Mihai Popa, Chief Information Security Officer (CIS) at Bridgeworks features in this article from Computing Security to discuss the increasing need for WAN Acceleration to minimise real-time cyber threats.

MAY/JUNE

 

Crime Pays…And Pays

GLOBAL CYBERCRIME DAMAGE IS PROJECTED TO COST MORE THAN £12 USD TRILLION ANNUALLY BY 2031. HOW CAN THAT PROFLIGATE WASTE BY HALTED?

Global cybercrime damage is project to cost more than $12 USD trillion annually by 2031, according to Cybersecurity Ventures. In the face of such of threat, how do organisations evolve at the highest levels to become capable of understanding content, detecting intent and predicting threats? And who within those organisations should be driving the changes needed to get there – and how is that to be achieved to the best effect?

In response, Peter Smails, SVP, general manager, cloud native, SUSE, says organisations can’t afford incremental improvements; they need a fundamental shift in how they secure cloud environments. “Modern infrastructure is dynamic, distributed and API driven. Identities outnumber humans and attackers increasingly exploit misconfigurations, over permission roles and exposed control planes, rather than traditional network perimeters.”

To understand context, detect intent and predict threats, organisations must move toward a continuous, cloud native security operating model, he insists. “That starts with unifying telemetry across identities, workloads, clusters and services, so signals aren’t analysed in isolation. Threats in the cloud rarely look like ‘events’; they look like subtle deviations in behaviour, privilege or configuration. Only correlated, real time content can surface intent early enough to act.”

“Who drives this evolution? It requires CISOs, CTOs and platform engineering leaders working as co owners of the cloud operating model,” states Smails. “Security can’t sit on the outside of delivery anymore. It has to be embedded into the platform: policy driven, automated and enforced through the same pipelines that ship code. Automation becomes the default. Drift becomes observable and correctable.

“Boards also have a critical role. Cloud risk is now business continuity risk. When attackers target identity providers, SaaS admins and cloud backups, resilience becomes a strategic priority, not just a technical one. The organisations that succeed won’t be the ones with the most tools. They’ll be the ones with a cloud native security model capable of understanding context, inferring intent and predicting threats before they materialise.”

TRUST UNDERMINED

“Despite the billions invested in cybersecurity across the world, breaches still dominate the headlines”, comments Dave Silke, managing director, EMEA & APAC Centripetal. “And when they happen, the impact is deeply felt, not just by systems and balance sheets, but by people, teams and the impact on everyone’s trust. Breaches at organisations like Marks & Spencer and Jaguar Land Rover are not outliers; they reflect a familiar pattern. Security models are built to react, rather than anticipate. Overstretched teams are doing their best within constraints, but there is a quiet acceptance that breaches are simply part of modern life. That belief sits at the heart of the problem.”

Boards approve budgets with compromise assumed. CISOs plan around detection and response, and SOCs are left carrying the weight when things go wrong. “Over time, this creates a sense o inertia, a feeling across CISOs and IT teams that there is little more we can do. Everywhere, we are reminded of the when, not the if, of a cyber breach. Success is measured by the speed of response, rather that the calm confidence of prevention.”

But adding more tools to an already crowded stack doesn’t change this trajectory, says Silke. “Today’s SOCs are overwhelmed by tens of thousands of alerts each day, many of which are false. Even AI, for all its promise, is often applied simply to optimise an unsustainable system, rather than to reimagine it. To evolve, organisations must reconnect with proactive intelligence. Proactive threat intelligence has long been relied upon by governments and defence communities, and offers a fundamentally different mindset. By identifying and blocking known bad activity before it ever reaches the stack, we reduce noise, restore focus and give teams space to think, not just react.

Most cyberattacks are not new. “They are old threat, repeated and amplified through automatic and scale. That makes them predictable, and crucially, printable when intelligence is applied with intent. When known bad traffic is stopped upstream, alert volumes fall dramatically, lifting the fog of fatigue that clouds today’s SOCs.”

This is an invitation for CISOs to pause, reflect, and challenge familiar assumptions. To look beyond tradition metrics. And to rebalance investment away from constant reaction, towards intelligence led capabilities that return a sense of control. Ransomware does not have to remain a cost of doing business, and the future doesn’t have to fell this reactive.”

KEY SHIFTS

To address the damage threat, organisations need to constantly evolve, comments Mihai Popa, CISO at Bridgeworks. “This requires the capability to understand context, detect intent and predict threats. In fact, organisations need to move beyond reactive security models to adapt a context-drive, intelligence-led approach.”

This means, correlating data across networks, endpoints and cloud environments to build a real-time understanding of behavior – not just events. “At the highest level, this evolution requires three key shifts: from siloed visibility to unified observability across hybrid and multi-cloud environments; from signature-based detection to behavioural analytics and AI-driven insights; and from perimeter defence to data-centric security.” Equally important, adds Popa, “is the ability to securely move and analyse data at speed.

If organisations cannot efficiently transport large datasets between environments, their ability to detect patterns and predict threats is severely constrained. This is where WAN performance and security converge – enabling fast, secure data movement to ensure that threat intelligence is both timely and actionable. 

BOARD-LEVEL IMPETUS

He continues: “Transformation must be board-level driven, with accountability sitting across the CISO for security, risk and governance; the CTO and CIO for architecture and technology enablement; and the CEO, as well as the board, for prioritisation, investment and organisational culture. This is because cybersecurity is no longer an IT issue; it is a business risk issue.”

Cloud security, networking and infrastructure teams must operate as a single, aligned function, particularly in cloud environments where performance and security are tightly interdependent. “This requires a layered, integrate approach that involves zero trust architectures, encryption in transit and at rest, cloud native security tools, such as CSPM, CWPP workload protection, advanced threat detection that leverage artificial intelligence and machine learning for anomaly detection.”

Security tools are only effective, if they can inspect, analyse and act on data promptly. Poor network performance creates blind spots. “With WAN Acceleration, organisations enhance cloud security by reducing exposure windows, improving backup and recovery times, while enabling faster forensic analysis,” Popa states.

“WAN Acceleration plays a critical – and often underestimated – role in cloud security. Deploying it mitigates WAN latency and packet loss – expediting encrypted data transfers without compromising on cloud security controls, so that organisations can detect cloud threats sooner, respond faster and recover more effectively.”

 

Click here to read the article on Computing Security, page 32.