Platform

Insights You Need

ColorTokens Named a Forrester Wave Microsegmentation 2024 Leader Badge

Download Report

By Industry

By Use Case

Services ZERO TRUST AS A SERVICE

Let's Win Together!

Partner Program Overview

Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.

Learn More
Become a Partner

Resource Center

View all Resources

Asset Type

Customer Success Stories

View all
What's New
Analyst Mentions, Awards, & Certifications
View All
platform-forrester-badge

ColorTokens named a Leader in the Forrester Wave™ Microsegmentation Solutions report.

Download Report

ColorTokens named a Leader again. The only vendor among 15 to achieve a perfect 5.0 across key feature categories.

Access Report

Xshield™ earned a spot on Constellation's Shortlist™ for Microsegmentation

Learn More
arrow Back
March 10, 2026 | 29 min

How to Be Breach Ready Against AI-Powered Cyberattacks

Cyberattacks are accelerating in the age of AI-powered threats, and prevention alone is no longer enough. The real question organizations must answer today is: Are you breach ready?

In this episode of Breach Ready Dialogues, host Agnidipta Sarkar speaks with Jon Collins, VP of Engagement at GigaOm and former GCHQ security engineer, about how cybersecurity strategies must evolve as attackers adopt artificial intelligence and organizations face rapidly expanding attack surfaces.

They discuss why traditional security architectures struggle against modern threats, how security tool sprawl increases operational complexity, and why enterprises must redesign their environments to reduce attack surfaces and contain breaches before they spread.

Using the well-known Tom and Jerry security analogy, the conversation explores practical strategies to help organizations shift from endlessly chasing attackers to building resilient systems that limit blast radius and keep critical operations running even during a breach.

If you are a CISO, security leader, or architect navigating AI-driven cyber risks, this discussion provides valuable insight into how breach readiness and resilient architecture can change the way organizations defend themselves.

Agni and Jon Collins

Agnidipta Sarkar: How are you doing?

Agnidipta Sarkar: Do you, I can’t hear you.

Jon Collins: There’s a button on the microphone. Which if you touch it. If you move the microphone it, it switches on. Sorry. Yeah. This is a period of relentlessness and then it’s a period of calm just gotta get through it.

Agnidipta Sarkar: Yes. And especially for, I’m planning to release a video on.

Agnidipta Sarkar: People should be doing thinking about for the year end, because this is the time to be breach ready? If you were not ready so far, this is the time to rush.

Jon Collins: Yeah, now. Now’s the moment. Yep.

Agnidipta Sarkar: Now’s the moment. Okay. So a quick recap of what we are doing today. We are talking about being breach ready, and we are talking about your experience.

Agnidipta Sarkar: We are talking about my experience. And let me just check where Rupa May is. I’m not sure if we have an audience. No, we don’t. This is just between you and me. Okay.

Agnidipta Sarkar: Okay, so because they say it seems to have been written as a webinar, so let me just check once

Jon Collins: Sure thing.

Agnidipta Sarkar: I’ll just go get my mobile and I’ll call her.

Jon Collins: Okay. Do.

Agnidipta Sarkar: So what’s new in. What you’re doing now. Is there any specific area of your focus?

Jon Collins: Oh, goodness. I think that that’s a very long answer to a short question. So I’ll keep it short. The industry’s changing. The technology industry’s changing. The analyst industry’s changing and gig.

Jon Collins: Gig got a new CEO 2 months ago what there’s a kind of what isn’t new about, about what’s going on, but I think the big new thing is that we see a huge opportunity to to represent end user enterprises better and deliver more value rather than, yeah, there’s a whole world of people that’ll tell you what to do.

Jon Collins: Until you, they’re right. There’s not that many people communicating backwards understanding enterprises and therefore aligning enterprise needs with what vendors can do. And I think we really see that kind of closed loop opportunity to help vendors help their customers.

Jon Collins: But say again.

Agnidipta Sarkar: Is that your sweet spot?

Jon Collins: We’re all ex practitioners how Howard, our CEO now is, he was a CIO, he was a cso. He can’t stop that part of his, he can’t switch off that part of his brain. Whereas if you’ve got people that grew up in the world of marketing or the world of research, they’ve never switched it on.

Jon Collins: Sweet spot versus natural place. Yeah. And then obviously it’s, okay, so how do we generate value and scale out of this? Is always the challenge, but it’s a not very occupied space right now.

Agnidipta Sarkar: Let me start and then, we can dwell on what you just said.

Jon Collins: Okay.

Agnidipta Sarkar: So let me tell everybody, hi, this is Agni and I’m back with another edition of B Breach Ready Dialogues. And I have Tom here with me from Giga Home and every time I’ll let Tom introduce himself, but I’m very happy that we have got another view to breaches and that is the analyst view, Tom.

Agnidipta Sarkar: To you.

Jon Collins: Okay. So yeah Jon Collins VP of Engagement at Giga Arm.

Agnidipta Sarkar: Oh no, hold on. I think I got it wrong.

Jon Collins: No. Yeah, you said Tom, but I was just,

Agnidipta Sarkar: yeah.

Jon Collins: Hang on.

Jon Collins, VP of Engagement, Giga Om

Agnidipta Sarkar: Yeah. Hi everybody, my name is Agni and I’m back with another edition of the Breach Ready Dialogues, and I have Jon Collins from GigaOm with me today.

Agnidipta Sarkar: As usual, I’ll let the guest describe himself. Jon, over to you.

Jon Collins: Okay. Thank you so much for having me on this. So yeah, Jon Collins, VP of Engagement at GigaOm, which is a very broad title, but ultimately it means connecting better with the enterprises and connecting with the vendors. ’cause at GigaOm, we’re all about the win-win between the the supply and demand.

Jon Collins: My, my background’s I, I used to work at GCHQ as a security engineer. Before that I was a programmer and I’ve. Been, I’ve spent my time as a consultant on DevOps and agile processes, so Dev Second Ops is my is my sweet spot, if you like. Very happy to be here.

Agnidipta Sarkar: Oh, thank you. I heard you talk about GCHQ. So my first introduction to that word was when I read a book by Simon Singh called, the it’s about encrypt. Oh, the

Jon Collins: code something

Agnidipta Sarkar: code. The code

Jon Collins: book. Yeah, the code book. That’s the one, yeah.

Agnidipta Sarkar: And it tells you a story of how codes have evolved over time and the whole great thing about Alan Tier and the history of GCHQ.

Agnidipta Sarkar: So why don’t we start about with that experience? What was your experience there? And to, to the rest of the others who, who don’t know about. GCHQ, it’s like the hallowed world of

Jon Collins: Sure.

Agnidipta Sarkar: Spies and mathematicians. And you know what the great things,

GCHQ, security operations and being a rockstar

Jon Collins: it’s essentially the, there’s nothing that hasn’t been published that I’m not gonna say there’s many negatives there, but it’s, a bunch of operations and technical engineers, people, there’s mathematicians and very smart people. There’s analysts that then make sense of various communications going back and forth. And then there’s the people that run it all. There’s the admin side of it. And I was working in the engineering teams helping the mathematicians support the analysts, if you like.

