Cyber Magazine - September 2023

The current threat landscape

The need for IOT security

Generative AI fighting threats

The World’s Fastest Growing Sustainability & ESG Event

6 - 7 September 2023

Business Design Centre, London

SPONSORSHIPS GET YOUR PASS

The Digital Platform for Cyber Leaders

Ways to Work With us

Cyber Magazine is an established and trusted voice with an engaged and highly targeted audience of 45,000 global executives

Digital Magazine

Website Newsletters

Industry Data & Demand Generation

Webinars: Creation & Promotion

White Papers & Research Reports

Lists: Top 10s & Top 100s

Events: Virtual & In-Person

WORK WITH US

EDITOR-IN-CHIEF

MARCUS LAW

CHIEF CONTENT OFFICER

SCOTT BIRCH

HEAD OF MULTIMEDIA

NEIL PERRY

CHIEF DESIGN OFFICER

MATT JOHNSON

HEAD OF DESIGN ANDY WOOLLACOTT

LEAD DESIGNER

REBEKAH BIRLESON

FEATURE DESIGNERS

MIMI GUNN

SOPHIE-ANN PINNELL

HECTOR PENROSE

SAM HUBBARD

REBEKAH BIRLESON

JULIA WAINWRIGHT

ADVERT DESIGNERS

JORDAN WOOD

DANILO CARDOSO

CALLUM HOOD

VIDEO PRODUCTION MANAGER

KIERAN WAITE

SENIOR VIDEOGRAPHER

HUDSON MELDRUM

DIGITAL VIDEO PRODUCERS

ERNEST DE NEVE

THOMAS EASTERFORD

DREW HARDMAN

SALLY MOUSTAFA

PRODUCTION DIRECTORS

GEORGIA ALLEN

DANIELA KIANICKOVÁ

PRODUCTION MANAGERS

JANE ARNETA

MARIA GONZALEZ

YEVHENIIA SUBBOTINA

MARKETING MANAGER

DAISY SLATER

PROJECT DIRECTORS

TOM VENTURO

TOM LIVERMORE

MEDIA SALES DIRECTOR

JASON WESTGATE

MANAGING DIRECTOR

LEWIS VAUGHAN

PRESIDENT & CEO

GLEN WHITE

The need to build a skilled cyber workforce

With research suggesting staff deficits could be putting businesses at risk of cyberattacks, building a skilled and competent cyber workforce is essential

Last year, research suggested that the global cyber workforce today stands at 4.7 million. But while this number is the highest ever recorded by (ISC)², the cybersecurity workforce is still in urgent need of more professionals.

Despite adding 464,000 more cybersecurity professionals in the previous year, (ISC)²’s Cybersecurity Workforce Study for 2022 revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively.

As organisations face a shortage of cybersecurity workers, staff deficits could be putting businesses at a ‘moderate’ or ‘extreme’ risk of a cyberattack.

To combat this, building a skilled and competent cyber workforce is essential. On this subject, this month we spoke to Prof Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster university.

“Even now, it is hard to find cybersecurity staff with good experience in this area,” he told us. “As the technology evolves, new challenges will arise resulting in even more high paying specialist jobs in this area.”

marcus.law@bizclikmedia.com

“Staff deficits could be putting businesses at a ‘moderate’ or ‘extreme’ risk of a cyberattack”

CONTENTS

UP FRONT

12 BIG PICTURE

IBM Security report reveals huge business data breach costs

14 INTERVIEW WITH... Cory Cornell, Co-founder & CSO at Swimlane

20 LIFETIME OF ACHIEVEMENT

Stu Sjouwerman, Founder & CEO at KnowBe4

THE TOP 100 COMPANIES IN TECHNOLOGY READ NOW

BIG PICTURE

IBM Security report reveals huge business data breach costs

UK

IBM Security’s Cost of a Data Breach Report for 2023 confirms that the average cost of a data breach to UK organisations is £3.4m (US$5.1m).

AI and automation have the biggest impact on UK businesses’ speed of breach identification and containment, with organisations already deploying these tools paying an average of £1.6m (US$2m) less than those who did not leverage the technology.

The report suggests that using security

AI and automation brings the average time to identify a breach from 220 to 148 days.

Martin Borrett, Technical Director of IBM Security UK & Ireland, said: “Security

AI and automation may be the driving force needed to help defenders bridge the speed gap with attackers.”

CODY CORNELL CODY CORNELL

After beginning his career in the US Coast Guard, Cody Cornell spent 15 years in IT and security, including roles with the US Defense Information Systems Agency (DISA), Department of Homeland Security (DHS), American Express and IBM Global Business Services.

In 2011, he co-founded Phoenix Cyber, a cybersecurity professional services organisation known for its ability to blend strategy and engineering with cutting-edge security technology. Today, as Swimlane’s Co-Founder and Chief Security Officer, he is responsible for the strategic direction of Swimlane and the development of its security automation and orchestration solution.

Q. HOW IS THE ONGOING CYBERSECURITY SKILLS GAP AFFECTING BUSINESSES?

» “In the race towards the Fourth Industrial Revolution, organisations are embracing technologies that enhance connectivity and streamline processes,” Cornell comments. “While rapid digitalisation has helped

businesses stay afloat during a turbulent last few years, it has also exposed them to increased vulnerabilities that malicious actors can exploit.

“As cybersecurity threats across the globe continue to grow at an alarming rate, it’s clear that cybersecurity must be a significant priority for every business. However, a more significant roadblock stands in the way of an organisation’s ability to secure their business – the substantial shortage of cybersecurity skills and talent.

“Cybercrime is expected to cost the world US$10.5tn annually by 2025, and yet for years organisations have struggled to build the specialised skills to manage these growing threats.”

Q. HOW CAN AUTOMATION HELP BUSINESSES ADDRESS CYBERSECURITY CHALLENGES ASSOCIATED WITH THE ONGOING SKILLS GAP?

» “As organisations create new and innovative ways of protecting their businesses, cyber criminals are working

to combat every new defence,” says Cornell. “As such, many organisations find it difficult to meet the constantly shifting security demands of a digitalised world. But, there’s a simple solution that organisations can take advantage of to ensure robust security of their systems and processes despite the lack of access to cybersecurity talent: automation.

“There is still unease surrounding automation from those who believe implementing it will either create more work or remove people from

the equation entirely. But, the reality is that low-code security automation can strategically up-level the existing security team by removing the mundane and repetitive tasks taking up the bulk of their time. By embracing this technology as a tool to support the security operations centre (SOC) instead of replacing it, organisations can detect, identify and respond to threats faster while reducing human error and costs.”

With this in mind, Cornell outlines three ways in which automation can help businesses address some of the key cybersecurity challenges they face as a result of the security talent shortage.

1. Mitigating alert fatigue

“With a limited number of staff responsible for monitoring upwards of 10,000 alerts a day with zero room for error, the potential for breach is high,” describes Cornell. “That’s why one of the biggest problems facing security and IT teams is alert fatigue; a phenomenon that occurs when cybersecurity professionals are inundated with such a high volume of security alerts that it leads to a diminished ability to react effectively to and investigate real threats.

“With 2.7 million unfilled cyber jobs globally, and one third of organisations surveyed by Swimlane believing they will never have a fully-staffed security team, it’s clear that this issue can never be solved by hiring. This has led to burnout among security analysts all while cyber attacks continue to increase in frequency and sophistication.

“Automating the processes monitoring security alerts by creating and deploying pre-programmed responses to specific incidents helps organisations reduce the pressure on their cybersecurity teams.

This enables security teams to become more proactive and strategic in their approach to threats, ensuring the organisation can address every alert and ultimately reducing the risk exposure.”

2. Simplifying threat management strategies

“Security teams are required to protect complex business environments across multiple departments,” Cornell adds.

