Sarah Armstrong-Smith has constructed a profession on danger administration, resilience, and staying forward of evolving cyber threats. As a number one cybersecurity speaker and chief safety adviser at Microsoft Europe, she has spent greater than twenty years serving to companies navigate digital transformation whereas strengthening their safety posture. We spoke with Sarah to discover the most important cybersecurity challenges dealing with companies at the moment, the position of resilience in a digital world, and the way organisations can foster larger inclusivity in tech.
What first sparked your curiosity in cybersecurity, knowledge safety and digital transformation? And the way did your journey within the area start?
I’ve been working within the know-how surroundings for greater than 20 years now, and I hint this again to 1999. I used to be truly working for a water utility firm in the course of the Millennium Bug in 2000. Many firms have been on giant transformation packages to recode a variety of their computer systems and servers as a result of the speculation was that, on the stroke of midnight, various computer systems and servers would go into meltdown because of the method the Yr 2000 was coded into numerous techniques.
From a younger age I’ve all the time been pushed to maintain asking ‘why’ and plentiful questions. What if the techniques go down? What if we are able to’t get folks to work? What if all of this stuff occur? On the time, I didn’t realise I used to be taking a look at enterprise continuity. It simply felt like frequent sense to maintain asking these questions. That was the beginning of my profession.
I all the time take a look at that second as the purpose the place my profession started. From enterprise continuity, I then pivoted over the subsequent 20 years into catastrophe restoration, cybersecurity, fraud, disaster administration, and all of that falls underneath the banner of resilience. That’s how my profession has developed, and it’s been incredible.
Variety within the office is essential for innovation and progress. Out of your perspective, what extra might be accomplished to foster gender variety and inclusion in enterprise, significantly in tech and cybersecurity?
We want individuals who can suppose exterior the field, and that’s why variety is so vital. It’s not nearly gender; it’s about variety of background, expertise, and tradition. Inclusion is about eradicating false boundaries – like the concept tech is just for males or that it is advisable to be extremely technical to work in cybersecurity. That’s not true.
We additionally must rethink how we help younger folks. Anticipating them to determine their profession path so early is unrealistic. Folks ought to strive various things, pivot via their careers, and that must be inspired. Life expectancy is rising, that means careers will probably be longer.
Folks will take breaks, begin households, and shift industries. It’s about enabling flexibility and choices.
Reflecting in your expertise with the Millennium Bug, what key classes did you’re taking away from managing such a major potential risk?
I believe having a background in enterprise continuity has enabled me to consider the large image. I used to be all the time fascinated by worst-case situations – what’s the worst factor that might occur? However we additionally must suppose extra broadly. We have to think about incidents that aren’t simply related to our personal firm however those who impression cross-sector and even international adjustments.
I believe again to 9/11 as a very good instance of a serious incident on a large scale that we most likely by no means noticed earlier than. The best way it was televised and the shock that got here with it actually introduced residence the impression of terrorism and the way vital enterprise continuity is at that type of scale.
Bringing that ahead to now, the worldwide pandemic has actually emphasised how interconnected and dependent all of us are. That applies to small companies in addition to giant enterprises. After we think about these threats, it’s not nearly enterprise continuity but in addition cybersecurity and assaults. We now have to suppose holistically, a lot wider. That is the place resilience to all of these kinds of threats involves the forefront.
The media performs a strong position in shaping public notion of threats. Do you suppose the Millennium Bug was exaggerated by the media, and the way can we guarantee correct reporting on cybersecurity dangers at the moment?
Doubtlessly. Generally the media can actually assist, however they will additionally hinder. The issue is scaremongering, blowing issues out of proportion. Folks tend to consider what they learn on the web with out fact-checking, and that has develop into harder because of the variety of info sources out there.
The place do you go to get factual info? Folks learn issues on social media – Fb, Twitter – and it’s actually exhausting to decipher reality from fiction. The media can typically blow issues out of proportion. It’s vital to seek out the fitting sources of data and utilise intelligence to chop via the noise and get actual, actionable insights.
Since moving into your position as chief safety adviser at Microsoft Europe in 2020, what has been your proudest achievement, particularly given the challenges of a quickly evolving digital panorama?
I truly joined Microsoft one week after the UK went into lockdown. So, my whole Microsoft profession up to now has been from this very workplace. It’s been attention-grabbing to be in the midst of a world pandemic, becoming a member of a brand new firm, but in addition seeing the inside workings of Microsoft.
Microsoft is a large organisation with greater than 160,000 staff worldwide. Past preserving the corporate operating, we additionally had to make sure our prospects have been operational. There was additionally the large acceleration to the cloud, significantly collaboration instruments like Groups.
It was unbelievable to see how Microsoft rose to the event, supporting prospects and new customers. In my position, I work with strategic and main prospects throughout Europe, appearing as an govt sponsor throughout completely different sectors. It permits me to grasp their challenges, particularly round cloud adoption and digital transformation.
Regardless of how unhealthy issues get – and we’ve had main crises over time – I all the time give attention to alternatives. What can we be taught? What can we do higher? That’s why I’m proud to work at Microsoft.
With cyber threats consistently evolving, what do you see as the most important danger companies face at the moment, and what important steps ought to they take to strengthen their safety?
Cybercriminals are opportunistic and thrive in a disaster. Over the past 12–18 months, we’ve seen a large enhance in phishing assaults preying on folks’s fears and feelings. Attackers faux to be your financial institution, a charity, or an organisation providing help. They attempt to trick you into giving up credentials or clicking malicious hyperlinks.
We’ve additionally seen an increase in ransomware assaults, significantly focusing on healthcare and important infrastructure. It was stunning to us that in a pandemic, attackers nonetheless focused hospitals and emergency companies as a result of they believed these establishments could be extra prone to pay.
Companies must undertake an ‘assume compromise’ mindset. Regardless of how robust your cybersecurity is, attackers will attempt to discover a method in. The main target must be on preparedness: what occurs if somebody accesses your techniques? In case your knowledge is leaked, what’s the impression? The place must you prioritise your safety efforts?
Cybersecurity isn’t nearly defences – it’s additionally about disaster response. In case your community goes down, can what you are promoting revert to guide processes? How do you talk with prospects and companions? The response technique is simply as vital as prevention.
Wanting again in your profession, what’s one piece of recommendation you’d give to your youthful self, or to anybody aspiring to construct a profession in tech and cybersecurity?
Don’t be afraid to maintain pushing your self ahead. Once I was youthful, I had a behavior of volunteering for issues I didn’t totally perceive, however it all the time led to development. Folks hesitate to use for roles in the event that they don’t meet 100% of the necessities – however you don’t need to know every little thing. You be taught on the job.
I by no means deliberate to work in tech. I initially wished to be a graphic designer as a result of I cherished artwork. Careers aren’t linear, and that’s okay. Simply take alternatives, continue to learn, and benefit from the journey.
Photograph by Ed Hardie on Unsplash, and Champions Audio system.
This interview with Sarah Armstrong-Smith was performed by Mark Matthews.
Wish to be taught extra about cybersecurity and the cloud from trade leaders? Take a look at Cyber Safety & Cloud Expo going down in Amsterdam, California, and London.
Discover different upcoming enterprise know-how occasions and webinars powered by TechForge right here.
