FINAL WORD
environment. A strong cybersecurity
posture is not just a matter of choice or due
diligence, but a critical business requirement
that needs to constantly evolve and mature
by constantly assessing the threats and
deploying controls to thwart such attacks
to discourage the actors behind them.
Otherwise, erosion of credibility and loss of
revenue will be swift.
In today’s hyper-competitive environment,
no manufacturer can afford a disruption.
The biggest change the pandemic has
influenced is the extension of the perimeter.
Today a company’s assets extend beyond
its networks and physical security. The only
security option that exists today is for each
asset to present a perimeter to protect
itself because the assumption to be made
is that these assets exist in an insecure
environment such as insecure home
networks, public Wi-Fi, etc and thus these
assets could become conduits of entry into
the company’s secure network.
What steps can CIOs and CISOs
within this sector take to improve
their security posture?
To secure assets, data and systems connected
with manufacturing, a multi-pronged strategy
must be adopted that includes:
• Building an enterprise risk model:
look at security from an inside-outside
perspective starting with visibility of all
the assets deployed, assets that could be
targeted and associated vulnerabilities,
employees who could be targeted and
then link it with strategic decisions
about infrastructure, technology, process
modifications and operations required to
mitigate it
• Evaluate supply chains linking with key
processes and equipment to avoid supply
chain poisoning
• Fortify your threat posture: regularly
conduct on-going rain checks on key
measurement criteria and targets.
Align them with the prevailing threat
landscape and threat actor and
malware behavior
• Have regular conversations with all
stakeholders and encourage employees and
others to identify areas for improvement
from a cybersecurity perspective
• Understand that the perimeter cannot
be the only defensive strategy, deploy
“
OUR RESEARCH
HAS SHOWN
THAT AS MUCH
AS 14% OF ALL
STOLEN DATA ON
THE DARK WEB
IS CONNECTED
TO THE
MANUFACTURING
SECTOR.
solutions that bring extreme visibility
concerning network use by monitoring all
traffic for anomalous behavior
• Segregate the network to protect
your crown jewels, this is very basic but
we have seen that this is being rarely
implemented especially with OT, IoT and
IT convergence
What best practice advice would
you offer CISOs within this sector
looking to create a robust long-term
security strategy?
Cybersecurity should be viewed as an
investment in improving value. Employees
and all stakeholders need to work together
to secure businesses from within and
outside. Periodic audits conducted with the
Vinod Kumar,
CEO, Subex
same level of diligence as financial audits
need to be conducted while best practices
are adopted at a regular frequency. A siloed
approach to cybersecurity defeats the core
purpose of securing an enterprise so all
stakeholders need to come together to fight
the forces of disruption while adopting a
zero-trust stand.
Can a good cybersecurity posture
also provide business benefits?
Yes, it helps build credibility, reduces the
risks of revenue attrition due to cyberattacks
and ransom payments. Beyond all
this, cybersecurity instils discipline and
improves situational awareness among
all stakeholders. Typically, according to
our calculations, RoI from improving
cybersecurity can be gained within the
first year itself, if not earlier. Considering
the average cost of a breach, it could even
happen earlier.
Can you tell us about the work Subex
is doing to protect businesses?
We are providing critical infrastructure
grade cybersecurity to businesses around
the world. This includes telcos, oil and gas
entities, Smart Cities, manufacturing plants
and new-age manufacturers. We run the
world’s largest threat intelligence gathering
facility that supports our cybersecurity
solution and the services we offer. We can
provide asset visibility, identify, mitigate and
analyze the unique threats that emerge as
also conventional threats and those that
emerge from converged environments. •
84 INTELLIGENTCIO www.intelligentcio.com