Jon Collins: E each one has its personality type as very deep academic type mathematician. People are a certain character so that was fascinating. They still very much liked using text editors to program in lis. For example I remember that. And then it was just at the time, this was the late nineties and it was just at the time where networking was moving.

Jon Collins: IP existed already, but the backbone was still things like frame relay or switching the old fashioned switching networks and X 25 connections and so on and so forth. That was fascinating to be involved in that kind of. Telecoms switch over and then I did my time as a pen tester and was trying to break in systems and pen testing.

Jon Collins: Sounds exciting, but it’s very dull. It’s very much about trying things and trying things and setting out tests and writing up the results and so on and so forth. And then you find something that kind of shouldn’t be there and you go, oh, yay. But it is, it’s. It’s almost like being an archeologist where there’s, hours and hours of dullness and then the occasional exciting find.

Jon Collins: I imagine that sounds very much like security operations. Yeah, exactly. Exactly. It’s 90% of the time is very, it’s also, I understand according to one of the Rolling Stones, a bit like being a rockstar. You spend many hours of boredom with a few hours of excitement.

Agnidipta Sarkar: A rock star. Yes. Did I just hear you compare security operations to being a rock star?

Jon Collins: I, yes. You literally did. You literally did. And I think there’s mileage in that because a lot of the work is about just knowing the routine committing to patterns being able to work in a team. Et cetera, et cetera.

Jon Collins: And then you get very short periods of fame. The difference with being a rock star is people like you. Nobody wants a security engineer to pop up and say there’s some, a big breach has happened.

Agnidipta Sarkar: Or a pen tester.

Running cybersecurity operations is like running the Office of NO

Jon Collins: Exactly. Yeah. No, no one wants the results. ‘Cause you are always the bearer of bad news, aren’t you?

Jon Collins: The, security departments the office of No. Yes. Yes. And

Agnidipta Sarkar: it should be renamed as that.

Jon Collins: It’s it’s, it, I dunno, which I’d prefer less, to be honest, to be a security engineer or to be a help desk operative because help desk operatives are constantly getting a barrage of complaints and security.

Jon Collins: Engineers are telling people bad news all the time. It’s, yeah. We,

Agnidipta Sarkar: I

Jon Collins: think you choose that.

Agnidipta Sarkar: What I meant was we should re rename the security operations team as the office of no.

Jon Collins: Oh, a hundred percent definitely. Yes. It’s it’s I don’t think we’d be the first if we did though. I think that’s there’s many teams that feel that way, even if they don’t call themselves that.

Agnidipta Sarkar: Let’s come back to your current work. And so at at Giga Home tell us what you’re doing now and how is it connected to breaches? What has been your experience in the past few months?

Jon Collins: There, there’s an interesting so let me just say first what, so a GigaOm we, we evaluate technologies largely that’s our bread and butter.

Jon Collins: We write radar reports which closely map to. If an organization’s putting an RFP together, our approach, our research approach is we put a kind of RFP together, a set of requirements. Some are table stakes, some are differentiating, and then we’ve got functional and non-functional requirements, et cetera.

AI is the latest and greatest creator of unprecedented attack surfaces

Jon Collins: And then we do a compare the market on, on those technologies one of the issues that we have and 40% of our work, we do over a hundred reports a year. And 40% of them are so that’s gonna be 40, isn’t it? Are security related. So we’re pretty heavily invested in the security space, but the big challenges that people face with security.

Jon Collins: Generally boil down to complexity and change every time there, there’s always more attack surface that’s being opened up. AI is the latest, greatest creator of new and very different attack surfaces, and it’s all happening very fast. So there’s a security person you’re trying to keep up with that and the tooling market, is it?

Jon Collins: It’s not fantastic because it assumes stability. When you create a tool for anything, you assume that people are gonna be using it for two to two to five years, whereas there’s so much change in the security space that a lot of the tools, even the ones that, and there’s a whole wave, as you can imagine, of tools that we’re seeing come out right now with, how will we su secure your MCP service?

Jon Collins: How do we how do we protect your prompt and so on. They will probably be out of date in a year’s time. So how do you keep up with that as as someone that’s trying to make decisions around technology? It’s a big challenge.

Agnidipta Sarkar: Actually, I remember I was speaking somewhere and I think it was Sarah I was speaking to a friend of mine and then we started talking about Tom and Jerry.

Agnidipta Sarkar: In today’s world, always a good conversation

We need to begin proactively removing attack surfaces; no attack surface, no attack.

Agnidipta Sarkar: In today’s world. Everyone is becoming a Tom. Every security tool is a Tom trying to chase Jerry, which is the attacker. And no matter what Tom does, Jerry always slips past. Sometimes Tom manages to catch Jerry, but then it’s short-lived. Sooner or later some something else Jerry ends up doing and Tom has let go of Jerry.

Agnidipta Sarkar: On the other hand, there is this dog in the family. Which who’s, who actually sits on the refrigerator and he knows that the cheese is in the refrigerator. And Tom and Jerry needs to go to cheese and he has a baseball bat with him. I think the name of the dog was Brutus. And then

Jon Collins: That’s correct.

Agnidipta Sarkar: Jerry on the head with the baseball bat. Every time he gets to the fridge. So I remember that and, it’s we had to get great laugh at it and we realized that’s what’s happening in the industry right now. As you said, everyone wants this is the latest on what you can do with your MCP servers.

Agnidipta Sarkar: This is what you need to do about this and that. But the fact is, AI or human, if there is no path to attack, there is not going to be an attack. AI can’t create a path for itself to attack. If you’re not allowed a path. So I think that’s my approach to this whole new thing that’s happening that’s called ai and I’m saying that I’m going to counter AI with no ai.

Agnidipta Sarkar: By being dumb, by saying that yes, we have an MCP server, but you just can’t reach it because it’s not visible because. We have managed to redefine the attack surface in such a way that’s just not visible. So it’s essentially hide the fridge, is that right? So hide the fridge. Yes. Brilliant. You got me there.

Agnidipta Sarkar: That’s what we are trying to do. So because we are not people who’s going to who, who are going to carry a baseball bat and hit Jerry on the head. We can’t do that. Not any longer, we would love to, but not any longer. So what we need to do also is that we not only need to hide, we not only need to hide the fridge, we also need to make sure that the cheese, which is inside the fridge, is available to the hostess when she wants to come.

Agnidipta Sarkar: Come and have it. That’s what we are focusing on. But what do you think of this approach? Do you think it

Build a Harry Potter style invisibility cloak and put it over critical assets

Jon Collins:I was just thinking through the history of security as you spoke. So bear with me as I worked towards the answer, but a long time ago, risk avoidance was possible. Then so literally just when everything was air gapped, you could say let’s just build a wall around it and we’ll be fine.

