Stephen Gorham, COO, OPSWAT, explores key strategies for CIOs to navigate the threat landscape and bolster an organisation’s cybersecurity preparedness
How can CIOs stay ahead of the evolving threat landscape and play a role in ensuring that an organisation can respond effectively to cyber-attacks?
To stay ahead of the evolving threat landscape and ensure effective responses to cyberattacks, CIOs should start by comprehensively assessing their organisation’s risk profile. They need to identify vulnerabilities and understand the organisation’s risk appetite. Once these aspects are understood, it becomes vital to identify critical business functions that require protection and develop a comprehensive plan to safeguard them. This process is an interconnected journey that moves from a business impact analysis to risk assessment, then on to cybersecurity planning, and culminates in the creation of an incident response plan. These elements are all intertwined to ensure that, in the event of a breach, the organisation can respond promptly and effectively while minimising potential risks.
How should security leaders prioritise initiatives and investments within their organisations?
Given budget constraints, it’s essential for security leaders to prioritise cybersecurity initiatives. This prioritisation should revolve around identifying critical business functions and understanding the potential impact of their loss on the organisation. By focusing funding and planning on safeguarding these critical functions, organisations can better manage and mitigate risks during cyber incidents.
What advice would you give to CIOs and IT leaders looking to improve their organisation’s cybersecurity posture?
You can’t protect what you don’t know, you have to understand your assets. The key is to first understand and manage assets. To address this, it’s crucial to foster an environment of understanding and collaboration with other business units, particularly in recognising their critical functions. Embracing a collaborative approach to security is pivotal.
Additionally, end-user training is paramount. Security is a shared responsibility, and this includes end users as much as anyone else. Creating a culture of vigilance and promoting security awareness training significantly bolsters your organisation’s protection.
The awareness training should be designed to keep users engaged, informed, and aware of the evolving threat landscape. In addition to training, understanding your risk posture and conducting thorough risk assessments are essential steps in bolstering cybersecurity.
What strategies are you implementing to ensure operational efficiency and agility within OPSWAT? How does the new Dubai office play a role in that?
The Dubai office serves as a vital addition to the organisation’s efforts in enhancing operational efficiency and agility within OPSWAT. It provides an on-the-ground presence and contributes to the mission of safeguarding critical infrastructure in the region. Our Dubai office is more than just a physical space; it’s a testament to our dedication to critical infrastructure protection. The office also houses a critical infrastructure protection lab, where customers can gain hands-on experience with the systems and witness how they can protect their infrastructure effectively.
When it comes to our lab, it’s not just about showcasing products; it’s about demonstrating the capabilities of the OPSWAT platform. We cover everything from IT environment protection to cross-domain and OT environment security across the entire platform. We can walk through how a file progresses from an email, how it undergoes sanitisation, and how it moves from email to a USB drive. We show the process of scanning the USB drive via a kiosk, and then the secure movement of files via a data diode into the OT environment. It all culminates in securing the file in an OT environment, ready for updates. Our lab not only displays our products but showcases our technology and how we protect data and critical infrastructure. It’s a practical, hands-on experience.
What are some technology or digital transformation initiatives that you’ve spearheaded to enhance operational efficiency within OPSWAT?
OPSWAT’s technology and digital transformation initiatives aim at consolidation, business enablement, and automation. The focus is on streamlining technology stacks, providing global service desk support, optimising business applications, and automating manual processes.
Any process that can be automated should be automated. The key message here is “Automate or die.” This highlights the importance of automating processes for us in order to ensure efficiency and effectiveness in operations. The goal is to eliminate duplication, improve efficiency, and free up human resources for more important tasks, not reducing headcount.
