Christine Bejerasco. Image: WithSecure
WithSecure’s Christine Bejerasco explains why ‘cloudification’ is just one of the trends she’s most excited about and why there is no finish line when it comes to sustainability.
Christine Bejerasco has been in the cybersecurity industry for 19 years. She started during the era of network worms and has seen the threat landscape evolve with the new technologies as well as changes in regulations and user behaviour.
Bejerasco has worked in various capacities in this time, from analysing threats, to building protection capabilities, to leading teams to effectively deliver these capabilities.
She is now the chief technology officer of Helsinki-headquartered cybersecurity company WithSecure, the enterprise security spin-off of F-Secure. In her role, she leads a team of experts looking into how technology, threats and user behaviour are evolving to see what cybersecurity capabilities would make sense in the future.
‘Threat actors are agile and don’t need to respect any boundaries’
– CHRISTINE BEJERASCO
What are some of the biggest challenges you’re facing in the current IT landscape?
The increasing complexity faced by organisations as they are adopting new technologies faster than retiring old ones. This widens the attack surface of organisations. Today, we are addressing this by prioritising protection at the initial stages of the attack.
The logic is that the quicker we respond and eliminate the threat, the less impact the attacker will have on the organisation’s estate. However, not every organisation has the capability and budget to protect every area in their digital estate.
As such, we are introducing an outcome-based approach where cybersecurity priorities are linked to the prioritised outcomes that the organisation wants to achieve. Then, identifying cyber risks to the organisation will not be detached from business goals.
What are your thoughts on digital transformation?
Digital transformation brings with it many new possibilities for different businesses and society in general. The new platforms and capabilities that are either already available, or will be brought about by cloudification, the metaverse and new methods of connectivity, will open up new opportunities to an even wider population.
We do need to learn from the past when it comes to how we architect these technologies. Cybersecurity needs to be embedded into the fabric of these technologies and not as an add-on after they are already produced. We don’t want a repeat of Mirai on IoT devices, or network vulnerabilities that enable mass spreading worms.
As a cybersecurity company, we are addressing this by introducing the co-security approach. We have capabilities such as cybersecurity consulting that help organisations secure their capabilities at the very beginning, and we also have managed services where they can offload many of their cybersecurity needs.
But at the end of the day, they would still need to take ownership in ensuring that vulnerabilities within their products are fixed in a timely manner and that they are interacting with different organisations within their industry to understand similar attacks.
How can sustainability be addressed from an IT perspective?
Sustainability, like cybersecurity, should be viewed by organisations as a basic consideration before pursuing any endeavour. I don’t believe there is a finish line for sustainability.
There is always a way to optimise and minimise waste and energy in producing and operating a certain capability, and the organisation needs to discover what is suited to them and then evolve when the need arises.
With the global population increasing, and environmental issues escalating, this needs to be a continuous consideration in any future endeavour that we pursue.
What big tech trends do you believe are changing the world?
Cloudification of everything – movement from owned endpoints and data centres to SaaS, PaaS and IaaS.
The metaverse – with VR and AR enabling people to interact like never before.
Satellite and 5G/6G internet – with the capability to reach new places and users that have never accessed those before and with speeds that enable new ways of interaction.
I’m excited about all three of them. They will change the way we interact with others in our work and relationships, and they will become a platform for us to build new places and capabilities.
How can we address the security challenges currently facing your industry?
We need to align cybersecurity with the business outcomes that an organisation desires to pursue, and we can use the co-security approach to mitigate or eliminate the issues.
Cybersecurity should be viewed as an enabler to help an organisation achieve their goals. This means that cybersecurity budgets would need to be prioritised towards the organisation’s goals.
For instance, if an organisation gets 50pc of their revenues only from one month in a year, then they would need 100pc uptime of their e-commerce capabilities during that month. They would also want to ensure low latency and excellent customer experience during these times.
For cybersecurity, the risks against 100pc uptime would need to be itemised, the relevant assets that enable that uptime identified and the threats behind them forecasted, then cybersecurity budgets would need to be spent on mitigating, if not eliminating those risks.
Otherwise, if the organisation treats all cybersecurity risks similarly, detached from organisational outcomes, most organisations wouldn’t have enough budget to cover everything.
As part of a global supply chain, no organisation can achieve security alone. No matter how you secure your area, your supplier could introduce a vulnerability that will impact not only you, but also your customers. Understanding how different organisations interact with your organisation’s supply chain and what the threats are that you could introduce to your customers is important to security.
Sharing information on threats, security improvements and issues is critical in enabling us all to collectively improve our security posture. Threat actors are agile and don’t need to respect any boundaries – as such, they will always have an edge if we work in isolation.
But if we build cybersecurity into the foundations of what we do and we work with related organisations in collectively strengthening our security posture, then we can raise the bar and make attacks more expensive for attackers.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