“Each department within an organisation requires its own software, tools and secure credentials to conduct business, opening up each group to exploitation for access to the entire network. Staff and skill shortages can

make it exceptionally difficult to navigate these increasingly complex environments.

“Through the automation of threat management processes and systems, organisations can connect and integrate what was once a list of disjointed tools, enabling IT teams to reduce the complexity of security environments and defend the entire enterprise without sacrificing sophistication. This allows for less time to filter, sort and visualise data across security tools while creating a centralised system of record for all security operations with a more holistic view across distributed, complex environments.”

“Many organisations find it difficult to meet the constantly shifting security demands of a digitalised world”

3. Managing SecOps efficacy

“The global average cost of a data breach is now the highest it’s ever been at US$4.35 million, according to IBM’s 2023 Cost of a Data Breach report. Additionally, the UK government found that the most disruptive breach or attack from the last 12 months cost each business, no matter the size, approximately £1,100 (US$1,400),” Cornell says. “For medium to large businesses, this was around £4,960 (US$6,300).

“Despite this, security leaders often struggle to relay the value of their security operations centres to non-security leaders in the business. This results in reduced investment into cybersecurity, poor collaboration and eroding support that negatively impacts the business’ security posture.

“By automating security operations (SecOps) workflows, security leaders can quickly identify and assess relevant metrics and trends, enabling them to better quantify and communicate the business value of security to management, the board of directors and the rest of the organisation.”

Q. HOW CAN AUTOMATION CONTRIBUTE TO THE FUTURE OF CYBERSECURITY OPERATIONS?

» “As enterprises increasingly seek to enhance the maturity of their security operations, the need to address the cybersecurity skills gap has become imperative,” concludes Cornell. “Through the automation of routine activities and the implementation of streamlined workflows, organisations can empower their security teams to assume more strategic roles. In doing so, they fortify their ability to safeguard their most critical assets from all external threats.”

STU SJ U W

FOUNDER & CEO, KNOWBE4

Founder and CEO of KnowBe4, Stu Sjouwerman is a serial entrepreneur and data security expert with more than 30 years of industry experience

EXECUTIVE BIO

STU SJOUWERMAN

TITLE: FOUNDER & CEO COMPANY: KNOWBE4

A serial entrepreneur and data security expert with more than 30 years in the IT industry, Stu Sjouwerman is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Under his leadership, KnowBe4 has emerged as the world’s largest security awareness training and simulated phishing platform. The company’s unique approach in managing the problem of social engineering has been wellreceived, securing KnowBe4’s place as a leader in its industry.

Stu Sjouwerman is the founder and CEO of KnowBe4, Inc, which hosts the world’s most popular integrated Security Awareness Training and Simulated Phishing platform.

A serial entrepreneur and data security expert with more than 30 years in the IT industry, in 1979 Sjouwerman moved from his native The Netherlands to the United States to further his education and explore opportunities in the tech industry.

He was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010 by GFI Software.

W ERMAN,

Sjouwerman’s journey as the CEO of KnowBe4 began in 2010. The inspiration behind founding KnowBe4 stemmed from the understanding that technology alone was not sufficient to prevent cyber threats. He realised the human element was often the weakest link in the security chain. With a mission to empower individuals with knowledge and awareness, he started KnowBe4, which focused on human error prevention through Security Awareness Training.

Under his leadership, KnowBe4 has emerged as the world’s largest security awareness training and simulated phishing platform. The company’s unique approach in managing the problem of social engineering

has been well-received, securing KnowBe4’s place as a leader in its industry.

Today, more than 23,000 organisations in a variety of industries, including highlyregulated fields such as healthcare, finance, energy, government and insurance have mobilised their end users as a first line of defense using KnowBe4.

KnowBe4 has received numerous accolades and recognition. In 2019, it was named a leader in The Forrester WaveTM: Security Awareness and Training Solutions. It has also been consistently ranked in the top tier of the Deloitte Technology Fast 500, a ranking of the fastest-growing technology companies in North America.

LIFETIME OF ACHIEVEMENT

In June, its PhishER product and its Kevin Mitnick Security Awareness Training (KMSAT) platform were named the number one leader in the G2 Grid Summer 2023 Report for the ninth consecutive quarter.

“At KnowBe4, we are committed to helping our customers defend themselves against the various forms of social engineering threats on the market today,” says Sjouwerman. “Our security awareness training platform and PhishER are just two examples of the worldclass products we provide to our customers that contribute to strengthening security culture and making smarter security decisions.”

Beyond his achievements as an entrepreneur, Sjouwerman is also a wellrespected author and speaker. He has authored several books on IT and cybersecurity, including Cyberheist: The Biggest Financial Threat Facing American Businesses. He is a sought-after speaker at industry conferences and is often quoted in the media for his expertise on cybersecurity issues.

Sjouwerman’s commitment to security awareness and his innovative approach to tackling cyber threats have left an indelible impact on the industry. His ability to foresee trends and adapt swiftly has been instrumental in KnowBe4’s growth and its position as a global leader in security awareness training.

From 1996 through 2011, Sjouwerman was the Editor-In-Chief of WServer News, an email newsletter to 100,000+ IT system administrators helping them to keep their systems secure. Along with his CEO duties, he is currently Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates and social engineering alerts to IT professionals.

This year he was also named the winner of the 2023 Excellence in Customer Service Award, recognising him as Executive of the Year.

“At KnowBe4, we prioritise providing world-class customer service to each and every one of our customers. In fact, everyday I personally reach out to new customers to welcome them to KnowBe4 and ask for feedback. Customer service is a pillar of our organisation and is essential to our success.

“We are grateful to have received numerous accolades over the years as a direct result of customer satisfaction and feedback,” Sjouwerman comments. “I believe that without excellent customer service, KnowBe4 does not exist. Our commitment to serving our customers has always been and will continue to be a top priority and I am thankful to be recognised for this award.”

“

Customer service is a pillar of our organisation and is essential to our success”

The World’s Fastest Growing Fintech & Crypto Event

8 - 9 November 2023

QEII Centre, London

SPONSORSHIPS GET YOUR PASS

The Portfolio

TY THREATS TY THREATS

ith cyber attacks continuing to rise, understanding the threat landscape has never been more important. From sophisticated

ffCorest omnimil lectoriae dempore rferum fuga. Ut eicae

10

10

Name Surname

This is the job title

Company name

State-sponsored actors pose a serious threat to businesses that operate in a range of critical sectors, from energy and healthcare to finance or defence. These actors have advanced capabilities and resources to launch sophisticated cyber espionage campaigns that aim to steal intellectual property, disrupt infrastructure, or influence political outcomes.

Increasingly common in recent years, particularly in the case of larger organisations, state-sponsored hackers often rely on targeted ransomware and spear phishing attacks

Ratquunt, simus, qui blant.

Company name and data. However, this also creates potential entry points for bad actors who can exploit third parties’ weak security controls.

quo blaut ipsam vendel eiumendi id mo eos vendit optatur mil mil illupta tiorent plit fugitem porrores explatur? Exces audae desti omnis

care habits, because everyone deserves a healthy smile,” said

Name Surname

This is the job title

Company name

as avoiding unprotected WiFi networks and implementing safeguards like a VPN or multifactor authentication, all with the end goal of enabling businesses to safeguard their data and assets.

Practising good cyber hygiene helps organisations reduce vulnerabilities by identifying risks and deploying mechanisms and strategies to reduce or resolve them. By practising cyber hygiene, organisations strengthen their security posture and can more effectively defend themselves against breaches.

