There is a central imperative in cybersecurity that is all about the immediate – to detect and respond to cyber threats as they emerge, very often in real time.
But cybersecurity is both a short game and a long game, according to Infosys’ global chief information security officer Vishal Salvi.
In this episode of the Commercial Disco, Mr Salvi – who is also the global head of the Infosys cybersecurity practice – says building long-term trust is equally important, and that requires long-term and patient investment in capability uplift, an adequate and growing pipeline of skills, and a society-wide base-level understanding of cybersecurity issues.
Of course, organisations must put in place internal policies that mitigate risk of cyber intrusion and that enable immediate response to new threats as they emerge. But longer-term investment and effort in building trust in systems and services is also foundational.
This is especially the case for governments. On the one hand, governments are custodians of critical systems and citizen data that enable the smooth functioning of society, and the immediate protection of these systems is fundamental.
But governments are also stewards of the whole ecosystem. In developing cybersecurity policy, the aim must be to build trust in the whole system. As the “digital economy” becomes indistinguishable from the economy, robust cybersecurity is critical to institutional trust.
In a speech to the National Press Club in Canberra in December, the Minister for Home Affairs and Cybersecurity Clare O’Neil declared an ambition to make Australia a “top cybersecurity nation” in the world by 2030.
For Infosys’ Vishal Salvi, this ambition is critical for a safe and trusted modern economy, to assure an ongoing institutional trust in the different component parts of the economy, and to underpin relationships across the global econmony.
“In my mind, cybersecurity, or digital security, is going to be a very important foundation for us to be able to have a trustworthy and safe digital future,” Mr Salvi said.
“And it’s not just about looking at how do we put all the different controls and safeguards, but it’s also about … the trust that your citizens and your employees and staff and basically all stakeholders play in overall adoption of technology and digital,” he said.
“So, to have the ambition, which is focused on building a cyber aware and cyber secure nation, is very important one for every organization in every nation in today’s context.”
Access to an adequate skills pipeline in cyber is a challenge across the world for individual organisation and for government policymakers.
Mr Salvi says governments must take a long term here with a clear strategy required to build capacity. And that means long-term, patient investment that starts with the education system – and starting a young age.
Investment in tech education from a young age is a no-brainer but should include specific engagement with cybersecurity as an issue and a discipline. It should start when children are very young so that they have an early understanding of the implications of cybersecurity, he says.
Developing well-tended and clear career pathways for young people coming through with an interest in the tech, Mr Salvi said. But the broader exposure to all young people as part of the formal education process is also important given the nature of the digital economy.
“We need to democratise cybersecurity. Every single stakeholder needs to understand his or her accountability, responsibility towards cybersecurity,” he said.
“[There is a] misnomer or misconception about cybersecurity that it’s rocket science. It is not. It’s a very simple problem to understand and solution to understand.
“It’s a question of you embracing it, taking accountability, ownership and trying to learn what needs to be done.”
Mr Salvi is both in charge of the internal cybersecurity needs of the global Infosys operation and its 350,000-odd employees, and also runs its global cyber security practice. It’s a structure he says puts him face to face with exactly the same challenges of as Infosys’ customers.
It makes for direct understanding and direct conversations.
