Sarah Armstrong-Smith, who was listed as one of the Top 15 Inspirational Women in Tech, sat down in this exclusive interview to reflect on her career in cyber security. As a leader in her field, Sarah was on the frontline of the Millenium Bug and is currently the Chief Security Advisor for Microsoft. Hear from Sarah Armstrong-Smith, a true cyber security expert, in this exciting interview. 

Who or what inspired you to pursue a career in cyber security?

“I’ve been working in the technology environment for over 20 years now, and I chase this back to sort of 1999 – all those many years ago! I was actually working for a water utility company on the Millennium Bug or Year 2000 programme, and many companies were on really large transformation programmes to recode a lot of their computers and servers.  

“The theory was, at the stroke of midnight, a number of computers and servers would melt down, because of the way that the year ‘2000’ was actually coded into a number of different systems.

“And really, for me, from a young age, I’ve always been driven to keep asking ‘why’ and ask abundant questions: ‘what if the systems go down?’, ‘what if we can’t get people to work?’, ‘what if what if’ – all these types of things. And I didn’t really understand at the time that what I was looking at was business continuity. For me, it just felt like common sense to keep asking these ‘what if’ questions. I always look at that as the point where I started my career.”

What is the biggest cyber threat businesses face and what can they do about it?

“It’s very interesting. We think about cyber criminals and the type of attackers, and they’re inherently opportunistic – they absolutely love a crisis. And what a crisis we’ve seen over the last 12 to 18 months! So, they’re really taking advantage of this. 

“We’ve seen a massive increase of phishing attacks, or really preying on people’s fears and emotions. So, they pretend to be your bank, they might pretend to be just offering support. They might pretend to be a charity and those types of things.

“It’s really trying to fool you into a false sense of security, to try to get you to give up credentials or click on links. We’ve also seen a massive increase with regards to ransomware, specifically targeting healthcare or other critical infrastructure. I think what’s been interesting to us is there’s almost no company is out of bounds – they’re small, large enterprises, these frontline services.

“And even to us, it was quite shocking. You’d think, ‘surely in the middle of a pandemic, you wouldn’t attack a hospital, you wouldn’t attack the emergency services.’ But they did, particularly when we’re talking about ransomware, because they feel that they’re more likely to pay if they’re being backed into a corner. 

“I think there’s a real psychology behind the way that cyber criminals act and the way that they take advantage of the situation. It’s important that we’re mindful with regards to what’s going on and how these changing tactics and techniques are going to continue to evolve.

“It really comes back to that kind of business continuity, which means constantly asking questions: ‘what if somebody could get access to our systems? What if somebody could disrupt our services? What if someone could get access to our data? If that data is leaked, what’s the impact of that? And therefore, where do I put my priorities?’ 

“So, we’re no longer just talking about cyber security in. We have to think again and have more of a holistic response, where we’re thinking about ‘if we have these types of incidents, what’s the business doing?’ It’s very much about thinking much wider.”

How can businesses keep up with rapid digital transformation?

“I think it’s important to reflect on the fact that security is intrinsic to almost every business, particularly when we’re talking about digital. So, we really need to think much wider, much broader. 

“As we’ve talked about, really with a global pandemic, many companies are really evaluating their business models, their working practices. They’re asking, ‘what happens next?’ Do we all go back to the office? Do we continue to work remotely? The reality is we’re going to work in this hybrid environment, where people have more choices about where they work from, what type of devices they use. 

“And that ability to embrace the Cloud is really important because it enables them to try proof of concepts, new designs, spin up projects very, very quickly, which they might not have been able to do previously because of the time it takes to procure servers and storage and spin up projects and all of these types of things. 

“So, it really comes down to speed and scale, and that’s really one of the benefits of the Cloud. It’s really about taking advantage of all of these different things that are available, and just really explore. 

“I think that’s the bit I love, really. We’re talking a lot about being agile, which is the ‘fail fast, fail often’ philosophy, which is if you want to try something new, if you want to have these innovative projects, try it out, get some insight, run some analytics, and it doesn’t work? Close it down.

“I think that’s where the agility and the flexibility of this kind of the digital transformation is, it enables companies and even individuals to experiment a lot more.”

This exclusive interview with Sarah Armstrong-Smith was conducted by Mark Matthews.