Security Operations Center as-a-service (SOCaaS) provider

Quzara Cybertorch ™ enables robust Cyber Threat Management

Quzara Cybertorch™, the first FedRAMP HIGH Ready SOC-as-a-Service, provides the following security capabilities to Materion’s ecosystem:

• 24/7/365 Security Monitoring

• Managed Extended Detection and Response (MXDR) to cyber threats

• Adhere to multiple security compliance frameworks

• Detecting, preventing, and investigating suspicious activities

• Vulnerability management and Threat Remediation

regulations and fines, lacking data security is putting the data of

and incurring legal liabilities. Ransomware has only become

I S YOUR DIGI TAL TRANSFORMAT I ON SACR IF IC ING COMPANY SECUR

Cyber and cloud security should be the biggest concern for CEOs driving digital transformation, according to a research report conducted by Cyber Magazine

If 2022 was the year of risk and resilience, then many observers feel 2023 is the year of sustainability and security.

As the corporate world embraces digital transformation in the face of an economic downturn, the emphasis for all organisations is to survive and thrive – and that can only be achieved with greater cloud adoption and enhanced security.

These sentiments are highlighted in The Future of Cloud Security in the Middle East – a research report produced by Cyber Magazine in conjunction with sister publication Business Chief.

We surveyed cloud professionals and IT decision-makers across the region in an extensive survey, and discussed those findings in two roundtable events held in Dubai and Abu Dhabi, sponsored by Huawei.

Cloud security – the current threat landscape

Cloud adoption in Middle Eastern countries has been growing rapidly in recent years, driven by increasing digitalisation, the need for improved IT infrastructure, and the desire to reduce costs and improve efficiency.

According to Blueweave Consulting,

ON SECURI TY?

the regional cloud market is growing at a CAGR of 21%, and will reach US$9.8 billion by 2027, up from US$2.7bn in 2020.

The COVID-19 pandemic of 2020 accelerated digital transformation as entire nations were forced to adapt to a new way of working and way of life. However, this rapid acceleration brought with it greater risk – due to the sheer scale and rate of transformation – which sometimes saw security lag behind. That was painfully clear around the globe, not just in the Middle East. According to a report by cybersecurity firm Kaspersky, the number of ransomware attacks in the Middle

East increased by 57% in the first quarter of 2021 compared to the same period in 2020. Another survey by Cybereason said cyberattacks rose 71% in the UAE in 2021, with 84% of UAE companies paying a ransom – a figure that is 20% higher than the global average.

It is not just the number of cyber attacks that is the problem, rather the sensitive data and critical infrastructure that is now hosted in the cloud – making it a potential target for cyber criminals. Finance and healthcare, for example, have been hit particularly hard in the region.

Enabling

educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience.

professionals’ insights, gauges their opinions on the state of their own organisations, and their future intentions when it comes to making their business more sustainable and secure.

in the boardroom, almost three quarters say cloud security is taken seriously enough, and a similar number say they are included in strategic decision making at their organisation.

“With the movement towards AI, security is going to be one step behind technology”

SHIVANI JARIWALA CLOUD SECURITY SERVICES HEAD, CPX

MEET THE PANEL

SULTAN AL- OWAIS

DIGITAL LEAD, PRIME MINISTER’S OFFICE, UAE

DR ALOYSIUS CHEANG

CSO MIDDLE EAST AND CENTRAL ASIA, HUAWEI

SHIVANI JARIWALA CLOUD SECURITY SERVICES HEAD, CPX

DRAGAN PENDIĆ

DIRECTOR - CLOUD SECURITY, G42

Pendić has more than 28 years of experience in digital security, consulting and business enablement through technology innovation. He joined G42 in 2020 and prior to that led security for Accenture’s Technology arm for UK & Ireland, and held senior leadership roles at Diageo, Verizon, KPMG and Capgemini.

RAJESH YADLA

DIRECTOR HEAD OF INFO SECURITY, AL HILAL BANK

Yadla has 15 years of experience in information security and technology risk management, 10 of those in the UAE. Currently working as Head of InfoSec in Al Hilal, he worked in Group42, FAB, and Etisalat in information security-related roles.

This is welcome news for security professionals and suggests a change in perception for a role that was seen as functional rather than strategic – and integral to the sustainability and success of the organisation.

“We need to usher in the new Golden Age of the CISO,” says Dr Aloysius Cheang, Chief Security Officer of Huawei Middle East and Central Asia.

“In order that we appear among the other members of the board, you really have to talk business, and security as a business enabler. The only way out of troubled waters is with the CISO as the captain of the ship.”

Sovereign cloud on the rise as more critical data held in the cloud

One of the key discussion points from the roundtable events was sovereign cloud – due in no small part to rapid deglobalisation and new barriers of entry as a result of geopolitical tensions. These have motivated the need for nations to be self-sufficient and for data to be kept within geographical boundaries.

The survey also found that more than two thirds of cloud professionals in the region believe that government regulation has improved the quality of cloud provision – but the fact that a third say it has not means there is clearly more work to be done as the challenges increase.

Governments – especially in the UAE and Saudi Arabia – have enforced regulation on cloud and continue to add layers of protection for their citizens and their sovereign data.

“The cloud was invented for a global world but I’m thinking that’s not going to happen,” says Rajesh Yadla, Director Head of Information Security, Al Hilal Bank.

“You will have your own cloud service provider within each country and already countries are adopting that culture – be it in the UAE or Saudi Arabia or any other country in the region. The reason is to make sure that the cloud service providers are compliant with all these regulations.”

It was reassuring from the survey to see that when it comes to choosing a cloud provider, security (43%) was the most

important factor, far ahead of cost (19%) in second place, and reliability (12%) in third spot.

“This leads me to believe that this region is very security focused,” says Shivani Jariwala, Director – Cloud Services, CPX and President Cloud Security Alliance UAE Chapter.

“They have a maturity and acceptance towards security. When it comes to security versus cost – in this region – security comes first.”

Blockchain ‘not a silver bullet’ Survey respondents were asked what technologies they had already implemented at their own organisations, and what they planned to implement more.

The results here were interesting – blockchain, secure deletion, and multicloud were the only security practices listed in the survey that respondents plan to invest more in. Blockchain shows the largest increase, from 8% to 27% – a considerable shift with more than three times as many leaders planning to invest in the technology.

“Blockchain is a solution to a few issues. It’s also not a silver bullet,” says Sultan Al-Owais, Digital Lead, Prime Minister’s Office, UAE.

“Many of the use cases where people suggest blockchain assume that it will fix something. What I would have wanted to hear in the answer to that question is simplicity. Our problem is that it is horrendously complex today and therefore has a lot of dark corners that are difficult to secure. It has to become much simpler if it’s going to be securable.”

“I think there’s a lot of hype,” adds Dragan Pendić, Director – Cloud Security, G42.

“What blockchain really brings to the table is zero trust, and I think this is very important as a security professional – knowing how

reliable are your controls and how verifiable those things are at the level that there is irrefutable evidence. So blockchain can certainly help. The bottom line is the preservation of integrity – the three properties of data integrity, confidentiality, and availability.”

Looking further into the future, cloud professionals were asked what their top priorities were going to be for the next 12-18 months. Zero trust was the top priority (56%), followed by data & privacy at 43%, and regulatory compliance following at 42%.

“With the movement towards AI, security is going to be one step behind technology,” suggests Shivani Jariwala.

“Cloud was meant to be something else. Change, like geopolitical issues, have changed the way we now think of cloud. I think we need some form of standard global approach towards cloud security but it will never happen, as the technology keeps changing. So I think our focus is on catching up with the technology and securing those – that is where a lot of our energy will go.”

Pendić saw a bigger challenge coming from the lack of talent available not only in the region, but globally – with an estimated 4.5 million vacant cyber security roles.

“Leadership needs to invest in fully understanding the security of the organisation,” he says. “When it comes to security, we need to be more sharply focussed on what is relevant. We need to see security through the lens of a business rather than as a security professional because ultimately we serve the business.”

“We need to go back to basics,” concludes Dr Cheang. “When putting our heads in the cloud, we need to keep our feet firmly on the ground. We need to focus on the low-hanging fruit that we can accomplish together.”

