The Nokia approach: why ‘security for design’ is a must

Cormac Whelan, CEO of Nokia UK & Ireland, says that putting security first is the future for all businesses, writes Pamela Whitby

The recent Facebook-Cambridge Analytica data scandal may have grabbed the headlines, but hidden away is the more immediate threat of unreported daily cyberattacks. Growing in speed, ferocity and sophistication, this poses a serious problem for both businesses and individuals.

Whether it’s a tech-savvy teenager hacking to cheat an online game, or a rogue state causing havoc to networks on a global scale, the challenge for security experts is escalating as technology advances and networks become faster and ever harder to police.

Cormac Whelan, CEO of Nokia UK & Ireland, advises that as a result of all this, the networks themselves need to be put under the spotlight and reappraised for their security.

Nokia, which merged with Alcatel-Lucent in 2016, is a major player in these networks in the UK, which transmit all of our digital information, from text messages to emergency services calls.

With customers that include BT, Virgin Media, Sky, Vodafone and Network Rail, Nokia is a provider to all critical communications networks in the UK and, according to Mr Whelan, the company is playing a vital role in keeping the UK and Ireland’s networks safe.

While its work in this area is primarily in fixed and mobile communications, Mr Whelan points out that Nokia is also being increasingly hands-on in adjacent markets such as rail, transport, healthcare and energy, where its scale and expertise can often prove a real asset for clients.

Locking Britain down

“Security is an incredibly important priority,” says Mr Whelan. “Not just in the technology we sell but in the design of our products – in everything we do,”. He stresses that Nokia places a real emphasis on security because the company plays such an integral part in the UK national infrastructure.

Like many technology companies, Nokia now takes a proactive “security by design” approach in its business. In contrast, policies such as the General Data Protection Regulation (GDPR), which comes into force on 25 May, tend to be reactive.

GDPR will require that all companies comply with customer data being used in a way that does not infringe an individual’s rights, as well as agreeing to maintain security of that data everywhere it is used. Firms that do not comply could face a maximum fine of up to £17 million or four per cent of global turnover.

There’s little doubt that GDPR will help to nudge businesses to fix data breaches faster. However, Mr Whelan believes that companies can – and should – be ahead of the game. “At Nokia we believe that we need to go further to prevent this happening in the first place,” says Mr Whelan.

Looking ahead

Understanding the distinction between reactive and proactive security is seen as being increasingly important as the world becomes more connected and data driven – especially as technologies such as the internet of things, machine learning, artificial intelligence (AI), blockchains and voice search become more mainstream.

This is why Nokia has put such an emphasis on exploring the implications of these technologies. Thanks to its acquisition of Alcatel-Lucent and the globally-acclaimed research and development experts Bell Labs, billions have been invested in R&D over the past decade.

The vital work being carried out at Nokia Bell Labs is wide ranging and extensive, from investigating and developing new products and technology to filing patents and exploring the immediate applicability of new and emergent technologies.

Mr Whelan cites AI and machine learning in particular as having massive potential in proactive cybersecurity. In the future, systems and networks will need to learn from each other and work in collaboration about what constitutes a cyberattack and to recognise changes in patterns or dips in performance before the threat has the opportunity to take hold.

Hence, as Mr Whelan points out, it makes absolute sense to ensure that safeguards are put in place now. “Ultimately,” he says, “machines can do that much faster than humans or standard software can, although I believe there will always be a role for humans in any final decision-making process.”

Managing data

Many businesses are now waking up to the fact that this intersection between human oversight and autonomous IT means that the systems they have in place currently are often less secure than they had initially thought.

Mr Whelan notes that “one of the great paradoxes of our time,” is that humans are quick to reject government plans for an ID card, but are willing to share preferences on an online shopping site, or download an app that requires acceptance of onerous terms and conditions that are likely to give third parties detailed access to their data.

This is an issue that’s been very much in the foreground, following the Facebook and Cambridge Analytica scandal and, more recently, the furore around automatic placement of adverts, whether it’s “fake” ones as highlighted by Martin Lewis, or ones being sited alongside inappropriate content.

These concerns, says Mr Whelan, need much greater attention, because while Mark Zuckerberg’s US Congressional appearance may have raised global awareness about how data is used, and can potentially be misused, “it is difficult for people to understand the scale of the challenge”.

He adds: “I’d like to see an awful lot more education at school about what actually happens with data, where it goes, how it is used and what systems learn from it.” For Mr Whelan, changing the way we think about cybersecurity today means making the world much more secure for future generations.