Jon Collins: That, that’ll prevent anyone from coming in. And then a complexity grew and so we had to move to risk management approaches. And they would, and we had defense in depth to, to and all the things we have about authentication, authorization, the start of identity management and so on. But then I remember the Jericho Forum in the two thousands ’cause the walls come tumbling down in the city of Jericho saying, that the boundary.

Jon Collins: Approach to security was broken and it was more about permeability, which is your point about Tom and Jerry. It’s there’s always new ways to get to the fridge. Then cloud came along which. It essentially gave the attackers scale. They could suddenly, cloud and distributed computing botnets and so on gave these opportunities to attack any which way.

Jon Collins:So they just ended up being. More and more Toms or more and more brutes, whichever way you wanna look at it. And or Jerry’s, hang on. No, it would be Jerry’s.

Agnidipta Sarkar: Jerry’s.

Jon Collins: So they, yeah. They just created a billion Jerry’s.

Agnidipta Sarkar: They created more Jerry’s and we created more Toms and they created

Jon Collins: more.

Jon Collins: Yes, exactly. Exactly. And I think with the AI wave what’s, so I talked about complexity and change at speed, but the speed has accelerated. So now we’ve fed the Jerry Crypto tonight. So the ability to the number of new holes that’s appearing I’m very close to switching analogies and using the Swiss cheese problem of risk.

Jon Collins: So I’m not gonna do that, but it’s worth looking at. If your cheese is a Swiss cheese you’re stuck. But, I think we absolutely need to look for alternate approaches to how we’re trying to deal with the problem. Because whilst we might have moved from risk avoidance to risk management to an extent, we’re still using decades-old thinking.

Jon Collins:There’s still a defense in depth. Oh, we’ll be okay ’cause we’ve got walls, et cetera, feeling about the thing. And there isn’t time to, ti time is no longer on our side because of ai. New opportunities to break into systems. It’s, you can create a thousand new social attacks in a minute and try all of them.

Jon Collins: You can AB test all of them, get all the results in, and they can then use AI inside the company. So you can get some, you could get me, ’cause we’re all susceptible to type a prompt. That then access is a system I didn’t even know I had access to. And leave the results accessible for someone on the outside because all they’re looking for is to get in so that then they can expand or and ultimately it’s about the cheat, it’s about the data.

Jon Collins:We need alternate approaches. So what you are describing, there you go. That was the long preamble. What you are describing is how abouts. We make everything, we put an invisibility cloak over the whole thing. If I can switch Harry Tom and Jerry to Harry Potter?

Agnidipta Sarkar: Yes.

AI is changing our how we look at cyberattacks and breaches.

Jon Collins: From a risk management perspective, ultimately, risk is probability times impact.

Jon Collins: So how much is my question? Does that reduce the probability of an attack? Or how much does that reduce the probability of which types of attack? And in terms of. Certainly if you wanted my advice as a consultant switching hats, and if I was speaking to an end user organization, the most obvious paths to your data from the outside can’t afford to be left visible.

Jon Collins: So if there are alternative approaches to that, and I wouldn’t, I’m not here to back your horse, but if you propose one alternate approach to that, then it’s certainly worth a look.

Agnidipta Sarkar: Yes, and I’m not saying that because of of having one approach or the other. In fact I think we are living in times where there is no single solution that can solve the problem because every problem is context specific.

Agnidipta Sarkar: Every organization, if there are two organizations who are in the same industry and the same kind of business. Even their AI approaches are different. Their approach to risk management is different. Their approach to doing business is different, so they’re not the same when it comes to, Harry Potter’s invisibility cloak.

Agnidipta Sarkar: You need to figure out how really you want to get it done. It has to be context specific, but then you raised two points that are now, while you were talking, you’re making the long preamble. Number one was creating walls. Ever since the attacks, what I saw in 2025 is that attacks have moved on to edge devices.

Agnidipta Sarkar: Attackers are trying to use the edge devices themselves to walk in. So be it any kind of an edge device for, Fortinet was the most attacked, if I’m not wrong. When it comes to, and they had the most vulnerabilities as well. And then all those things that happened in between with Cisco’s and everybody else.

Agnidipta Sarkar: I’m not saying that they are insecure, but I’m saying that’s opened up one more hole in the wall. And the second thing that I saw in 2025 is that attackers are realizing that. Any organization that’s in the middle of a supply chain is the organization to attack. So earlier you would think that people would attack a NatWest bank.

Agnidipta Sarkar: Nowadays they figured out that’s a bad idea. I looked at the SitusAMC a MC breach that happened a few days ago, 15, 20 days ago. SitusAMC a MC was was a diligence provider to multiple financial institutions, 600, if I’m not wrong. They attack this company and because everyone from SitusAMC was a trusted partner for the banks and the financial institutes, they found a way in.

Agnidipta Sarkar: So they attacked SitusAMC first. Unfortunately for them SitusAMC was somehow got wind off what was happening. What we still don’t know yet, I know all the financial institutes shut out SitusAMC from their networks immediately, but what’s still not known is whether or not these guys managed to get into those financial institutes.

Agnidipta Sarkar: Okay. That’s a story for later time, but what I was trying to get at is. These two developments have suddenly made it clear that the attack surface as we know it, is not going to be the same forever. You talked about permeability. I think over time as technologies evolve with AI coming in, you talked about speed, scale of ai.

Agnidipta Sarkar: I think AI will also be able to. Exploit and use permeability from different points of view from different approaches because they’re not limited. Until a few days, few years ago, nobody would’ve thought that exploitation of a help desk would shut down a car retailer for such a long time.

Jon Collins: Exactly. But it did, and I think. So all that I was saying is what it boils down to is that I believe, and I think you might agree with that point of view. I think we need to shift the focus. I’m talking about end user organizations only, and again as an evangelist, I think we need to shift the focus of investing in newer, fancier security tools to consolidating what we have and focusing on how can we build foundational capabilities that have.

Agnidipta Sarkar: The ability to customize that can be customized to that specific context and focus on these possibilities of denying anybody, I, you said hiding the fridge, right? Of hiding the fridges and stuff like that. Can it be done foundationally? Can it be done? Can it be, by design, can it be resilience by design?

The question today is whether you can WITHSTAND an AI-powered attack

Agnidipta Sarkar: Because I know as you talked a lot about risk management. But I think one of the essential elements of risk management today is how resilient are you? Can you really withstand an attack? I know many people don’t talk about withstanding. I thought that was a great word.

Jon Collins: There’s there’s a lot to unpack there.

Jon Collins: Any the first thing, and the last thing I want to talk about is responsibility in the context of architecture. And I think. If there’s one piece of advice I’d like to leave people on, I know we’re not finished, but it’s about taking responsibility for your entire architecture. Of both infrastructure and security tools.

Jon Collins: And seeing them at the level above just tools or just services or whatever. And that’s leaving gaping holes in the attack surface that we are thinking too low level and what the we’ve talked about this before. An issue we have in the security industry is the way that. Products are marketed.