TRANSFORMATION DRIVES AMERCAREROYAL TO AN INDUSTRY

TRANSFORMATION AMERCAREROYAL INDUSTRY LEADER

Formed by a number of acquisitions, we highlight the path, challenges, and success of disposables and supply chain leader ACR’s digital transformation

Since it was formed with the initial platform in 2014, AmerCareRoyal (ACR) has been on an incredible journey building scale and breadth to become an industryleading platform.

Its products are consumed in every part of the North American foodservice industry,

including large international restaurant chains, emerging regional organisations, local neighbourhood eateries, cafeterias, and institutional feeders, and the broadline and supply distributors that serve them all. Major brands like Five Guys, Tim Horton’s and Yum Brands, and hundreds of other brands that operate and distribute to restaurants trust

ACR as a single-stream resource for over 6,000 disposable products used to keep their businesses humming.

“We’ve transformed from a regional player to a leading national supplier of disposable products across 20 categories in the food service industry,” comments Brett Barnello, ACR’s Chief Operating Officer. “We have

unmatched infrastructure and product breadth. We have over 6,000 product SKUs. We’re roughly a billion in revenue today, and we have an aspirational growth plan to triple that to be at US$3bn in five years or so.”

As Jeff DeSandre, ACR’s Chief Information Officer, describes, what is particularly notable about the organisation is that it is greater than the sum of its parts.

“If you add up the nine acquisitions that we’ve made to form ACR, they equate to less than our current revenue,” he explains. “The work that’s being done here allows for synergising. There is a large portion of organic growth that’s part of this acquisitive growth and I think that’s pretty interesting that the sum of the component parts is less than what we are today.”

The COVID-19 pandemic and unprecedented supply chain challenges

The COVID-19 pandemic caused welldocumented disruption on a global scale, with ACR’s supply chains no exception. ACR leverages domestic manufacturing and international sourcing, which amounts to a truly global supply chain, so it was greatly impacted by the pandemic.

However, as Barnello points out, the company’s supply chain issues were not solely pandemic-induced. In fact, ACR was already grappling with growing pains in the pre-pandemic period. As Barnello states, these challenges involved stitching a number of small business units together and linking those and creating synergies.

“The pandemic was another in a series of this unprecedented global supply chain disruption and how we fare and manage through that,” he explains. “Then, the challenge was to not only survive the day-

EXECUTIVE BIO

BRETT BARNELLO

TITLE: CHIEF OPERATING OFFICER

COMPANY: AMERCAREROYAL

INDUSTRY: FOODSERVICE

LOCATION: US

Barnello has over 25 years of Supply Chain experience in consumer businesses. He is a proven leader with a consistent record of organisational success through sustained results-oriented focus and innovative processes, products, and services. He develops, motivates, and builds organisations and partners with colleagues with a relentless focus on business imperatives.

Extend your team with Programmers you can trust

Development backlogs are unique combinations of company goals, requirements, and constraints. As a company's needs change, our flexible engagement models adapt, and we back our work with an industry-unique Happiness Guarantee.

How Programmers.io is creating trusted partnerships

Kip Kugler, SVP of Sales, explains how Programmers.io’s unique skill set leaves the company well-placed to deliver firstclass customer service to clients

For Programmers.io, an on-demand provider of software development professionals, commitment to great customer service starts at the very top.

“Anshul Choudhry, our Founder, is extremely passionate about doing the right thing,” says Kip Kugler, SVP Sales. “If customers aren’t happy, they don’t have to pay. We may have eight or nine months of great work together but, if something doesn’t feel right in month 10, we won’t invoice and we’ll make a plan to fix it.”

“To this point, I haven’t had any customers leave because they’re unhappy.”

Programmers.io boasts unique skills

Programmers.io specialises in assisting the tens of thousands of US companies using IBM iSeries (AS/400), while also working on at least 50 other programming languages.

The lack of college students learning legacy languages means there exists a distinct shortage of workers – which is where Programmers.io comes in. A key priority for modern-day CIOs in terms

of future-proofing, Kugler explains, is deciding whether or not to migrate away from iSeries. He continues: “iSeries is so reliable and consistent that we say to people ‘we’ve got the workforce and we’ve got the ability to help you stay there longer – you don’t have to take that risk yet.”

AmerCareRoyal benefits from Programmers.io expertise

In recent years, Programmers.io has worked closely with AmerCareRoyal, a producer of disposable supplies that uses a unique legacy ERP system built on iSeries.

Kugler explains: “The issue for AmerCareRoyal is finding the relevant workforce. It’s not just about knowing the legacy programming language, but also the specific ERP – and we have that skill set.” The pair have worked together on countless projects relating to warehouse and pricing metrics, purchase order functionality, and vendor and order management.

“It’s a collaboration, but we see ourselves as an extension of their team,” adds Kugler. “We guarantee a budget-friendly environment with unique skills that are hard to find.”

to-day of the pandemic, but actually also on a separate track start to think beyond the pandemic and how we come out stronger and more stabilised.

“We knew everyone would come out of the pandemic at the same time, but some would be worse off than others. For us, our goal was to be stronger and have corrected systems and processes and different people capability.”

ACR’s transformation

As DeSandre describes, ACR’s transformation began with the transformation of its leadership team,

with an end goal of creating a solid bedrock upon which to build.

“I had to make sure that the foundation was right. That meant no noise, and making sure the table stakes worked,” DeSandre explains. “It’s like the gutters on a house. No one notices them if you put new gutters on, but they do notice if they don’t work.”

As a result, ACR worked with OpenSystems on a fully-managed, SASE (secure access service edge) SD-WAN solution. “That was a foundation, and was one less piece of noise that I had to worry about,” DeSandre explains. “This technical foundation afforded us time to focus on

other key digitisation drivers including master data.”

As DeSandre explains, security is a continuous consideration. “We live and breathe considering security. We have to focus on that on a regular basis,” he comments. With this in mind, ACR worked with OpenSystems’ Ontinue service, its managed detection and response (MDR) division, to help find problems in real-time. Its AI-Powered MXDR expertly blends the best of MDR, as well as assessment and prevention.

From there, DeSandre worked on developing ACR’s API layer, working with

VAI – its ERP supplier – and its S2K platform. “Even though our ERP system may not be from one of the big suppliers, the architecture of the system, and the amazing partnership of VAI, has really enabled us to take deficiencies that might be in any ERP system and react really quickly.”

“The flexibility that comes with the S2K platform is really a differentiator for us, because it allows us to continuously optimise, especially in the warehouse, which is really important.”

The final piece was a trusted managed services partnership which afforded ACR strong technical resources which can be

Avatria, Celonis and Emporix enable efficiency gains for ACR

With the cloud-native Digital Commerce Platform and Commerce Execution Platform, Emporix, Avatria and Celonis are working with AmerCareRoyal to drive increased efficiency and deliver better business outcomes — decrease costs, increase customer satisfaction and set the stage for innovation.

Learn more

Avatria, Celonis and Emporix drive efficiency for ACR

With the cloud-native Digital Commerce Platform and Commerce Execution Platform, Emporix, Avatria & Celonis are helping AmerCareRoyal drive better outcomes.

With its leading cloud-native Digital Commerce Platform and Commerce Execution Platform (CXP), Emporix enables wholesalers, distributors, manufacturers, retailers and brands to utilise insights and ultimately deliver better outcomes.

“So many commerce systems were built more than two decades ago: before the millennium and even before the cloud itself,” explains Eberhardt Weber, Emporix’s Founder and CEO. “We decided to build a new cloud-native and API-first commerce platform from the ground up, with a focus on enterprise businesses in B2B and also sophisticated B2C business models.”

Emporix worked with its preferred integration partner in North America, Avatria, on implementing the Digital Commerce Platform for AmerCareRoyal, a leading supplier for disposables used in the catering, janitorial, sanitation, industrial, hospitality and medical industries.

