David Masson is the Director of Enterprise Security at Darktrace and is here to talk about the looming cybersecurity concerns and what steps small businesses must take to future-proof their enterprises. Masson also talks about various cybersecurity challenges and has much important advice for small business owners.
David Masson is Darktrace’s Director of Enterprise Security and has over two decades of experience working in fast-moving security and intelligence environments in the UK, Canada, and worldwide. With skills developed in the civilian, military, and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. David is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major international and national media outlets in Canada where he is based. He holds a master’s degree from Edinburgh University.
How did you become involved in cybersecurity? Having been in the industry for over a decade, how have things changed for you?
I have spent most of my career in national security work, first with the British Government, and then in the Canadian public and private sectors. In this space, I have watched the conversation on cybersecurity change rapidly over the past decade.
Chief among these shifts is that we have entered a new era of cyber-threat. We are facing faster and more furious attacks on an unprecedented scale, accelerated by expanding software supply chains and the proliferation of remote work. This challenge of cybersecurity has fundamentally gone beyond the one which is human-scale and has led several organizations to turn to advanced technologies, like AI, to augment their security teams. This technology has been essential to returning the upper hand to cyber-defenders and allowing them to manage cyber-threats not only if but when they emerge.
What’s the most challenging part of your job as a privacy professional?
I am a security professional rather than a privacy advocate. For me, there is no privacy unless there is security – security tools, protocols, and regulations ensure that the privacy of our data and personal information is protected by both our governments and private companies every day.
Recently, there has been a strong movement to have privacy built into digital infrastructure by design (privacy by design), and this needs to be supported at every stage by security by design. This means that security is baked into an organization’s digital infrastructure and constantly at the forefront of employees’ minds across the entire enterprise, from the IT team, to the C-suite, and even to the lower level.
Can you discuss the evolution of small businesses’ concerns about cybersecurity? What do you think has changed in terms of those concerns? Where are we now and where we are going?
Small businesses have been impacted by the sudden digital transformation workforce shift caused by the COVID-19 pandemic. This digital transformation was already happening, but the pandemic turbo-charged it by forcing us to work from home, making the digital environments of businesses around the world even more complex and inter-connected.
This means that no one person or organization is immune from attack. The days of small businesses thinking they are too small/unimportant to be of interest to a threat actor are gone. If a small business or organization values its business and the privacy of its data, it must value security regardless of size or vertical. To this end, small businesses should be constantly reevaluating their cybersecurity strategies and turning to advanced technologies, like AI, to protect against these threats.
How is Darktrace addressing these concerns for small businesses?
Darktrace has been supporting small businesses since we brought our self-learning AI solutions to the world market in 2013, including here in Canada. AI is agnostic to business size or complexity and can detect, stop and investigate anomalous behavior that is indicative of malicious activity without the need for human intervention. This AI frees up that scarce human resource for the business solutions that will drive a small business forward.
What is your advice for moving forward productively for individuals and also corporations, government, large institutions, and other holders of data?
Look to the future of cybersecurity technology to secure your organization’s data. Self-learning AI is able to learn what is normal for an entire digital infrastructure, detect changes to that “normal,” and assess the impact of these changes. It can then alert security teams to the early stages of an attack and stop this activity in real-time – before the damage is done. This puts the advantage back in the hands of the defender where it belongs.