Sarah Armstrong-Smith has constructed a profession on danger administration, resilience, and staying forward of evolving cyber threats. As a number one cybersecurity speaker and chief safety adviser at Microsoft Europe, she has spent greater than twenty years serving to companies navigate digital transformation whereas strengthening their safety posture. We spoke with Sarah to discover the most important cybersecurity challenges going through companies right now, the function of resilience in a digital world, and the way organisations can foster higher inclusivity in tech.
What first sparked your curiosity in cybersecurity, knowledge safety and digital transformation? And the way did your journey within the area start?
I’ve been working within the know-how atmosphere for greater than 20 years now, and I hint this again to 1999. I used to be truly working for a water utility firm in the course of the Millennium Bug in 2000. Many firms had been on giant transformation packages to recode lots of their computer systems and servers as a result of the idea was that, on the stroke of midnight, quite a few computer systems and servers would go into meltdown because of the manner the 12 months 2000 was coded into varied techniques.
From a younger age I’ve at all times been pushed to maintain asking ‘why’ and ample questions. What if the techniques go down? What if we will’t get folks to work? What if all of this stuff occur? On the time, I didn’t realise I used to be taking a look at enterprise continuity. It simply felt like widespread sense to maintain asking these questions. That was the beginning of my profession.
I at all times take a look at that second as the purpose the place my profession started. From enterprise continuity, I then pivoted over the subsequent 20 years into catastrophe restoration, cybersecurity, fraud, disaster administration, and all of that falls underneath the banner of resilience. That’s how my profession has developed, and it’s been implausible.
Range within the office is essential for innovation and progress. Out of your perspective, what extra may be finished to foster gender range and inclusion in enterprise, significantly in tech and cybersecurity?
We’d like individuals who can suppose exterior the field, and that’s why range is so essential. It’s not nearly gender; it’s about range of background, expertise, and tradition. Inclusion is about eradicating false limitations – like the concept that tech is just for males or that you want to be extremely technical to work in cybersecurity. That’s not true.
We additionally have to rethink how we assist younger folks. Anticipating them to resolve their profession path so early is unrealistic. Folks ought to attempt various things, pivot via their careers, and that must be inspired. Life expectancy is growing, that means careers will likely be longer.
Folks will take breaks, begin households, and shift industries. It’s about enabling flexibility and choices.
Reflecting in your expertise with the Millennium Bug, what key classes did you’re taking away from managing such a big potential menace?
I believe having a background in enterprise continuity has enabled me to consider the massive image. I used to be at all times desirous about worst-case situations – what’s the worst factor that would occur? However we additionally have to suppose extra broadly. We have to take into account incidents that aren’t simply related to our personal firm however those who affect cross-sector and even world modifications.
I believe again to 9/11 as a extremely good instance of a serious incident on a large scale that we most likely by no means noticed earlier than. The best way it was televised and the shock that got here with it actually introduced dwelling the affect of terrorism and the way essential enterprise continuity is at that type of scale.
Bringing that ahead to now, the worldwide pandemic has actually emphasised how interconnected and dependent all of us are. That applies to small companies in addition to giant enterprises. Once we take into account these threats, it’s not nearly enterprise continuity but additionally cybersecurity and assaults. We now have to suppose holistically, a lot wider. That is the place resilience to all of all these threats involves the forefront.
The media performs a strong function in shaping public notion of threats. Do you suppose the Millennium Bug was exaggerated by the media, and the way can we guarantee correct reporting on cybersecurity dangers right now?
Doubtlessly. Typically the media can actually assist, however they’ll additionally hinder. The issue is scaremongering, blowing issues out of proportion. Folks generally tend to imagine what they learn on the web with out fact-checking, and that has develop into harder because of the variety of info sources accessible.
The place do you go to get factual info? Folks learn issues on social media – Fb, Twitter – and it’s actually exhausting to decipher reality from fiction. The media can generally blow issues out of proportion. It’s essential to seek out the appropriate sources of data and utilise intelligence to chop via the noise and get actual, actionable insights.
Since moving into your function as chief safety adviser at Microsoft Europe in 2020, what has been your proudest achievement, particularly given the challenges of a quickly evolving digital panorama?
I truly joined Microsoft one week after the UK went into lockdown. So, my total Microsoft profession to this point has been from this very workplace. It’s been fascinating to be in the course of a world pandemic, becoming a member of a brand new firm, but additionally seeing the interior workings of Microsoft.
Microsoft is a large organisation with greater than 160,000 workers worldwide. Past conserving the corporate operating, we additionally had to make sure our prospects had been operational. There was additionally the large acceleration to the cloud, significantly collaboration instruments like Groups.
It was unbelievable to see how Microsoft rose to the event, supporting prospects and new customers. In my function, I work with strategic and main prospects throughout Europe, performing as an govt sponsor throughout totally different sectors. It permits me to know their challenges, particularly round cloud adoption and digital transformation.
Irrespective of how dangerous issues get – and we’ve had main crises through the years – I at all times concentrate on alternatives. What can we study? What can we do higher? That’s why I’m proud to work at Microsoft.
With cyber threats continuously evolving, what do you see as the most important danger companies face right now, and what important steps ought to they take to strengthen their safety?
Cybercriminals are opportunistic and thrive in a disaster. Over the past 12–18 months, we’ve seen a large improve in phishing assaults preying on folks’s fears and feelings. Attackers fake to be your financial institution, a charity, or an organisation providing assist. They attempt to trick you into giving up credentials or clicking malicious hyperlinks.
We’ve additionally seen an increase in ransomware assaults, significantly focusing on healthcare and demanding infrastructure. It was stunning to us that in a pandemic, attackers nonetheless focused hospitals and emergency companies as a result of they believed these establishments could be extra more likely to pay.
Companies have to undertake an ‘assume compromise’ mindset. Irrespective of how sturdy your cybersecurity is, attackers will attempt to discover a manner in. The main target must be on preparedness: what occurs if somebody accesses your techniques? In case your knowledge is leaked, what’s the affect? The place do you have to prioritise your safety efforts?
Cybersecurity isn’t nearly defences – it’s additionally about disaster response. In case your community goes down, can what you are promoting revert to guide processes? How do you talk with prospects and companions? The response technique is simply as essential as prevention.
Trying again in your profession, what’s one piece of recommendation you’d give to your youthful self, or to anybody aspiring to construct a profession in tech and cybersecurity?
Don’t be afraid to maintain pushing your self ahead. After I was youthful, I had a behavior of volunteering for issues I didn’t totally perceive, but it surely at all times led to development. Folks hesitate to use for roles in the event that they don’t meet 100% of the necessities – however you don’t should know every part. You study on the job.
I by no means deliberate to work in tech. I initially wished to be a graphic designer as a result of I liked artwork. Careers aren’t linear, and that’s okay. Simply take alternatives, continue to learn, and benefit from the journey.
Picture by Ed Hardie on Unsplash, and Champions UK.
Wish to study extra about cybersecurity and the cloud from business leaders? Take a look at Cyber Security & Cloud Expo happening in Amsterdam, California, and London.
Discover different upcoming enterprise know-how occasions and webinars powered by TechForge here.