“AmerCareRoyal had been a customer of Celonis and they were working heavily with their business process mining capabilities to identify bottlenecks and streamline their

processes,” Weber explains. “Now, together with Celonis, Emporix has developed a new product called Commerce Execution Platform (CXP)” CXP helps organisations optimise outcomes by leveraging up- and downstream process insights to guide and drive the orchestration of multi-step scenarios.

Celonis, the global leader in Process Mining technology, was central to AmerCareRoyal’s ongoing process transformation initiatives. Now, Celonis’ process intelligence facilitates the end-to-end orchestration that has made the Commerce Execution Platform indispensable for AmerCareRoyal.

When Weber introduced the platform to Jeff DeSandre, AmerCareRoyal’s CIO, he says he immediately realised that he is a visionary.

“That’s why we decided to start together with AmerCareRoyal for this new product,” Weber explains. “And then they realised that they were looking also for a B2B platform for their customers, so more like a self-service portal. This is where Avatria came in, because they customised and integrated this solution based on our digital commerce platform.”

After Avatria completed the initial implementation, they began to transition to ACR resources, shifting to an advisory role.

EXECUTIVE BIO

COMPANY: AMERCAREROYAL INDUSTRY: FOODSERVICE

LOCATION: US

Jeff DeSandre is an accomplished technology executive with more than 15 years of experience in leading complex IT organisations. He currently serves as the Chief Information Officer (CIO) at AmerCareRoyal, a food service company, where he is responsible for the strategic direction and delivery of technology solutions that support the company’s business objectives.

In his role as CIO, DeSandre has a proven track record of transforming IT organisations and driving innovation through the use of emerging technologies. He has successfully led large-scale digital transformation initiatives, resulting in significant improvements in operational efficiency and customer experience.

Prior to his current role, DeSandre held several senior leadership positions in technology at companies within the consumer goods space. DeSandre holds a Bachelor’s degree from the College of New Jersey. He sits on the advisory board for UCX.

scaled up quickly. For this ACR partnered with ProgrammersIO (PIO), which provides high quality global development resources. “PIO provided us very technically sound resources to support the S2K platform. The level of commitment and quality of their work is outstanding. They are a key part of our IT team,” says DeSandre.

With this foundation established, ACR could set its sights on future projects. Since the transformation got underway, ACR has worked on three major projects: Unity - its ongoing integration project; Spotlightwhich focuses on commercial optimisation; and Rubik – its Supply Chain continuous improvement initiative.

As Barnello explains, Project Rubik is part of ACR’s transformative initiative around its supply chain and back-end operations.

“Rubik started with network design and optimisation as well as inventory management, and how we could become more efficient coming out of the pandemic,” he describes. “We had higher inventory levels, low service rates, and we had high back orders as well as splits, in terms of a customer receiving something from a different location on the same order and not at the same time - which was causing customer pain and complexity.”

As part of the strategy, ACR worked with its partners to develop a sustainable roadmap. “We put together a large crossfunctional team that involved IT, Sales, Finance, and Operations and then executed that plan.”

Supply chain partners

As Barnello describes, ACR has worked with partners across its supply chain, including

Understanding your environment to provide superior protection.

Ontinue driving the next evolution of MDR with AI

Ontinue Chief Product Officer Tom Corn discusses how the company leverages AI in managed detection and response to deliver a distinctive solution

Driven to define the next evolution of Managed Detection and Response (MDR) for its partners all around the world, Ontinue ION AI-Powered MXDR expertly blends the best of managed extended detection and response — as well as assessment and prevention — into a service specifically designed for Microsoft security customers.

“We specialise in customers who are leveraging a lot of Microsoft security technology,” comments Tom Corn, Ontinue’s Chief Product Officer. “We have a unique process that isn’t just about reactive detection and response, but about constantly improving companies’ security posture, in what we call a proactive reactive service.”

When outsourcing security to MDR players, understanding the client’s control stack poses challenges. While MDR providers may offer expert security support around the clock, the crucial factor is their comprehension of the client’s unique environment. To go beyond basic alerts, effective investigation and response necessitate a deep

understanding of the company’s assets, architecture, and operational constraints.

As Corn explains, Ontinue was started by a group of data scientists with the idea of applying AI to MDR in a unique way. “We are doing something quite different here, where we’re applying AI to understanding the customer and the environment we’re defending, their operational constraints, and how the defenders have to work in their environment. This allows us to solve that problem of how to understand the environment quickly, deeply, and then localise the solution for a customer.”

Ontinue has also innovated with its interaction model. “We started with the premise that the world doesn’t need another management console,” say Corn. “Instead, Ontinue built its interface into Microsoft Teams, so customers and Ontinue defenders collaborate in a shared channel, taking advantage of Teams capabilities they’re already using during the workday. By doing this, we look, feel and act like a true extension of our customers’ teams.

“We’ve specialised more deeply in customers who are using the Microsoft security stack. This has allowed us to do very deep things that you just don’t see from other places because we’ve really specialised.”

GAINSystems and 3GTMS transportation management systems.

GAINSystems is ACR’s planning partner that it utilises for supply and demand planning efforts, he explains, in a partnership over a number of years.

“Not only are they being used for our planning software and all of the inventory and operating policies that go along with that, but they’re also moving into network design as well,” Barnello comments.

“We are seeing tremendous value in a single partner that has both the planning capability and the operating policies as well as the ability to help us design and run simulations and optimisation.”

3GTMS, meanwhile, has provided ACR with visibility across its transportation network. “What they’ve really done is given us the visibility and the data to be able to effectively manage our outbound freight and understand where we’re winning and losing and then really to chase that down,” Barnello adds.

Importance of data and data visibility

When it came to looking at ACR’s data strategy, DeSandre emphasises the importance of a clean stream of master data which can be easily accessed in near-real time. This is where ACR’s partnership with global process mining technology leader Celonis came into play.

“Our work with Celonis really is at the heart of our data strategy, to the point now that we’re really moving towards having all of our data in one place within Celonis. Today, we’re just starting to tap that potential and I think the executive team is just starting to really understand the power of having that data model.”

Fast Forward to the Future of Supply Chain Decisions

Drive faster, smarter decision making everywhere inventory matters. GAINS helps businesses move forward faster with greater agility, resilience, and confidence, even in disruptive times. The GAINS AI-driven cloud platform guides supply chain decision makers to the outcomes that optimally balance the tradeoffs between freeing working capital, lowering operating costs, and meeting service goals for global manufacturing, distribution, retail and aftermarket/maintenance companies.

GAINS: Navigating supply chain volatility with ACR

As a leader in supply chain design and planning, GAINS focuses on putting its customers first and moving them forward faster. Jeff Metersky, the VP of Solution Strategy at GAINS, guides and directs the overall strategy of the GAINS supply chain solution.

Supply chain volatility shifts priorities

With decades of experience providing supply chain solutions and services, Metersky knows that traditional supply chain design and planning strategies no longer fit volatile business environments. They lack the flexibility to plan for disruptions and continuously optimise inventory.

“Supply chains are no longer predictable and stable. They have become fragile and exposed due to increased variability and the rise in global disruptions,” Metersky says. “Businesses can no longer rely on the same techniques because our environment has changed – the focus cannot be on cost alone. Today’s decisions need to balance the trade-off between cost and service to mitigate risk and drive performance.”

“Using GAINS’ solutions, companies will be able to navigate uncertainty in their supply

chains, enabling much greater adoption of designs instead of making them academic exercises. Designs will become more pragmatic so that companies can fully understand their impact and increase the likelihood of adoption.”

Partnering with AmerCareRoyal to enhance supply chain decision making

GAINS has been on a journey with AmerCareRoyal (ACR) to automate and transform its operations. Consequently, ACR has grown rapidly – doubling in size – as they continue to acquire new businesses.

