percent uptime, identify the relevant assets that enable that uptime, and predict the threats behind them, and then spend cybersecurity budgets on reducing, if not eliminating, those risks.

Otherwise, if the organization treated all cybersecurity risks in the same way regardless of organizational performance, most organizations would not have enough budget to cover everything.

As part of a global supply chain, no organization can achieve safety alone. However you secure your area, your supplier can introduce a vulnerability that affects not only you, but your customers as well.

Understanding how different organizations interact with your organization’s supply chain and the threats you can introduce to your customers is important for security.

Sharing information about threats, security improvements and vulnerabilities is critical to empowering all of us to collectively improve our security posture. Threat actors are agile and do not have to respect boundaries, as such they will always have an edge if we work in isolation.

But if we build cybersecurity into the foundation of what we do and work with related organizations to collectively strengthen our security posture, we can raise the bar and make attacks more expensive for attackers.

10 things to know straight to your inbox every weekday. Sign up for the Daily overviewSilicon Republic’s summary of essential sci-tech news.