CNME Editor Mark Forker spoke to Nima Baiati, Executive Director & General Manager, Cybersecurity Business Unit at Lenovo to discuss all the security challenges currently facing enterprises in our ‘work from anywhere’ world – and how Lenovo is emphasizing the importance of connecting with people on a human level in a bid to retain their strong values, ethos and culture.
Nima Baiati is one of the most prominent, respected and revered cybersecurity leaders in the IT ecosystem.
Last year, he along with 21 other leaders from the cybersecurity ecosystem co-authored a book entitled; Back to Basics: Focusing on the fundamentals to boost cybersecurity and resilience – which was received to great acclaim from the security industry.
In a candid interview with CNME, Baiati spoke in detail about the security challenges that businesses face following what he described as a ‘rapid shift’ to a work from anywhere world.
We now know that employees working remotely are extremely vulnerable and susceptible to cyberattacks, but as Baiati pointed out from a business perspective employee well-being improved and productivity grew exponentially in many cases.
“I think the first element of this question is to look at it from a contextual standpoint. I think over the last three years, we have seen this overnight shift to a work from anywhere world for the knowledge worker. The actuality behind that, was the fact there was a trend going on for years in terms of hybrid work in the knowledge space. However, there has been a rapid shift to a work from anywhere world for all types of industries – and from a business perspective one thing that became pretty evident was employee productivity increased, and people were generally happier because they had a better work life balance,” said Baiati.
However, according to Baiati the implications of this shift from a security perspective were quite significant.
“We witnessed a lot of growing pains early on, especially in terms of collaboration tools that were not necessarily designed to support an enterprise’s communication method. It became evident that there was quality of service issues in terms of bandwidth and compute power, but from a security perspective the crux of the situation was really a change in the paradigm in how compute is done,” said Baiati.
Baiati also highlighted that the traditional models of security that many enterprises had in place were archaic, outdated and unable to support this shift to a work from anywhere world.
“The traditional model of security in place was the castle and moat approach, which is essentially where you have the corporate environment as your castle, and then as organizations you built moats around that in the form of intrusion prevention systems, firewalls and antivirus solutions and so on. But with this shift to a work from anywhere world that model didn’t change at all. That model has significantly evolved to the point that every end-point device is now its own castle and requires its own moat. The cold stark fact is no matter what way you want to put it every employee’s device is now their organization’s network,” said Baiati.
The dynamic Lenovo executive also stressed the need for businesses to design their security model to compliment the business aspects of their organization, claiming that both needed to work in tandem to achieve the security outcomes that they want.
“I think it’s very important that to deliver effective security you need to be marrying security with the business aspect of the organization. When we talk to our most mature organizations in terms of our customers – the most mature organizations that I see are those that have that marriage in which security understands what is the business that my organization is in. I’m not just looking at security from the standpoint of let’s throw as much of this as we can at the wall and see what sticks. Take for example, you’re a business that is in a highly regulated industry, and you have certain data centre retention and GDPR requirements. Then you need to build a security model that matches that, whilst enabling and empowering your employee with the ability to continue to be able to collaborate, be productive – and ultimately work from anywhere,” said Baiati.
Lenovo has enjoyed huge success over such a sustained period of time, and many onlookers have claimed that one of the key components of its success has been the ‘culture’ it has created within their organization – which has fostered an environment designed to allow its employees to flourish and innovate.
However, many business leaders have expressed their concerns that their culture has been eroded somewhat due to this shift towards a hybrid workforce.
Lenovo is not immune to these challenges – and Baiati outlined some of the measures he has taken to ensure Lenovo retain that strong sense of culture that is so critical to their success.
“From my own perspective there were team members that I onboarded during the pandemic, who I didn’t meet in a face-to-face capacity for over a year. What we did was make sure that there was a lot of communication and interaction with our new employees before they were actually onboarded into our team. Our onboarding team really went above and beyond during that period – and really heightened their level of communication with them. We also did virtual new hire sessions, now whilst they were not ideal in the sense that in-person new hire sessions are much better, but it was still very effective way for us to give them a better understanding in what our values and principles are as an organization,” said Baiati.
