[ad_1]
Sarah Armstrong-Smith, a leading voice in cyber-security, resilience, and digital transformation, explores the biggest cyber-security challenges, the role of resilience in business continuity, and how organisations can foster greater diversity in tech.
Q: In your expertise, what are the most significant cyber-security threats businesses face today, and what proactive measures should organisations implement to mitigate these risks?
Sarah: Cyber-criminals are opportunistic and thrive in a crisis. Over the last few years, we’ve seen a massive increase in phishing attacks that prey on people’s fears and emotions. Attackers impersonate banks, charities, or organisations offering support, attempting to trick individuals into providing credentials or clicking malicious links.
We’ve also witnessed a surge in ransomware attacks, particularly targeting healthcare and critical infrastructure. It was shocking that, even during a pandemic, attackers continued to target hospitals and emergency services, believing these institutions would be more likely to pay.
Businesses need to adopt an ‘assume compromise’ mindset. No matter how strong your cyber-security measures are, attackers will always attempt to find vulnerabilities. The key is preparedness—what happens if someone gains access to your systems? If your data is leaked, what is the impact? Where should you prioritise your security efforts?
Cyber-security isn’t just about defences; it’s equally about crisis response. If your network goes down, can your business revert to manual processes? How will you communicate with customers and partners? A well-structured response strategy is just as crucial as prevention.
Q: When it comes to gender inclusion in the workplace, what key steps should organisations take to foster greater diversity, particularly within the cyber-security and technology sectors?
Sarah: We need individuals who think outside the box, which is why diversity is so important. It’s not just about gender; it’s about diversity of background, experience, and culture. Inclusion is about removing false barriers—such as the perception that tech is only for men or that you need to be highly technical to work in cyber-security. That simply isn’t true.
We also need to rethink how we support young people. Expecting them to decide on a lifelong career path too early is unrealistic. People should have the opportunity to explore different fields, pivot through their careers, and this should be encouraged. With life expectancy increasing, careers are becoming longer, meaning individuals will take breaks, start families, and shift industries. The key is enabling flexibility and creating a broad range of career options.
Q: What initially drew you to the fields of cyber-security, data protection, and digital transformation, and how has your career evolved over time?
Sarah: I’ve worked in the technology sector for over 20 years now, and I trace my journey back to 1999. At the time, I was working for a water utility company during the Millennium Bug crisis in 2000. Many companies undertook large-scale transformation programmes to recode their computer systems, as there was a widespread belief that, at the stroke of midnight, certain computers and servers would malfunction due to the way the Year 2000 had been programmed.
From a young age, I have always been driven by curiosity, constantly asking ‘why’ and considering various possibilities. What if the systems fail? What if employees cannot get to work? What if everything shuts down? At the time, I didn’t realise I was thinking about business continuity—it simply felt like common sense to ask these questions.
I now consider that moment the starting point of my career. Over the next two decades, I transitioned from business continuity into disaster recovery, cyber-security, fraud prevention, crisis management, and resilience planning. It has been an incredible journey, and I continue to learn and grow.
Q: Reflecting on your experience with the Millennium Bug, what key insights did you gain about large-scale digital threats and business resilience?
Sarah: Having a background in business continuity has helped me develop a big-picture perspective. I have always considered worst-case scenarios—what is the worst thing that could happen? However, we also need to think beyond our own organisations and consider incidents that have cross-sector and even global consequences.
I often reflect on 9/11 as a prime example of a large-scale crisis that reshaped how we understand security. The way it was televised and the sheer shock it created underscored the impact of terrorism and highlighted the need for business continuity planning on a much larger scale.
Fast forward to today, and the global pandemic has reinforced how interconnected and interdependent we all are. This applies to both small businesses and multinational enterprises. When we assess threats, it’s not just about maintaining business continuity but also about protecting against cyber-security threats. We need to take a holistic approach, ensuring resilience against a range of potential disruptions.
Q: The media plays a crucial role in shaping public perception of cyber-security risks. In your opinion, has media coverage sometimes exaggerated certain threats—such as the Millennium Bug—or has it been instrumental in raising necessary awareness?
Sarah: Potentially. The media can be a powerful tool for raising awareness, but it can also contribute to fearmongering, sometimes blowing issues out of proportion. People tend to believe what they read online without verifying the facts, and this has become even more challenging with the sheer volume of information available today.
One of the biggest issues is determining where to find factual and reliable information. Many people rely on social media—platforms like Facebook and Twitter—which can make it difficult to separate fact from fiction. While media coverage is essential, it’s equally important to cut through the noise and focus on intelligence-led insights that provide actionable and accurate information.
Q: Since joining Microsoft as Chief Security Adviser for Europe in 2020, what has been your most impactful achievement in this role, and how has it shaped your approach to cyber-security leadership?
Sarah: I actually joined Microsoft just one week after the UK entered [the Covid-19] lockdown. It was fascinating to join a new company during a global pandemic while gaining insight into the inner workings of Microsoft.
Microsoft is a vast organisation with over 160,000 employees worldwide. Beyond ensuring our own business continuity, we had to help customers stay operational while navigating an accelerated transition to cloud-based services. Collaboration tools like Microsoft Teams became essential in enabling businesses to function remotely.
It was inspiring to witness how Microsoft adapted to the situation, supporting both long-standing customers and new users. In my role, I work with strategic and major customers across Europe, acting as an executive sponsor across multiple sectors. This allows me to understand their unique challenges, particularly regarding cloud adoption and digital transformation.
No matter how challenging circumstances become—and we’ve faced numerous crises over the years—I always focus on opportunities. What can we learn? How can we improve? That mindset is what makes me proud to work at Microsoft.
Q: Looking back on your career journey, what is the one piece of advice you would give to your younger self to navigate the challenges and opportunities ahead?
Sarah: Don’t be afraid to push yourself forward. When I was younger, I often volunteered for tasks I didn’t fully understand, but those experiences always led to personal and professional growth.
Many people hesitate to apply for roles if they don’t meet 100% of the listed requirements, but the reality is, you don’t have to know everything upfront. You learn on the job.
I never initially planned to work in technology—I originally wanted to be a graphic designer because I love art. Careers aren’t always linear, and that’s absolutely fine. My advice would be to embrace opportunities, stay curious, and enjoy the journey.
Sarah Armstrong-Smith is Microsoft’s Chief Security Advisor for Europe and a respected speaker on cyber-security. This interview with Sarah Armstrong-Smith was conducted by Mark Matthews.
Main image courtesy of iStockPhoto.com and solarseven
[ad_2]
Source link
Click Here For The Original Source.
