Building a robust security posture with limited resources

In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tackle the risks posed by legacy systems, and build defenses for startups.

Lindahl-Wise also highlights collaboration and strategic planning as essential for maintaining a strong security posture.

What steps can senior business leaders take to align innovation goals with the need for cybersecurity without compromising either?

Senior business leaders can effectively align innovation goals with cybersecurity by embedding security into the innovation process from the outset. Collaboration between security teams and business units is critical, ensuring cybersecurity considerations are integral to strategic discussions rather than an afterthought. Utilising managed security services can alleviate the operational burden on internal teams, allowing them to focus on innovation while maintaining robust security.

By adopting advanced tools such as AI and automation, businesses can create efficiencies that reduce risk without stifling innovation. Finally, leaders should prioritise resource allocation to address the ongoing cybersecurity talent shortage, equipping teams with the tools and expertise required to tackle security challenges while driving progress on strategic goals.

Legacy systems often present significant cybersecurity risks. What are the primary challenges you face when securing outdated or unsupported systems?

Securing legacy systems presents a host of challenges arising from their inherent limitations. These systems often lack the patches and updates needed to defend against modern threats, leaving them vulnerable to exploitation. Moreover, their inability to integrate with contemporary cybersecurity tools creates protection gaps that can expose the organisation to significant risk.

Legacy systems also increase the attack surface, as attackers often target their predictable weaknesses. Modernising or replacing these systems can be both costly and disruptive to operations. To mitigate these risks, businesses must implement compensating controls, segment legacy systems from critical networks, and collaborate with security experts to develop tailored solutions addressing these vulnerabilities.

For startups and smaller businesses, where do you recommend they begin establishing a basic yet effective cybersecurity posture?

Startups and smaller businesses should begin by focusing on fundamental measures that deliver maximum protection with minimal complexity. Identifying and securing critical assets, such as customer data and proprietary information, is a crucial first step. Implementing multi-factor authentication (MFA) adds an extra layer of protection against unauthorised access to systems and accounts.

Leveraging the built-in security features of cloud platforms can provide cost-effective protection without requiring extensive on-premise infrastructure. Employee education is another key component, as basic security awareness training can significantly reduce the risk of human error, such as falling victim to phishing scams. For businesses lacking in-house expertise, partnering with a managed security provider can offer access to advanced capabilities and ensure a comprehensive cybersecurity posture without overwhelming limited resources.

What emerging trends or technologies will be essential in maintaining a strong security posture in the coming years?

AI and machine learning are becoming indispensable for analysing vast amounts of data in real-time, enabling organisations to detect and respond to threats more quickly and accurately. The adoption of zero trust architectures is also gaining momentum, promoting the principle that no user or device should be trusted by default. This approach is particularly valuable in securing hybrid work environments and cloud-based operations.

Automation in security operations will further ease the burden on security teams, streamlining processes such as incident response and threat intelligence gathering. As IoT and edge computing continue to proliferate, securing these endpoints will be vital for maintaining a resilient network.

Lastly, collaborative security models that foster real-time communication between organisations and their security providers will enable faster, more effective responses to emerging threats. By embracing these advancements, businesses can stay ahead of the evolving threat landscape while maintaining a strong security posture.