As the world has emerged from the cloud that was the COVID-19 pandemic, Baiati disclosed that they are meeting regularly in a physical setting in a bid to connect on a human level.
“Since moving out of the pandemic – we have started to really leverage face-to-face interaction for team building and workshops. There are some things that you can do easier, and faster when you’re sitting with a group of people in a conference room with a whiteboard as opposed to a virtual session. However, what we have also done is use those times to really connect at the human level, and that is so important. I believe that sometimes you have to go out and have a fun dinner, and not talk about work at all – and that is so important in terms of building those new relationships and maintaining that culture. The conference room doesn’t define who we are as people, we’re a blend of the two. It’s so important, especially in the current environment that we build and foster new relationships that only serve to strengthen our organization as a whole,” said Baiati.
Over the last number of years, we have witnessed some devastating ransomware attacks that have had lasting economic and brand ramifications for the entities that have fallen victim to these attacks – but Baiati believes the volume of ransomware attacks are only going to increase over the next few years, citing the fact that these cybercriminals operate like businesses.
There has been a spate of cyberattacks targeting healthcare and educational institutions, but Baiati said that a combination of the risk v reward ratio that is stacked in favour of the hacker and the sensitive data held in these industry verticals make it a very attractive proposition for cyber gangs.
“I think the first place to begin with is to look at it from an attacker’s perspective. In relation to education, and this is something I’ve spoken about a lot recently, and a very valid question that is frequently asked, is why would a hacker target a primary school, what is the benefit of that? However, the simple fact of the matter is that malicious hacking is a business. Many people still have this misguided perception that a hacker is someone sitting in their mother’s basement hacking, but the reality is these organizations are run like businesses and are driven by ROI. The ROI of attacking a primary school system is very good, there is very little risk because they know it’s highly likely that there will be no attribution put back to them,” said Baiati.
In addition to the low risk associated with targeting an industry vertical like education is the fact that the rewards are high.
“If you examine the reward scenario if a hacker steals hundreds of 12 years-old national security numbers then they essentially have hundreds of identities, who crucially won’t know their identities has been stolen until they are 18 years-old and go to apply for their first credit card. It’s an attractive vertical, because the risk is low, and if I’m not successful, so what, what is there to lose,” said Baiati.
Anti-fragility is a term that Baiati has used a lot when discussing Lenovo’s ThinkShield cyber security offering and how businesses can have a more effective and robust security architecture – but what exactly is anti-fragility, and how is Lenovo leveraging their portfolio of solutions to help enterprises become more secure.
“At its core it really is a concept of being agile. I grew up in the world of agile software operating in that modality and if we learned anything from the pandemic then it was the fact that organizations that had agility built into business models and IT, and those two go hand-in-hand, were the companies that thrived and survived. As we continue to immerse ourselves in this already hyperconnected world that we live in you need to be agile. Now there is no true way to plan for every eventuality and possibility, but it’s building that level of security within your security stack that is crucial. The key to do that is leveraging solutions that are built and delivered as-a-service – and being able to work with partners like Lenovo that can bring a multitude of capabilities to deliver a solution to that customer,” said Baiati.
Baiati concluded a fantastic discussion by outlining what he believed differentiates Lenovo from its market competition.
“I think what differentiates Lenovo is the people and the culture. We have a very strong culture at Lenovo that is focused on innovation and driving technology outcomes tied to business for our customers, and that’s part of our DNA and global footprint around R&D. In addition to this, when it comes to areas around security, unlike a sole point product security solution vendor who is addressing one piece of the problem, we are very different. Because of our hardware and software cloud marriage – and the fact we are the largest enterprise OEM in the world, we are able to build security intrinsically. It is end-to-end, and has the ability to have value added on to it through solutions and services, but it also reducing a lot of the complexity that is out there,” said Baiati.