MobileIron chief strategy officer Ojas Rege says a healthy organisation will reduce its potential to be hit by threats.
The Wannacry breach of May 12, 2017 put cyber security front and centre of national debate, crippling 400 thousand devices globally in sectors as diverse as rail transport, consumer goods and the NHS. The latter getting the most attention here in the UK as it sent the tabloids into an ill informed panic.
“Wannacry definitely moved cyber-security up the agenda. I hope it stays there,” says Ojas Rege chief strategist of security technology specialists MobileIron. ”My biggest fear is that Wannacry exposed some fundamental issues that we have as organisation in keeping our technology up to date. If our technology was up to date across the all different enterprises Wannacry would have had very little impact. The challenge though is that something like this happens and it becomes a topic, but a couple of months pass by and people revert back to the behaviours of the past.”
Rege believes Wannacry helped cyber-security rise up the agenda as it had a major business impact. “The moment your business gets impacted where you have to shut down, suddenly it rises to the top of the agenda and there is actual money, customers and potentially lives that you lose. Not all organisations were impacted in the same way.
“The challenge is that mobile has a whole host of new architecture, threats and opportunities that most organisations are not prepared for,”
“We think too much about threat and not enough about proactive protection,” Rege says. “If every organisation had kept up to date with its Windows patching we wouldn’t be talking about Wannacry. Threats will always appear, but the question is how do you prevent that threat? So from a CISO perspective, proactive measures with up to date systems so the number of threats are much less. If I fall out of date the number of threat vectors increases.
“It is a mindset, like health. We are all told we should eat well and exercise and it is the same for organisations, if you make sure that your systems are up to date and are configured and protected well and you will get sick less often. That doesn’t mean you won’t get sick. That is the mindset shift for organisations, how do we minimise the impact of threats and the ability to move quickly,” he says.
“The challenge is that mobile has a whole host of new architecture, threats and opportunities that most organisations are not prepared for,” he says of the mobile focus of the organisation.
“A good way to think of mobile is that it is the tip of the iceberg, really what you see is computing power, processors available in many locations and devices and some of those devices will have interfaces and some of them will not,” Rege says of how CIOs and organisations need to think mobile first. The definition is not a mobile phone it is a device that can be outside of the enterprise. “So when I think of mobile I think about the broader world of connected computing.”
Despite the front page headlines that Wannacry created, the global strategy leader believes CIOs and CISOs are struggling again to secure funding to develop better cyber-security in their organisations.
“I do have empathy for organisations, where do you invest first? There are so many places you have to invest, the regulatory, the threat and keeping up to date with new technology.”