Jon Collins: So if you are a startup in the security space, you are thinking, how can I create a differentiated solution? How can I create new category for that differentiated solution? And you rush into the market with an entirely new way of solving a bunch of security problems that overlaps heavily with others.

Jon Collins: But the problem with doing that is you’re then. Creating more complexity in your own space? Yes, and I think that the se the way that we deploy security to the way we procure, secure, and deploy security tools today is actually adding to the attack surface. Ops tools, as you say, help desk tools and so on.

Jon Collins: We’re creating process level vulnerabilities. We’re create, we’re slowing down our ability to react. We’re giving ourselves events information in more than one source. We are making it. Hard to integrate, get an integrated view of identity. And we do the cautionary moment is Palo Alto, for example.

Jon Collins: When it said no we’re pulling everything into the same platform and for, this was last year and for a while it’s share price plummeted. Because the their inve, Palo Alto’s investors didn’t like that they had less products to sell, but actually they did absolutely the right thing to, to reduce the complexity of their own solution set.

Jon Collins: So that’s the dilemma that’s happening on the vendor side, and therefore, it’s even more important for end user organizations to recognize that if you’ve got 50 plus tools, that’s actually part of your problem from a security perspective.

Agnidipta Sarkar: Yeah, and I think what you just talked about is a dilemma. Do we create new areas or do we think about cognitive bias where, the whole world is going in one direction.

Agnidipta Sarkar: As you said, Palo Alto was a big example of that because the world was, everyone had a cognitive bias that, they’re doing wrong, so they’re share price plummeted. True, but then I think you are right. I don’t know how we are doing on time, but I think we spoke a lot. And if you’re okay with it, we can, I can ask you one more question and we can end it there.

Being breach-ready means planning to keep critical businesses “unaffected” during cyberattacks

Agnidipta Sarkar: Oh, sure. And that question was more to do with breach readiness versus the preventive model as the earlier world was. How effective do you think, how important do you think it is important? It is to be, to think about what part of your business can remain unaffected by a breach versus thinking of business continuity.

Agnidipta Sarkar: ’cause I think those are two different words. Unaffected means the attack. It’s not going to reach there, even if it manages to breach a few. But business continuity is about the part that’s got affected. So what are your views about that? How do you feel that to be important?

Jon Collins: Fair to say, my views are pretty strong on this that it’s a human trait to start to.

Jon Collins: Feel that one’s area of the business is the most important. So if you’re in marketing, you think about marketing a lot. If you’re in sales, you think about sales a lot. If you’re in security, you think about security a lot, and that’s great, but it, if you are doing that to the detriment of thinking about the organization that you’re serving then you’ve got a problem.

Jon Collins: There’s two things, and I’m thinking of a, one of the recent major breaches in the uk. Was exacerbated by a lack of ability to recover. Because the documentation wasn’t there because the tooling had been deployed by new people and the people that had deployed the original stuff weren’t around to ask.

Jon Collins: That, that recoverability became a from the attack, became a huge aspect of what was going on. So it’s inexcusable to me to. For security as a whole, not to understand the higher priorities of the business. How does the business actually make money, and how does the business actually manage its reputation?

Being breach-ready is also about reducing the chance of the next attack

Jon Collins: Those sorts of questions. And then map that onto the systems that are being supported. And then secondly how to actually minimize the time between a breach occurring. Because breaches will occur. We, we can reduce the chances of that, but we can’t reduce it to zero. So how do we go for this is, to me, breach readiness is actually at the moment of a breach to know what to focus on, to know what steps to apply to bring the bus, the core parts of the business.

Jon Collins: Back into position as fast as possible. And as you say, that’s, it’s good old business continuity planning applied to No, I’m applied to, I was talking

Agnidipta Sarkar: about, sorry I interrupted you. What I was saying is the proposition that I’m making is slightly different. I’m saying that business continuity is for the business that got disrupted, but.

Agnidipta Sarkar: What if we design enterprises in a way thoughtfully through design? By consulting, making it context specific.

Jon Collins: Yep.

Agnidipta Sarkar: So that businesses get, should there be cyber attack? That attack remains where that attack originated. Which means the other parts of the business remain unaffected. And I’m stressing on the word unaffected because that’s contrarian to the business continuity view, which is.

Agnidipta Sarkar: To continue after disruption. I’m saying that if we are able to design enterprises in such a way that when the attack happens, large parts of the organization remain unaffected, which in turn means you are now thinking of business during cyber attacks to be 80% of the total versus business during cyber attacks, to be 15 to 20% of the total by invoking a business continuity plan.

Agnidipta Sarkar: That’s where I’m headed. That’s what I am thinking about. Yeah. Yeah. That, and that’s fair. What you’re essentially saying is don’t design a business like the Titanic. Exactly. So when you get a gas along the side, all parts of the yeah. It wasn’t possible for it not to sink.

Reducing the blast radius of every digital asset is a proactive approach to deny AI attacks

Agnidipta Sarkar: Exactly. And so to be able to manage the blast radius of an attack is. An absolute, it, it should be a fundamental part of the strategy. At, but the strategy, so where we agree I think is that at the moment, organizations and I think back to the IBM AI model, but I use this in every way.

Jon Collins: So moving from reactive to active to proactive, and the AI model adds predictive, which is. Lovely. But if you’re in reactive, you can’t get straight to the highest level of maturity without going through an active stage. So the first stage to me is to identify yes. The critical parts of the business.

Agnidipta Sarkar: Exactly.

Jon Collins: Then it’s to build the risk-based protections around those. And to your point, a very good risk-based protection is to minimize if one of those gets taken out, the other ones don’t.

Agnidipta Sarkar: In, then

Jon Collins: that, that’s perfectly valid pattern.

Agnidipta Sarkar: Oh, thank you. You agree with me? Finally, I’m I was talking to another person and he said and this is practically what he told me.

Agnidipta Sarkar: The press notice that goes out today is we had an unprecedented cyber attack. In order to protect the interests of our stakeholders, we are gonna shut down. From here if we, if that note, press note, moves to, we had an unprecedented cyber attack and in despite that, we continue to serve our customers and our stakeholders.

Agnidipta Sarkar: We have hired security specialists to look at the nature of the attack, but we are working for you. That changes the whole dimension.

Jon Collins: Yeah, if it was a, a retailer, for example, you could say we’ve had this unprecedented cyber attack and we’re unable to give you credit right now, but you can still buy things.

Digital and AI businesses must consider service based architectures

Jon Collins: And it’s it’s just literally limited, limiting, i’m a huge advocate of service-based architectures, whether you from any form. So if one part of the service goes away then you should have loosely coupled services rather than tightly coupled services so that the other coup, the other services don’t get dragged down by the loss of one.

Jon Collins: It should. I’m, so luckily what I said in the middle of this was it’s about responsibility for your architecture. It’s about making the right architectural choices and actually building in a resilient architectural design, not at the not at the business level, but at an application and service level to serve those bits of the business.

Jon Collins: I think we thoroughly agree on, on, on your notion there.

