Intelligent CIO APAC Issue 01 | Page 84

FINAL WORD environment. A strong cybersecurity posture is not just a matter of choice or due diligence, but a critical business requirement that needs to constantly evolve and mature by constantly assessing the threats and deploying controls to thwart such attacks to discourage the actors behind them. Otherwise, erosion of credibility and loss of revenue will be swift. In today’s hyper-competitive environment, no manufacturer can afford a disruption. The biggest change the pandemic has influenced is the extension of the perimeter. Today a company’s assets extend beyond its networks and physical security. The only security option that exists today is for each asset to present a perimeter to protect itself because the assumption to be made is that these assets exist in an insecure environment such as insecure home networks, public Wi-Fi, etc and thus these assets could become conduits of entry into the company’s secure network. What steps can CIOs and CISOs within this sector take to improve their security posture? To secure assets, data and systems connected with manufacturing, a multi-pronged strategy must be adopted that includes: • Building an enterprise risk model: look at security from an inside-outside perspective starting with visibility of all the assets deployed, assets that could be targeted and associated vulnerabilities, employees who could be targeted and then link it with strategic decisions about infrastructure, technology, process modifications and operations required to mitigate it • Evaluate supply chains linking with key processes and equipment to avoid supply chain poisoning • Fortify your threat posture: regularly conduct on-going rain checks on key measurement criteria and targets. Align them with the prevailing threat landscape and threat actor and malware behavior • Have regular conversations with all stakeholders and encourage employees and others to identify areas for improvement from a cybersecurity perspective • Understand that the perimeter cannot be the only defensive strategy, deploy “ OUR RESEARCH HAS SHOWN THAT AS MUCH AS 14% OF ALL STOLEN DATA ON THE DARK WEB IS CONNECTED TO THE MANUFACTURING SECTOR. solutions that bring extreme visibility concerning network use by monitoring all traffic for anomalous behavior • Segregate the network to protect your crown jewels, this is very basic but we have seen that this is being rarely implemented especially with OT, IoT and IT convergence What best practice advice would you offer CISOs within this sector looking to create a robust long-term security strategy? Cybersecurity should be viewed as an investment in improving value. Employees and all stakeholders need to work together to secure businesses from within and outside. Periodic audits conducted with the Vinod Kumar, CEO, Subex same level of diligence as financial audits need to be conducted while best practices are adopted at a regular frequency. A siloed approach to cybersecurity defeats the core purpose of securing an enterprise so all stakeholders need to come together to fight the forces of disruption while adopting a zero-trust stand. Can a good cybersecurity posture also provide business benefits? Yes, it helps build credibility, reduces the risks of revenue attrition due to cyberattacks and ransom payments. Beyond all this, cybersecurity instils discipline and improves situational awareness among all stakeholders. Typically, according to our calculations, RoI from improving cybersecurity can be gained within the first year itself, if not earlier. Considering the average cost of a breach, it could even happen earlier. Can you tell us about the work Subex is doing to protect businesses? We are providing critical infrastructure grade cybersecurity to businesses around the world. This includes telcos, oil and gas entities, Smart Cities, manufacturing plants and new-age manufacturers. We run the world’s largest threat intelligence gathering facility that supports our cybersecurity solution and the services we offer. We can provide asset visibility, identify, mitigate and analyze the unique threats that emerge as also conventional threats and those that emerge from converged environments. • 84 INTELLIGENTCIO