“Due to their partnership with GAINS, ACR has achieved rapid results, optimised inventory across their network, managed volatility, and become more resilient by being open to continuous improvement and looking for new ways to improve performance,” Metersky states. “This strategy achieves their desired outcomes and provides a scalable foundation on which they can embrace volatility and serve their customers well”.

Jeff Metersky, GAINS’ VP of Solution Strategy, explores how better supply chain decisions are moving AmerCareRoyal forward

VAI ERP Gives AmerCareRoyal and Others a Competitive Advantage

From procurement optimization to sales automation and warehouse management, VAI’s ERP applications help wholesale distributors, like AmerCareRoyal, improve customer service and boost productivity.

VAI provides you with an ERP without limits by integrating business processes across your organization.

An example of this success comes through ACR’s work with Emporix and Avatria on implementing a new Digital Commerce Platform, which enables its customers to utilise insights and ultimately deliver better outcomes. The product is known as the 1ACR portal.

“We just went live with our new portal, and I’m happy to say that we don’t have a point-to-point interface. Any information that we already know is clean, and is in Celonis, is being syndicated to our portal, which makes us very unique. We really are starting to get to a point where

our transactional data is able to be syndicated and used in these different systems.”

As DeSandre explains, the ultimate goal is to achieve a single version of the truth with a low amount of manipulation.

“There are still some shortcomings with not all required data being tracked in our master data as part of our ERP,” he adds. “To correct for this and enable change as ACR continues its evolution we have amended our ERP to support non-native master data allowing our ERP to serve as a system of record where necessary.”

A bright future for ACR

For ACR, which continues to grow through acquisitions, the message for the future is one of continued partnership. And through its projects - Unity, Rubik and Spotlightthe transformation will continue to evolve.

“I don’t think it stops,” Barnello comments. “This is really a jumping off point for us. We’ll continue to refresh the network as we continue to acquire new businesses, new geographies and new customers. We’re turning to using data and the digital transformation on our spend cube and in our procurement space as well.”

As DeSandre concludes, the future will see ACR continue to drive innovation across its ongoing transformation projects.

“I really do feel like we’re at a point of almost best of breed in our supply chain capability. But on our commercial processes, our pricing strategy, how we process rebates, bill backs, how we deal with the commercial aspects of our customers, I do think that we’re probably still about a year or two away from being a best of breed there. So I think that’s going to be a lot of our focus.

“We have really strong leadership now, and so the future for me is really about continuing the great work that we’ve been doing for the last three years,” he concludes. “It’s going to be about pulling it all together and continuing driving our supply chain optimisation projects in Rubik as well as our commercial optimisation projects in Spotlight.”

SKILLED AND TRAINED WORKFORCE NEEDED TO COMBAT CYBER RISKS

Last year, research suggested that the global cyber workforce today stands at 4.7 million. But while this number is the highest ever recorded by (ISC)², the cybersecurity workforce is still in urgent need of more professionals.

Despite adding 464,000 more cybersecurity professionals in the previous year, (ISC)²’s Cybersecurity Workforce Study for 2022 revealed that 3.4 million more cybersecurity workers are needed to secure assets effectively.

“As a result of geopolitical tensions and macroeconomic instability, alongside highprofile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” said Clar Rosso, CEO at (ISC)². “Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”

Growing the cybersecurity landscape

As organisations face a shortage of cybersecurity workers – 70% of respondents told (ISC)² their organisation does not have enough cybersecurity employees – staff deficits could be putting businesses at a “moderate” or “extreme” risk of a cyberattack.

To combat this, building a skilled and competent cyber workforce is essential. “For growth industries like cybersecurity, there is simply not enough staff to meet current sector challenges,” comments Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster university.

“Cybertheft is becoming the fastest growing crime in the world, yet there is still a vast talent gap across the industry.

Naturally, this is driving up wages for the most sought-after roles and this will likely continue into the foreseeable future. This should motivate any young person considering a career in this field right now.

“Cybersecurity is a top priority due to the core nature of digital systems in daily life. However, like many other sectors, we are seeing an increase in resignations, with cyber leaders citing stress, burnout or fear of escalating attacks as the driving factors. This is a cause for concern as cybersecurity is a crucial pillar of any IT system. If this trend continues, this will have long-lasting implications on the sector.

“Therefore, it is crucial that we maintain a steady supply of diverse, highly skilled professionals to meet the needs of our growing digital economy,” Curran adds.

KEVIN CURRAN

TITLE: PROFESSOR OF CYBERSECURITY

COMPANY: ULSTER UNIVERSITY

Professor Curran is a Professor of Cyber Security and Executive Co-Director of the Legal innovation Centre at Ulster University. Prof Curran is a Fellow of the Royal Society for the encouragement of Arts, Manufactures and Commerce (RSA) in recognition of his outstanding contribution to Cybersecurity in the UK. He is also a senior member of the IEEE.

“There needs to be a collective effort from businesses, industry groups, schools and universities to encourage more young people to enter the industry.”

Boosting cyber awareness from grass-root level

As Prof Curran describes, it is important for those wanting to pursue a career in cybersecurity to adopt soft skills including patience, willingness to listen, work in a team and be able to write reports.

“Technical skills are also important depending on the sector the candidate

is interested in,” he comments. “For instance, someone who works in malware would require good code skills for reverse engineering malware whereas someone who works within network security needs a firm understanding of configuring networks, network services, vulnerabilities, and firewalls. Many of the larger companies have a vested interest in offering certifications. These can be of high quality and can provide a way in for those looking to kick start their cybersecurity careers.”

Currently, college degrees are still the most appropriate means to secure a career in cybersecurity: “Of course, the subjects or courses will change greatly in the coming years, but the prestige offered by university degrees will still be the desirable mode of training,” Curran adds. “Having said this, apprenticeships will always play a role as they have done in many engineering disciplines in the past. However, this will naturally require further investment and greater collaboration between government and industry leaders.”

Where should the cybersecurity industry be focusing its efforts?

At the moment, there is a demand for cloud security experts. However, in the future, it will be difficult to find professionals with the necessary skills required to secure a cloud infrastructure, especially as the platform grows in complexity, Curran predicts. “Even now, it is hard to find cybersecurity staff with good experience in this area. As the technology evolves, new challenges will arise resulting in even more high paying specialist jobs in this area.”

Cloud security is crucial for several reasons. “Firstly, it protects sensitive data stored from unauthorised access, theft, and loss,” says Curran. “It also helps organisations comply with industry regulations and privacy standards, builds customer trust and gives companies a competitive edge. This is just one example of why there needs to be more security professionals in the field. It is also important to remember that cloud security follows a shared responsibility model, customers are equally responsible for securing their data and applications.

KEVIN CURRAN PROFESSOR OF CYBERSECURITY ULSTER UNIVERSITY

“For growth industries like cybersecurity, there is simply not enough staff to meet current sector challenges”

It ensures business continuity and disaster recovery by providing redundancy and high availability.

“Cloud is an area of cybersecurity that will be vital to the future of everyday business. It offers so many avenues and potential job roles. It should be noted that government and industry leaders lay the necessary foundations for candidates to pursue this career path.”

The future of the cybersecurity industry

As the cybersecurity landscape is constantly changing, businesses need to adapt and plan ahead, by providing plenty of opportunities for staff to learn, progress and take charge of their careers,” Curran explains. “At the same time, the education sector also has a responsibility to address the talent shortage and make students more aware of the opportunities available in the sector. Cybersecurity is a challenging but incredibly rewarding career. Addressing the talent shortage will require a collective effort from industry, schools, and universities.”

“ Addressing the talent shortage will require a collective effort from industry, schools, and universities”

KEVIN CURRAN PROFESSOR OF CYBERSECURITY ULSTER UNIVERSITY

Create healthier lives and enable patient data accessibility

Discussing the company’s product strategy and partnerships enabling data security is Mike Melo, VP Shared Service Technologies and CISO at LifeLabs

It was once expected that healthcare professionals were the bearers of all knowledge relating to patient information. But, with an increasing presence of digital technologies in the medical profession, individuals are now able to take this into their own hands and discover more about their own physical wellbeing for the better.