Agnidipta Sarkar: Thank you so much for finally agreeing with me and I think I enjoyed talking to you. I hope you did too. And there are a lot of nuggets that you’ve given, which I will, which I’m going to take over to my next breach early dialogue that I’m going to have with anyone else.

Agnidipta Sarkar: And until now, I have had industry experts, I’ve had researchers. You are the latest to join the Breach Ready Dialogues. So thank you so much, Jon. It was lovely to chat with you.

Jon Collins: No problem.

xshield-logo

Explore the Platform

forrester-badge

Download Report

Request Your Free Customized Demo

Cyberattacks are accelerating in the age of AI-powered threats, and prevention alone is no longer enough. The real question organizations must answer today is: Are you breach ready?

In this episode of Breach Ready Dialogues, host Agnidipta Sarkar speaks with Jon Collins, VP of Engagement at GigaOm and former GCHQ security engineer, about how cybersecurity strategies must evolve as attackers adopt artificial intelligence and organizations face rapidly expanding attack surfaces.

They discuss why traditional security architectures struggle against modern threats, how security tool sprawl increases operational complexity, and why enterprises must redesign their environments to reduce attack surfaces and contain breaches before they spread.

Using the well-known Tom and Jerry security analogy, the conversation explores practical strategies to help organizations shift from endlessly chasing attackers to building resilient systems that limit blast radius and keep critical operations running even during a breach.

If you are a CISO, security leader, or architect navigating AI-driven cyber risks, this discussion provides valuable insight into how breach readiness and resilient architecture can change the way organizations defend themselves.

Agni and Jon Collins

Agnidipta Sarkar: How are you doing?

Agnidipta Sarkar: Do you, I can’t hear you.

Jon Collins: There’s a button on the microphone. Which if you touch it. If you move the microphone it, it switches on. Sorry. Yeah. This is a period of relentlessness and then it’s a period of calm just gotta get through it.

Agnidipta Sarkar: Yes. And especially for, I’m planning to release a video on.

Agnidipta Sarkar: People should be doing thinking about for the year end, because this is the time to be breach ready? If you were not ready so far, this is the time to rush.

Jon Collins: Yeah, now. Now’s the moment. Yep.

Agnidipta Sarkar: Now’s the moment. Okay. So a quick recap of what we are doing today. We are talking about being breach ready, and we are talking about your experience.

Agnidipta Sarkar: We are talking about my experience. And let me just check where Rupa May is. I’m not sure if we have an audience. No, we don’t. This is just between you and me. Okay.

Agnidipta Sarkar: Okay, so because they say it seems to have been written as a webinar, so let me just check once

Jon Collins: Sure thing.

Agnidipta Sarkar: I’ll just go get my mobile and I’ll call her.

Jon Collins: Okay. Do.

Agnidipta Sarkar: So what’s new in. What you’re doing now. Is there any specific area of your focus?

Jon Collins: Oh, goodness. I think that that’s a very long answer to a short question. So I’ll keep it short. The industry’s changing. The technology industry’s changing. The analyst industry’s changing and gig.

Jon Collins: Gig got a new CEO 2 months ago what there’s a kind of what isn’t new about, about what’s going on, but I think the big new thing is that we see a huge opportunity to to represent end user enterprises better and deliver more value rather than, yeah, there’s a whole world of people that’ll tell you what to do.

Jon Collins: Until you, they’re right. There’s not that many people communicating backwards understanding enterprises and therefore aligning enterprise needs with what vendors can do. And I think we really see that kind of closed loop opportunity to help vendors help their customers.

Jon Collins: But say again.

Agnidipta Sarkar: Is that your sweet spot?

Jon Collins: We’re all ex practitioners how Howard, our CEO now is, he was a CIO, he was a cso. He can’t stop that part of his, he can’t switch off that part of his brain. Whereas if you’ve got people that grew up in the world of marketing or the world of research, they’ve never switched it on.

Jon Collins: Sweet spot versus natural place. Yeah. And then obviously it’s, okay, so how do we generate value and scale out of this? Is always the challenge, but it’s a not very occupied space right now.

Agnidipta Sarkar: Let me start and then, we can dwell on what you just said.

Jon Collins: Okay.

Agnidipta Sarkar: So let me tell everybody, hi, this is Agni and I’m back with another edition of B Breach Ready Dialogues. And I have Tom here with me from Giga Home and every time I’ll let Tom introduce himself, but I’m very happy that we have got another view to breaches and that is the analyst view, Tom.

Agnidipta Sarkar: To you.

Jon Collins: Okay. So yeah Jon Collins VP of Engagement at Giga Arm.

Agnidipta Sarkar: Oh no, hold on. I think I got it wrong.

Jon Collins: No. Yeah, you said Tom, but I was just,

Agnidipta Sarkar: yeah.

Jon Collins: Hang on.

Jon Collins, VP of Engagement, Giga Om

Agnidipta Sarkar: Yeah. Hi everybody, my name is Agni and I’m back with another edition of the Breach Ready Dialogues, and I have Jon Collins from GigaOm with me today.

Agnidipta Sarkar: As usual, I’ll let the guest describe himself. Jon, over to you.

Jon Collins: Okay. Thank you so much for having me on this. So yeah, Jon Collins, VP of Engagement at GigaOm, which is a very broad title, but ultimately it means connecting better with the enterprises and connecting with the vendors. ’cause at GigaOm, we’re all about the win-win between the the supply and demand.

Jon Collins: My, my background’s I, I used to work at GCHQ as a security engineer. Before that I was a programmer and I’ve. Been, I’ve spent my time as a consultant on DevOps and agile processes, so Dev Second Ops is my is my sweet spot, if you like. Very happy to be here.

Agnidipta Sarkar: Oh, thank you. I heard you talk about GCHQ. So my first introduction to that word was when I read a book by Simon Singh called, the it’s about encrypt. Oh, the

Jon Collins: code something

Agnidipta Sarkar: code. The code

Jon Collins: book. Yeah, the code book. That’s the one, yeah.

Agnidipta Sarkar: And it tells you a story of how codes have evolved over time and the whole great thing about Alan Tier and the history of GCHQ.

Agnidipta Sarkar: So why don’t we start about with that experience? What was your experience there? And to, to the rest of the others who, who don’t know about. GCHQ, it’s like the hallowed world of

Jon Collins: Sure.

Agnidipta Sarkar: Spies and mathematicians. And you know what the great things,

GCHQ, security operations and being a rockstar

Jon Collins: it’s essentially the, there’s nothing that hasn’t been published that I’m not gonna say there’s many negatives there, but it’s, a bunch of operations and technical engineers, people, there’s mathematicians and very smart people. There’s analysts that then make sense of various communications going back and forth. And then there’s the people that run it all. There’s the admin side of it. And I was working in the engineering teams helping the mathematicians support the analysts, if you like.

Jon Collins: E each one has its personality type as very deep academic type mathematician. People are a certain character so that was fascinating. They still very much liked using text editors to program in lis. For example I remember that. And then it was just at the time, this was the late nineties and it was just at the time where networking was moving.

