Canadian Security Magazine

News Opinion
A fragile arrangement: Contemplating the next global crisis


ihsanyildizli / Getty Images

In terms of interesting reads, the published works of Yuval Harrari should be top of the list for any budding futurist. For those in the more practical world, Harrari’s ability to connect underappreciated yet inter-connected elements to a growing list of “low probability, high impact” events should motivate leaders to consider that unimaginable day.

In a Financial Times essay earlier this year, Dr. Harrari opined on something important. It was on an issue likely to resonate with those who played important roles in refactoring how we live, work and play at the moment our world was threatened by a global pandemic. Looking back now, and yet so easy to forget as we stride forward, that first six months of crisis in 2020 was not easy to manage nor certain of outcome.

The important two-part premise Harrari offered was that humanity had never been so powerful in the face of pathogens, and that we had achieved an unprecedented level of technological innovation. His reflection on the course of contemporary history suggested that we were spared “financial ruin and social breakdown and possibly mass starvation.”

His next proposition was equally sobering:

Advertisement

“It took several months for coronavirus to spread through the world and infect millions of people… (yet) our digital infrastructure (built since then) might collapse in a single day.”

In the world of threat assessments, key to security success involves accessing data or properly curated information from a broad and credible set of sources. To achieve a form of corroboration on this specific Harriri thesis, and to test an assumption, I consulted the annual threat index from the World Economic Forum (WEF).

The WEF recognized and reported again this year that cybersecurity is one of the most “strategically important issues facing the world today.” It has also consistently stated that “disruptions from cyberattack as the most significant risk facing business and government leadership.” Based on these two credible sources, a plausible assumption can be made: we are collectively at risk from a future moment of systemic failure.

It may be argued that this calamitous scenario could apply to any period over the past twenty years. Regrettably, I would counter that no moment in the digital age can provide a comparison to this current level of transformation. From the agility brought forth through hybrid cloud adoption, to the impact of Artificial Intelligence (AI) and sweeping new automation capabilities, this is indeed a different time. The digital renovation taking place in 2021 is unprecedented, and soon to accelerate post-crisis.

Today’s leaders have access to an ample number of resilience building options to mitigate an “Harrarian” moment. Many leaders are increasingly acting with purpose, as was recently confirmed in an IBM Institute for Business Value report. It cited 46% of Canadian CEOs foresee an increase in cyber spending to address this very tangible threat.

Critical next steps do require careful consideration and trusted advice, as the options and false prophecies pertaining to certain technologies are plenty.

First order of business sits in the context of strategy and risk. From an organization’s list of assets and contemplation of perils, important questions normally include: how do we prioritize the range of challenges, from regulatory requirements to the interruption of critical services? What are our true vulnerabilities? Have they been tested or validated by a proven and trusted external source? Are we effectively managing access and privilege to the network?

The answers to these somewhat complex questions are surprisingly simple. Well-conceived cybersecurity standards exist, along with critical improvements in the development of strategies to mitigate advanced threats through properly constructed “defence in depth.” Aligned, well managed and modernized security models can now include accessible guidance on achieving requisite Cloud related Security Assessment and Authorization (SA&A), along with the Authorities to Operate (ATO).

In moving towards higher levels of cybersecurity maturity, the application of artificial intelligence for threat prioritization, along with the automation of security tools, change calculations for organizations in the midst of rapid hybrid cloud adoption. Finally, enhancements in the identification and authentication of employees and clients, all within a “least privilege” doctrine related to Zero Trust, are but a consult away.

In reflecting upon the original Harrari thesis, the world has demonstrated an unprecedented level of technological prowess. We have equally revalidated our human capacity to adapt and survive. Core to that success has been the technological tools that serve our everyday moments. And we will soon accelerate the journey through 5G roll-out, hastened cloud adoption and an increasing appetite for insight from data analytics achieved through AI.

None of this can be realized if we fail to understand the fragility and inter-dependency of systems. Nor if we discount the malicious intent of some to undermine our hopes and aspirations for a very different end of 2021 and beyond. Recognizing this and pursuing decisive security enablement in systems design will keep the collapse of our digital infrastructure from becoming a reality.

Ray Boisvert, Security Associate Partner, Public Sectors, IBM Canada, assists IBM clients in public sectors across Canada identify and mitigate threats and risks with an enabling, integrated, and modernizing approach. He brings to bare over 30 years of national security experience, retiring as the Assistant Director for Intelligence at the Canadian Security Intelligence Service (CSIS). Prior to joining IBM, Ray consulted to private sector clients across multiple industries, and was recently the first Security Advisor for the Province of Ontario.