FLUENT: Perspectives from Softcat
FLUENT’S MONTHLY ROUND UP OF TECH NEWS, INSIGHTS AND ANNOUNCEMENTS
Each month, Softcat’s OCTO team will be providing its unique perspectives on the news stories from the previous month, affecting private and public sector organisations through the lens of technology. Our aim is to cast a light on some of the biggest news stories in this space, and the small (but still important) stories that may have slipped under your radar.
In this month’s feature looking at the headlines published in January 2022, we help you make sense of the new UK Government strategy for cybersecurity, discuss what work could be like in the metaverse, get the latest on the office vs hybrid debate and much more. Our OCTO contributors are:
ADAM LOUCA Chief Technologist for Security
DYLAN FOSTER EDWARDS Technology Director
DEAN GARDNER Field Chief Technology Officer
LATEST IN CYBER SECURITY
with Adam Louca, Chief Technologist – Security
One of the biggest news stories from this year so far is the 2022 cyber security incentives and regulation review. The last time the UK government published a strategy for cybersecurity was in 2016, in fact, before the pre-WannaCry ransomware attack. Lots has changed since then, so it’s interesting to read how the government plans to influence and shape a UK-wide strategy on cybersecurity over the next five years. Here are some key takeaways:
Cost remains a key barrier to adoption of cyber resilience and effective risk management, with 71% of organisations lacking commercial rationale for investment and action in this area.
The cyber skills shortage isn’t going away and the role of the managed, assessment and professional services market will continue to grow in response. While an estimated 75,000 new individuals join the security workforce each year, this is insufficient to keep up with the increasing demand - 10,000 people short.
The government will continue pressuring businesses to take cybersecurity seriously and will introduce proportionate considerations into its new audit and corporate reporting reform proposals. The Treasury will also keep working closely with the cyber insurance sector and share more robust risk impact information for effective modelling.
There continues to be a low recognition of supply chain cybersecurity risk, particularly during the procurement process. One reason for this is complexity, created by a lack of information available or resistance to sharing critical information with others. The absence of an industry-recognised standard for evaluating supplier cyber risk is also contributing to the problem.
There are a couple of other news stories that caught my eye this month, too. Firstly, in IT Pro, an article was published titled Ransomware: Why only the bravest businesses will survive. The headline should be shocking, but it isn’t. Nowadays, we’ve become so used to talking about cyber security in hyperbolic language, designed to scare and provoke. Should we be more aware of the impact this type of marketing has? A recent poll by Beta News identified that 65% of pros are thinking about leaving cybersecurity due to work-related stress. As an industry with a measurable skills gap, the last thing we want to do is increase the pressure on individuals. We must challenge ourselves to change this. Like in the fashion and beauty industries, we as a collective need to take responsibility for how we market to customers. Do we want to be known for creating an insecurity and selling products to make people feel better? Or do we want to go to market in a more positive way, to build confidence and enhance our customers’ experience?
Beyond the hyperbole, there was some good content here highlighting just how vital honesty and transparency is in the immediate aftermath of a ransomware attack, referencing several best practice (and bad) examples. But it’s also important to focus on resiliency. With data breaches becoming more common, we live in a world that anticipates them, creating “breach exhaustion”. What we care about most is the inconvenience and cost of downtime following an attack on the services we rely on. More so than disclosure, recovery can best protect a brand’s reputation. After all, actions speak louder than words. The final article that caught my eye this month was in Forbes, titled Cybersecurity Trends to Watch Out for in 2022. In this insightful cybersecurity trends piece, written by a member of Forbes’ Business Council, the need for a software assurance model is raised. And rightly so.
Today, modern software can be large, powerful, and complex. Rather than a single author writing all the code themselves, modern software is increasingly made from ‘building blocks’ produced by different teams. With billion-pound software businesses now being built on these open source ‘building blocks’, we need to have a level of traceability and accountability. Think about the food industry – you wouldn’t find a Michelin star chef serving dishes made using ingredients from unknown sources. Could you be consuming services contaminated with insecure software like we experienced with the recent Log4j vulnerability? Without a better handle on software assurance and traceability, you might never know.
THE GREAT OFFICE VERSUS HYBRID DEBATE
Perspective from Dylan Foster Edwards, Technology Director
The stop-start nature of lockdown, restrictions and guidelines has made returning to the office or setting up hybrid workplaces a challenge. There has been a considerable amount of investment in workplace tech to support a more flexible way of working, but some organisations jumped the gun too quickly and made decisions when they weren't ready. That’s why it’s interesting to see news articles like Google spending £730m to ‘reinvigorate’ it’s UK offices. We are now seeing a spike in re-investment, as vendors and customers begin to consider the hybrid work model as the 'new norm'. What’s clear is that many firms won’t ever see a full return to office. It’s interesting to see Google’s vision for providing more space so offices can be less densely populated, and prioritising collaboration spaces and "inclusive meeting rooms for hybrid working" to reflect changing habits.
The second article that caught my attention this month was in Computer Weekly - Digital surveillance of remote workers may increase enterprise risk. There's no doubt there has been a rise in the use of digital surveillance tools since organisations packed up their offices and began entrusting employees to work from home. At the start, with this being uncharted territory for most, business heads wanted to protect productivity. Yet an unforeseen problem ensued – the rise of Shadow IT, where employees rapidly switched to devices or apps that weren’t being monitored. So, while organisations look to keep control over their disparate workforces, security risks must be weighed up, together with its impact on trust and equity.
A BIT META?
Perspectives from Dean Gardner, Field Chief Technology Officer
TechRadar published an interesting piece on working from the Metaverse, in response to a study that found more employees would rather work in the metaverse than go back to the office. There has been a lot of noise around the shift to hybrid working as organisations look to offer staff more flexible working environments post-pandemic. But this research by Lenovo cranks this up to a whole new level. Imagine having remote virtual interactions as if you were in the same room. It can gamify workshops, creative a more immersive experience for colleagues to learn, share and network. It may seem like a long way off, but with the metaverse already transforming the gaming industry, it won’t be too long until this crosses over to the business world. Gymshark recently made the news for hosting a meeting in the metaverse, and I wonder how far off OCTO is hosting its first… CRN reporting new research from Gartner: the role of channel partners & cloud spending According to IT research firm Gartner, the managed and consultancy IT services market will surge nearly 8 percent this year to $1.28 trillion. The major driver of this is organisations relying on external consultants, such as channel partners, due to a lack of in-house technical resource, growing complexities and a competitive jobs market. Cloud spending is growing each year and with this growth – alongside the datacentre - comes added complexity which can make it hard for teams to manage operationally. So, this is partly why demand for support from trusted partners is on the up to help maximise ROI and simplify processes.
LOVE IN A COVID CLIMATE.
We’re coming up to four weeks of working from home and have just heard from the government extending the lockdown for a further three weeks. Add to that the four-day weekend we’ve just enjoyed (I think it was Easter, but I can’t really be sure) and it feels like a good time to reflect.