This is the core mission of LifeLabs, Canada’s leading provider of laboratory diagnostic services, which is responsible for crucial patient data pertaining to their health. Responsible for critical stages of the healthcare process, LifeLabs as an organisation is responsible for carrying out important blood and ECG tests for patients across Canada and is an integral stakeholder in their medical journeys and vice versa.

The company is the largest medical diagnostic firm in Canada with operations in Ontario, British Columbia – and in Saskatchewan – providing crucial services to the Canadian population. Having spoken to one of the company’s executives, we learn the relevance of its services in relation to the coronavirus (COVID-19) pandemic as it was instrumental in a number of ways.

“We were on the front lines of COVID-19 testing, supporting our government partners, helping airlines keep flying and even provided testing services to the NHL. Our labs have completed over five million COVID-19 tests. We’re making a significant impact, and we’re proud of it!,” says the company’s VP Technology Shared Service and CIO Mike Melo.

Conversing with Melo to uncover more around cybersecurity, the organisation has undergone a major overhaul with its CISO at the forefront of bringing together its IT and cybersecurity teams to harmonise their approaches. The focus on cybersecurity is a result of LifeLabs offering more and more services to its customers to allow them to take more control over their medical needs.

“We offer digital access to medical health records with better insights into what you can do with your health and really empower users to take this into their own hands and make great choices.

“ONE OF OUR BIGGEST CHALLENGES WAS CREATING A VIRTUAL REMOTE ACCESS ENVIRONMENT FOR OUR STAFF, ESPECIALLY DURING COVID-19”

That’s one of the reasons I came to LifeLabs, as I wanted to be a part of that journey and transform the digital healthcare space,” says Melo.

As the company evolves, more possibilities are opening up for patients, which requires particular attention to securing and protecting their data in the digital realm. As explained by Melo, the organisation is dedicated to providing high-quality healthcare services that come directly to the person. LifeLabs is offering more patient-centric services, much like its MyVisit solution – allowing phlebotomy experts to come directly to them – and also

MIKE MELO

TITLE: VP OF IT SHARED SERVICES AND CISO

COMPANY: LIFELABS

LOCATION: CANADA

Mike Melo is the Vice President of IT Shared Services and Chief Information Security Officer (CISO) at LifeLabs. Melo has truly made an impact with his invaluable contributions and exemplary leadership in senior IT roles. He has demonstrated remarkable expertise and dedication to ensuring the highest information security and technology excellence standards.

Melo was recently recognized as the Member of the Year in the CISO Division by the CIO Association of Canada (CIOCAN) while playing a pivotal role in driving innovation and safeguarding sensitive data. With his extensive knowledge and experience, Melo has elevated the IT landscape at LifeLabs, setting new benchmarks for excellence.

EXECUTIVE BIO

Collaborating with Netskope to secure the modern enterprise

Security must modernize to successfully keep up with cloud transformation and the needs of a hybrid workforce. Netskope sees and understands these changes and works with you to protect people and data anywhere they go.

We’re building a world where Identity belongs to you

Okta is the World’s Identity Company. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world and puts Identity at the heart of business security and growth.

CrowdStrike protects healthcare systems from cyberattacks, so you can focus on delivering quality patient care

CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes and technologies such as LifeLabs and top Fortune 500 organizations that drive modern enterprise, delivering superior protection, better performance, reduced complexity and immediate time-to-value.

LifeLabs and other leading organizations around the globe are rapidly adopting a Secure Access Service Edge (SASE) architecture to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and return -on-investment from their technology.

Netskope is already a widely acknowledged expert and innovator in CASB, SWG, ZTNA, Firewall-as-a-Service,

and other components of the Security Service Edge (SSE), which describes the security services needed for a successful SASE architecture. Among more than 2,500 worldwide customers, Netskope today serves more than 25 of the Fortune 100, and 5 of the world’s 7 largest healthcare providers.

As the leading independent Identity partner, we free everyone to safely use any technology anywhere, on any device or app.

The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce

Identity and Customer Identity

Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations.

CrowdStrike a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyperaccurate detections, automated protection

and remediation, elite threat hunting and prioritized observability of vulnerabilities.

CrowdStrike secures the most critical areas of enterprise risk — endpoints and cloud workloads, identity and data — to keep organizations ahead of today’s adversaries and stop breaches.

CROWDSTRIKE: WE STOP BREACHES

offering ECG monitoring. Not only will this empower patients, but provide simpler, faster, and more flexible access to healthcare services.

“There’s been a lot of evolution over the five years I’ve been with LifeLabs. I would say the company has really focused on becoming customer-centric and how to make it easier for a customer to get access to, one, the services that they need, and two, their health care information,” says Melo.

During COVID-19, the company had to undergo a rapid transition to more data driven, digital healthcare, which is a response that is likely to allow better support as well as prevention of critical conditions in the future. However, in doing so the team recognised the need for a robust cybersecurity approach to ensure that patient data remains secure for all.

Why is cybersecurity so crucial in the healthcare sector?

Following the journey of LifeLabs really highlights the significance of cyber as a construct in the medical industry. Upon joining the team, the team experienced an attack on its system, provoking the need for a dedicated CISO. These types of attacks come in abundance across the sector.

“LifeLabs focused heavily on rebuilding stakeholder trust after the event. We embarked on this new transformation to not only ensure we were appropriately managing PHI and evolving the ways we managed and secured patient health information, but also looking at how to innovate in the cybersecurity space,” says Melo.

The key aim here, as also mentioned by the CISO, is to become a true leader of Canada’s healthcare sector with zero-trust protocols embedded into everything it does.

“I think we’ve done that over the past four years, since I began leading the charge in cybersecurity,” he says. “We have evolved. We enhanced rigorous governance surrounding the security culture within the organisation. And it’s not just within the security practice, it brings accountability and responsibility to all of our users.”

As the old cliche goes, “teamwork makes the dream work”

Much of this exercise involves team building, which is where Melo’s role really takes shape with backing from the company’s President and CEO, Charles Brown. Aligning being a key theme for the organisation, Melo was responsible for developing an approach to team building that allowed both the cyber operations and the IT teams to collaborate as one. This involved first understanding both sides of the coin and then determining a process that meets the needs of both.

So with teams aligned and data now a critical component of healthcare cybersecurity operations, where is it secured?

The LifeLabs approach – enforced by Melo and team – is a cloud-based one, which seems to be a no-brainer for the company.

As alluded to, cloud creates a simpler, more flexible environment for secure data actions with many of the most recent cybersecurity developed in line with cloud services. When providing this insight, Melo explains that organisations should not simply jump into the cloud environment without careful research and a supportive approach.

“There’s definitely some pros and cons that need to be weighed up when you’re looking

at what type of workloads you’ll be moving to the cloud, and equally important, how you’re going to secure them,” says Melo.

Cloud and on-prem infrastructures are very different in nature. It’s not a lift and shift model, especially from a cybersecurity perspective. You need a purpose-built programme, standards, and structure when operating in the cloud.”

Melo also notes that if cybersecurity was not a critical conversation today, the results of inactivity may have seen LifeLabs in a different position from a commercial perspective.

Interception of cyber breaches is a crucial act of social demand, but also a key part of sustaining growth for the business.

Working with its partners in cybersecurity, such as Okta and CrowdStrike, the company has the support of these leading firms to drive the company forward in its cloud journey; enabling LifeLabs to identify the most imminent threats and defend its accounts.

“I’m proud of the partnership ecosystem that we’ve built at LifeLabs. It’s really helping us define success and what healthcare cybersecurity can look like,” says Melo.