Jon Collins: IP existed already, but the backbone was still things like frame relay or switching the old fashioned switching networks and X 25 connections and so on and so forth. That was fascinating to be involved in that kind of. Telecoms switch over and then I did my time as a pen tester and was trying to break in systems and pen testing.

Jon Collins: Sounds exciting, but it’s very dull. It’s very much about trying things and trying things and setting out tests and writing up the results and so on and so forth. And then you find something that kind of shouldn’t be there and you go, oh, yay. But it is, it’s. It’s almost like being an archeologist where there’s, hours and hours of dullness and then the occasional exciting find.

Jon Collins: I imagine that sounds very much like security operations. Yeah, exactly. Exactly. It’s 90% of the time is very, it’s also, I understand according to one of the Rolling Stones, a bit like being a rockstar. You spend many hours of boredom with a few hours of excitement.

Agnidipta Sarkar: A rock star. Yes. Did I just hear you compare security operations to being a rock star?

Jon Collins: I, yes. You literally did. You literally did. And I think there’s mileage in that because a lot of the work is about just knowing the routine committing to patterns being able to work in a team. Et cetera, et cetera.

Jon Collins: And then you get very short periods of fame. The difference with being a rock star is people like you. Nobody wants a security engineer to pop up and say there’s some, a big breach has happened.

Agnidipta Sarkar: Or a pen tester.

Running cybersecurity operations is like running the Office of NO

Jon Collins: Exactly. Yeah. No, no one wants the results. ‘Cause you are always the bearer of bad news, aren’t you?

Jon Collins: The, security departments the office of No. Yes. Yes. And

Agnidipta Sarkar: it should be renamed as that.

Jon Collins: It’s it’s, it, I dunno, which I’d prefer less, to be honest, to be a security engineer or to be a help desk operative because help desk operatives are constantly getting a barrage of complaints and security.

Jon Collins: Engineers are telling people bad news all the time. It’s, yeah. We,

Agnidipta Sarkar: I

Jon Collins: think you choose that.

Agnidipta Sarkar: What I meant was we should re rename the security operations team as the office of no.

Jon Collins: Oh, a hundred percent definitely. Yes. It’s it’s I don’t think we’d be the first if we did though. I think that’s there’s many teams that feel that way, even if they don’t call themselves that.

Agnidipta Sarkar: Let’s come back to your current work. And so at at Giga Home tell us what you’re doing now and how is it connected to breaches? What has been your experience in the past few months?

Jon Collins: There, there’s an interesting so let me just say first what, so a GigaOm we, we evaluate technologies largely that’s our bread and butter.

Jon Collins: We write radar reports which closely map to. If an organization’s putting an RFP together, our approach, our research approach is we put a kind of RFP together, a set of requirements. Some are table stakes, some are differentiating, and then we’ve got functional and non-functional requirements, et cetera.

AI is the latest and greatest creator of unprecedented attack surfaces

Jon Collins: And then we do a compare the market on, on those technologies one of the issues that we have and 40% of our work, we do over a hundred reports a year. And 40% of them are so that’s gonna be 40, isn’t it? Are security related. So we’re pretty heavily invested in the security space, but the big challenges that people face with security.

Jon Collins: Generally boil down to complexity and change every time there, there’s always more attack surface that’s being opened up. AI is the latest, greatest creator of new and very different attack surfaces, and it’s all happening very fast. So there’s a security person you’re trying to keep up with that and the tooling market, is it?

Jon Collins: It’s not fantastic because it assumes stability. When you create a tool for anything, you assume that people are gonna be using it for two to two to five years, whereas there’s so much change in the security space that a lot of the tools, even the ones that, and there’s a whole wave, as you can imagine, of tools that we’re seeing come out right now with, how will we su secure your MCP service?

Jon Collins: How do we how do we protect your prompt and so on. They will probably be out of date in a year’s time. So how do you keep up with that as as someone that’s trying to make decisions around technology? It’s a big challenge.

Agnidipta Sarkar: Actually, I remember I was speaking somewhere and I think it was Sarah I was speaking to a friend of mine and then we started talking about Tom and Jerry.

Agnidipta Sarkar: In today’s world, always a good conversation

We need to begin proactively removing attack surfaces; no attack surface, no attack.

Agnidipta Sarkar: In today’s world. Everyone is becoming a Tom. Every security tool is a Tom trying to chase Jerry, which is the attacker. And no matter what Tom does, Jerry always slips past. Sometimes Tom manages to catch Jerry, but then it’s short-lived. Sooner or later some something else Jerry ends up doing and Tom has let go of Jerry.

Agnidipta Sarkar: On the other hand, there is this dog in the family. Which who’s, who actually sits on the refrigerator and he knows that the cheese is in the refrigerator. And Tom and Jerry needs to go to cheese and he has a baseball bat with him. I think the name of the dog was Brutus. And then

Jon Collins: That’s correct.

Agnidipta Sarkar: Jerry on the head with the baseball bat. Every time he gets to the fridge. So I remember that and, it’s we had to get great laugh at it and we realized that’s what’s happening in the industry right now. As you said, everyone wants this is the latest on what you can do with your MCP servers.

Agnidipta Sarkar: This is what you need to do about this and that. But the fact is, AI or human, if there is no path to attack, there is not going to be an attack. AI can’t create a path for itself to attack. If you’re not allowed a path. So I think that’s my approach to this whole new thing that’s happening that’s called ai and I’m saying that I’m going to counter AI with no ai.

Agnidipta Sarkar: By being dumb, by saying that yes, we have an MCP server, but you just can’t reach it because it’s not visible because. We have managed to redefine the attack surface in such a way that’s just not visible. So it’s essentially hide the fridge, is that right? So hide the fridge. Yes. Brilliant. You got me there.

Agnidipta Sarkar: That’s what we are trying to do. So because we are not people who’s going to who, who are going to carry a baseball bat and hit Jerry on the head. We can’t do that. Not any longer, we would love to, but not any longer. So what we need to do also is that we not only need to hide, we not only need to hide the fridge, we also need to make sure that the cheese, which is inside the fridge, is available to the hostess when she wants to come.

Agnidipta Sarkar: Come and have it. That’s what we are focusing on. But what do you think of this approach? Do you think it

Build a Harry Potter style invisibility cloak and put it over critical assets

Jon Collins:I was just thinking through the history of security as you spoke. So bear with me as I worked towards the answer, but a long time ago, risk avoidance was possible. Then so literally just when everything was air gapped, you could say let’s just build a wall around it and we’ll be fine.

Jon Collins: That, that’ll prevent anyone from coming in. And then a complexity grew and so we had to move to risk management approaches. And they would, and we had defense in depth to, to and all the things we have about authentication, authorization, the start of identity management and so on. But then I remember the Jericho Forum in the two thousands ’cause the walls come tumbling down in the city of Jericho saying, that the boundary.

Jon Collins: Approach to security was broken and it was more about permeability, which is your point about Tom and Jerry. It’s there’s always new ways to get to the fridge. Then cloud came along which. It essentially gave the attackers scale. They could suddenly, cloud and distributed computing botnets and so on gave these opportunities to attack any which way.

Jon Collins:So they just ended up being. More and more Toms or more and more brutes, whichever way you wanna look at it. And or Jerry’s, hang on. No, it would be Jerry’s.

Agnidipta Sarkar: Jerry’s.

Jon Collins: So they, yeah. They just created a billion Jerry’s.

Agnidipta Sarkar: They created more Jerry’s and we created more Toms and they created

Jon Collins: more.

Jon Collins: Yes, exactly. Exactly. And I think with the AI wave what’s, so I talked about complexity and change at speed, but the speed has accelerated. So now we’ve fed the Jerry Crypto tonight. So the ability to the number of new holes that’s appearing I’m very close to switching analogies and using the Swiss cheese problem of risk.

Jon Collins: So I’m not gonna do that, but it’s worth looking at. If your cheese is a Swiss cheese you’re stuck. But, I think we absolutely need to look for alternate approaches to how we’re trying to deal with the problem. Because whilst we might have moved from risk avoidance to risk management to an extent, we’re still using decades-old thinking.

Jon Collins:There’s still a defense in depth. Oh, we’ll be okay ’cause we’ve got walls, et cetera, feeling about the thing. And there isn’t time to, ti time is no longer on our side because of ai. New opportunities to break into systems. It’s, you can create a thousand new social attacks in a minute and try all of them.

Jon Collins: You can AB test all of them, get all the results in, and they can then use AI inside the company. So you can get some, you could get me, ’cause we’re all susceptible to type a prompt. That then access is a system I didn’t even know I had access to. And leave the results accessible for someone on the outside because all they’re looking for is to get in so that then they can expand or and ultimately it’s about the cheat, it’s about the data.

Jon Collins:We need alternate approaches. So what you are describing, there you go. That was the long preamble. What you are describing is how abouts. We make everything, we put an invisibility cloak over the whole thing. If I can switch Harry Tom and Jerry to Harry Potter?

Agnidipta Sarkar: Yes.

AI is changing our how we look at cyberattacks and breaches.

Jon Collins: From a risk management perspective, ultimately, risk is probability times impact.

Jon Collins: So how much is my question? Does that reduce the probability of an attack? Or how much does that reduce the probability of which types of attack? And in terms of. Certainly if you wanted my advice as a consultant switching hats, and if I was speaking to an end user organization, the most obvious paths to your data from the outside can’t afford to be left visible.

Jon Collins: So if there are alternative approaches to that, and I wouldn’t, I’m not here to back your horse, but if you propose one alternate approach to that, then it’s certainly worth a look.

Agnidipta Sarkar: Yes, and I’m not saying that because of of having one approach or the other. In fact I think we are living in times where there is no single solution that can solve the problem because every problem is context specific.

Agnidipta Sarkar: Every organization, if there are two organizations who are in the same industry and the same kind of business. Even their AI approaches are different. Their approach to risk management is different. Their approach to doing business is different, so they’re not the same when it comes to, Harry Potter’s invisibility cloak.

Agnidipta Sarkar: You need to figure out how really you want to get it done. It has to be context specific, but then you raised two points that are now, while you were talking, you’re making the long preamble. Number one was creating walls. Ever since the attacks, what I saw in 2025 is that attacks have moved on to edge devices.

Agnidipta Sarkar: Attackers are trying to use the edge devices themselves to walk in. So be it any kind of an edge device for, Fortinet was the most attacked, if I’m not wrong. When it comes to, and they had the most vulnerabilities as well. And then all those things that happened in between with Cisco’s and everybody else.

Agnidipta Sarkar: I’m not saying that they are insecure, but I’m saying that’s opened up one more hole in the wall. And the second thing that I saw in 2025 is that attackers are realizing that. Any organization that’s in the middle of a supply chain is the organization to attack. So earlier you would think that people would attack a NatWest bank.

Agnidipta Sarkar: Nowadays they figured out that’s a bad idea. I looked at the SitusAMC a MC breach that happened a few days ago, 15, 20 days ago. SitusAMC a MC was was a diligence provider to multiple financial institutions, 600, if I’m not wrong. They attack this company and because everyone from SitusAMC was a trusted partner for the banks and the financial institutes, they found a way in.

Agnidipta Sarkar: So they attacked SitusAMC first. Unfortunately for them SitusAMC was somehow got wind off what was happening. What we still don’t know yet, I know all the financial institutes shut out SitusAMC from their networks immediately, but what’s still not known is whether or not these guys managed to get into those financial institutes.

Agnidipta Sarkar: Okay. That’s a story for later time, but what I was trying to get at is. These two developments have suddenly made it clear that the attack surface as we know it, is not going to be the same forever. You talked about permeability. I think over time as technologies evolve with AI coming in, you talked about speed, scale of ai.

Agnidipta Sarkar: I think AI will also be able to. Exploit and use permeability from different points of view from different approaches because they’re not limited. Until a few days, few years ago, nobody would’ve thought that exploitation of a help desk would shut down a car retailer for such a long time.

Jon Collins: Exactly. But it did, and I think. So all that I was saying is what it boils down to is that I believe, and I think you might agree with that point of view. I think we need to shift the focus. I’m talking about end user organizations only, and again as an evangelist, I think we need to shift the focus of investing in newer, fancier security tools to consolidating what we have and focusing on how can we build foundational capabilities that have.

Agnidipta Sarkar: The ability to customize that can be customized to that specific context and focus on these possibilities of denying anybody, I, you said hiding the fridge, right? Of hiding the fridges and stuff like that. Can it be done foundationally? Can it be done? Can it be, by design, can it be resilience by design?

The question today is whether you can WITHSTAND an AI-powered attack

Agnidipta Sarkar: Because I know as you talked a lot about risk management. But I think one of the essential elements of risk management today is how resilient are you? Can you really withstand an attack? I know many people don’t talk about withstanding. I thought that was a great word.

Jon Collins: There’s there’s a lot to unpack there.

Jon Collins: Any the first thing, and the last thing I want to talk about is responsibility in the context of architecture. And I think. If there’s one piece of advice I’d like to leave people on, I know we’re not finished, but it’s about taking responsibility for your entire architecture. Of both infrastructure and security tools.

Jon Collins: And seeing them at the level above just tools or just services or whatever. And that’s leaving gaping holes in the attack surface that we are thinking too low level and what the we’ve talked about this before. An issue we have in the security industry is the way that. Products are marketed.

Jon Collins: So if you are a startup in the security space, you are thinking, how can I create a differentiated solution? How can I create new category for that differentiated solution? And you rush into the market with an entirely new way of solving a bunch of security problems that overlaps heavily with others.

Jon Collins: But the problem with doing that is you’re then. Creating more complexity in your own space? Yes, and I think that the se the way that we deploy security to the way we procure, secure, and deploy security tools today is actually adding to the attack surface. Ops tools, as you say, help desk tools and so on.

Jon Collins: We’re creating process level vulnerabilities. We’re create, we’re slowing down our ability to react. We’re giving ourselves events information in more than one source. We are making it. Hard to integrate, get an integrated view of identity. And we do the cautionary moment is Palo Alto, for example.

Jon Collins: When it said no we’re pulling everything into the same platform and for, this was last year and for a while it’s share price plummeted. Because the their inve, Palo Alto’s investors didn’t like that they had less products to sell, but actually they did absolutely the right thing to, to reduce the complexity of their own solution set.

Jon Collins: So that’s the dilemma that’s happening on the vendor side, and therefore, it’s even more important for end user organizations to recognize that if you’ve got 50 plus tools, that’s actually part of your problem from a security perspective.

Agnidipta Sarkar: Yeah, and I think what you just talked about is a dilemma. Do we create new areas or do we think about cognitive bias where, the whole world is going in one direction.

Agnidipta Sarkar: As you said, Palo Alto was a big example of that because the world was, everyone had a cognitive bias that, they’re doing wrong, so they’re share price plummeted. True, but then I think you are right. I don’t know how we are doing on time, but I think we spoke a lot. And if you’re okay with it, we can, I can ask you one more question and we can end it there.

Being breach-ready means planning to keep critical businesses “unaffected” during cyberattacks

Agnidipta Sarkar: Oh, sure. And that question was more to do with breach readiness versus the preventive model as the earlier world was. How effective do you think, how important do you think it is important? It is to be, to think about what part of your business can remain unaffected by a breach versus thinking of business continuity.

Agnidipta Sarkar: ’cause I think those are two different words. Unaffected means the attack. It’s not going to reach there, even if it manages to breach a few. But business continuity is about the part that’s got affected. So what are your views about that? How do you feel that to be important?

Jon Collins: Fair to say, my views are pretty strong on this that it’s a human trait to start to.

Jon Collins: Feel that one’s area of the business is the most important. So if you’re in marketing, you think about marketing a lot. If you’re in sales, you think about sales a lot. If you’re in security, you think about security a lot, and that’s great, but it, if you are doing that to the detriment of thinking about the organization that you’re serving then you’ve got a problem.

Jon Collins: There’s two things, and I’m thinking of a, one of the recent major breaches in the uk. Was exacerbated by a lack of ability to recover. Because the documentation wasn’t there because the tooling had been deployed by new people and the people that had deployed the original stuff weren’t around to ask.

Jon Collins: That, that recoverability became a from the attack, became a huge aspect of what was going on. So it’s inexcusable to me to. For security as a whole, not to understand the higher priorities of the business. How does the business actually make money, and how does the business actually manage its reputation?

Being breach-ready is also about reducing the chance of the next attack

Jon Collins: Those sorts of questions. And then map that onto the systems that are being supported. And then secondly how to actually minimize the time between a breach occurring. Because breaches will occur. We, we can reduce the chances of that, but we can’t reduce it to zero. So how do we go for this is, to me, breach readiness is actually at the moment of a breach to know what to focus on, to know what steps to apply to bring the bus, the core parts of the business.

Jon Collins: Back into position as fast as possible. And as you say, that’s, it’s good old business continuity planning applied to No, I’m applied to, I was talking

Agnidipta Sarkar: about, sorry I interrupted you. What I was saying is the proposition that I’m making is slightly different. I’m saying that business continuity is for the business that got disrupted, but.

Agnidipta Sarkar: What if we design enterprises in a way thoughtfully through design? By consulting, making it context specific.

Jon Collins: Yep.

Agnidipta Sarkar: So that businesses get, should there be cyber attack? That attack remains where that attack originated. Which means the other parts of the business remain unaffected. And I’m stressing on the word unaffected because that’s contrarian to the business continuity view, which is.

Agnidipta Sarkar: To continue after disruption. I’m saying that if we are able to design enterprises in such a way that when the attack happens, large parts of the organization remain unaffected, which in turn means you are now thinking of business during cyber attacks to be 80% of the total versus business during cyber attacks, to be 15 to 20% of the total by invoking a business continuity plan.

Agnidipta Sarkar: That’s where I’m headed. That’s what I am thinking about. Yeah. Yeah. That, and that’s fair. What you’re essentially saying is don’t design a business like the Titanic. Exactly. So when you get a gas along the side, all parts of the yeah. It wasn’t possible for it not to sink.

Reducing the blast radius of every digital asset is a proactive approach to deny AI attacks

Agnidipta Sarkar: Exactly. And so to be able to manage the blast radius of an attack is. An absolute, it, it should be a fundamental part of the strategy. At, but the strategy, so where we agree I think is that at the moment, organizations and I think back to the IBM AI model, but I use this in every way.

Jon Collins: So moving from reactive to active to proactive, and the AI model adds predictive, which is. Lovely. But if you’re in reactive, you can’t get straight to the highest level of maturity without going through an active stage. So the first stage to me is to identify yes. The critical parts of the business.

Agnidipta Sarkar: Exactly.

Jon Collins: Then it’s to build the risk-based protections around those. And to your point, a very good risk-based protection is to minimize if one of those gets taken out, the other ones don’t.

Agnidipta Sarkar: In, then

Jon Collins: that, that’s perfectly valid pattern.

Agnidipta Sarkar: Oh, thank you. You agree with me? Finally, I’m I was talking to another person and he said and this is practically what he told me.

Agnidipta Sarkar: The press notice that goes out today is we had an unprecedented cyber attack. In order to protect the interests of our stakeholders, we are gonna shut down. From here if we, if that note, press note, moves to, we had an unprecedented cyber attack and in despite that, we continue to serve our customers and our stakeholders.

Agnidipta Sarkar: We have hired security specialists to look at the nature of the attack, but we are working for you. That changes the whole dimension.

Jon Collins: Yeah, if it was a, a retailer, for example, you could say we’ve had this unprecedented cyber attack and we’re unable to give you credit right now, but you can still buy things.

Digital and AI businesses must consider service based architectures

Jon Collins: And it’s it’s just literally limited, limiting, i’m a huge advocate of service-based architectures, whether you from any form. So if one part of the service goes away then you should have loosely coupled services rather than tightly coupled services so that the other coup, the other services don’t get dragged down by the loss of one.

Jon Collins: It should. I’m, so luckily what I said in the middle of this was it’s about responsibility for your architecture. It’s about making the right architectural choices and actually building in a resilient architectural design, not at the not at the business level, but at an application and service level to serve those bits of the business.

Jon Collins: I think we thoroughly agree on, on, on your notion there.

Agnidipta Sarkar: Thank you so much for finally agreeing with me and I think I enjoyed talking to you. I hope you did too. And there are a lot of nuggets that you’ve given, which I will, which I’m going to take over to my next breach early dialogue that I’m going to have with anyone else.

Agnidipta Sarkar: And until now, I have had industry experts, I’ve had researchers. You are the latest to join the Breach Ready Dialogues. So thank you so much, Jon. It was lovely to chat with you.

Jon Collins: No problem.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.