“We leverage various technology organisations, but there are a few that become true partners in our journey in our cybersecurity initiatives. Some of those partners, such as Netskope, CrowdStrike and Okta, have really allowed us to provide better access for our employees, our customers, and ensure that their information is secure as we transform our organisation to a cloud-focused infrastructure and delivery model.

“These are very prominent leaders in their own regard, and they're very cloud focused. They help us in our cloud journey initiative

and, at the end of the day, they provide some of the fulcrum pieces of our security technology stack. They're the ones who are helping us identify threats, defend our account access, ensure that we are, you know, managing and governing various access to all of these new incredible products.”

One of its crucial partners, Netskope, was brought on board to help govern access to software-as-a-service (SaaS) products used by the company. The team works closely with Netskope to reduce the threat landscape surrounding edge applications.

“We’ve done a lot of work with Netskope to govern access to SaaS products; being able to ultimately undergo decryption at scale to gain proper visibility of what’s egressing our environment; understanding what threats are out there, because now we have the visibility to see them and analyse them,” Melo says.

“One of our biggest challenges was creating a virtual remote access environment for our staff, especially during COVID-19. There was a massive demand for remote access to most organisations and traditional VPN models just weren’t able to keep up. They weren’t built with the bandwidth requirements and capacity in mind.”

Netskope is a critical partner for enabling LifeLabs’ zero-trust approach and provides the company with low-latency and secure connected services, which is aligned with the overall goal of stable data sharing.

“Stability is critical for our success as we are a hybrid organisation and we’re able to have security policies that essentially follow the user and not the traditional means of following a corporate asset,” Melo explains.

“I think that our journey with Netskope has been one of our greatest successes and our ability to adapt and evolve over the past four years, our cloud journey and also our hybrid remote work journey.”

The future of the company is secure and over the foreseeable months cloud and cybersecurity will be the main focus points for the business. Melo and his team are also embracing the impending integration of AI in its processes and leveraging tools like ChatGPT in more mainstream applications.

SECURITY ESSENTIAL IN THE GROWING INTERNET OF THINGS NETWORK

As the global world of connected IoT devices continues to expand, so does the attack service. The visibility SASE enables is key to securing this network

The Internet of Things is changing the way the world works and plays. From applications in MedTech, logistics, and transportation to smart home solutions, IoT is an enabler of a larger digital transformation that will produce vast quantities of data to be stored, parsed, and transmitted over an ever-expanding global network.

But, as the world of IoT continues to expand, so too do security threats. The billions of IoT devices in use have naturally created new vulnerabilities for companies. According to global management consulting firm McKinsey, as more ‘things’ get connected, the number of ways to attack them has increased dramatically. Pre-IoT, a large corporate network might have needed to account for up to 500,000 endpoints being vulnerable to attack, while the IoT may involve a network with millions or tens of millions of these endpoints.

IoT fuelling transformation but vulnerabilities create risks for businesses The potential value of IoT is large and growing. By 2030, McKinsey estimates it could amount to up to US$12.5tn globally. And, according to Palo Alto Networks, the rapid growth of capabilities and adoption of IoT technology has fuelled a transformation in enterprise operations. IoT devices are believed to make up 30% of total devices on enterprise networks today, with the rich data collected from these devices providing a number of valuable insights informing real-time decisions and delivering accurate predictive modelling. In addition, IoT is a key enabler of digital transformation in the enterprise, with the potential to drive up workforce productivity, business efficiency, and profitability, as well as the overall employee experience. However, despite the many advantages IoT technology enables, the interconnectedness of smart devices

“The billions of existing IoT devices were not deployed overnight, and the security problems they inherit will not be fixed overnight either”

TOM CANNING PARTNER, BEACON CAPITAL

presents a substantial challenge to enterprises, primarily in terms of the serious security risks arising from unmonitored and unsecured devices connected to the network.

What’s more, with increases in hybrid working environments, security weaknesses on employees’ home networks could create risks for businesses. Last year, infosec firm Bitdefender found a number of security vulnerabilities in a particular brand of baby monitors, potentially enabling attackers to either access the camera feed or execute malicious code on vulnerable devices.

And, in addition to commercial impact, the risks of IoT-related service disruptions extend to the critical infrastructure in our communities.

New and escalating challenges

According to Palo Alto Networks, security teams are now faced with new and escalating challenges that are unique to IoT security, including:

• Inventory – not having clear visibility and context for what IoT devices are in the network, and how to securely manage new devices.

• Threats – lack of well-embedded security into IoT device operating systems that are hard or impossible to patch.

• Data volume – overseeing vast amounts of data generated from both managed and unmanaged IoT devices.

• Ownership – new risks associated with the management of IoT devices by disparate teams within the organisation.

• Diversity – the sheer diversity of IoT devices, in terms of their limitless forms and functions.

• Operations – the unification crisis wherein IoT devices are critical to core operations yet difficult for IT to integrate into the core security posture.

“Imagine the implications of an attack on the switching infrastructure of a metro subway line, a wireless pacemaker becoming compromised, or a power grid shutting down,” reports a whitepaper by Fortinet. As the report explains, security professionals must be prepared to define solution requirements thoughtfully to guard against these new threats.

“Thanks to the work-from-anywhere era, the boundaries between home and work networks have blurred,” explains Sunil Ravi, Chief Security Architect at Versa Networks. “Once the malware has breached a home network, it can then move laterally across to the homeowner’s work network, inflicting significant damage to the organisation. With IoT devices being the perfect target for malware, vendors must ensure that their products have effective security.”

Connected devices can be vulnerable to breaches

As Palo Alto Networks explains, without robust security, any connected IoT device is vulnerable to breach, compromise, and control by a bad actor to ultimately infiltrate, steal user data, and bring down systems.

With large volumes of diverse IoT devices continuing to connect to the network, a dramatic expansion of the attack surface is occurring in parallel. As a result, the entire network security posture is diminished, in terms of the level of integrity and protection offered to the least secure device. In addition to these challenges, 98% of all IoT device traffic is unencrypted, putting personal and confidential data at severe risk.

Almost half of the respondents to a study by Capgemini identified the inclusion of technologies like IoT as one of the main issues exposing their organisation to breaches. Ineffective delegation of cybersecurity responsibilities also ranks amongst the top vulnerabilities, an issue making it difficult to identify malicious activity in a timely manner.

“Thanks to the work-fromanywhere era, the boundaries between home and work networks have blurred”

SUNIL RAVI CHIEF SECURITY ARCHITECT, VERSA NETWORKS

While on the surface it seems like security and networking performance are at complete opposite ends of the spectrum, SASE has proven an ability to strike the perfect balance between the two entities”

APURVA MEHTA CTO AND CO-FOUNDER, VERSA NETWORKS

Secure Access Service Edge (SASE) is an emerging wide-area networks (WAN) model coined by Gartner in The

Cloud that delivers network and security

FWaaS, secure web gateway, and CASB as services to protect connected entities capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/

the sessions. Identities of entities can

As Tom Canning, Vice President of Global Sales IoT and Devices at Canonical, explains: “Businesses need to take a long, hard look at where their burden of security lies, and seriously consider putting trust in IoT applications to support and manage networks. That way, managers can be confident that they’re futureproofing through technology, which can automatically remediate any security issues.

“It’s no longer a case of one-size-fitsall in the smart era of Industry 4.0. Device hardware is not static and manufacturers must recognise that the future does not lie in this form of vulnerable hardware, but instead in software-defined capabilities.

“As attacks continue to accelerate, more action is needed to protect and futureproof the manufacturing industry. It will take investment and a real commitment to change how the industry thinks about security in relation to smart infrastructure. The billions of existing IoT devices were not deployed overnight, and the security problems they inherit will not be fixed overnight, either.”

“ With SASE, IoT devices can maintain their performance to meet the needs of the business but also ensure that security is watertight”

APURVA MEHTA CTO AND CO-FOUNDER, VERSA NETWORKS

SASE striking the perfect balance Coined by Gartner in the 2019 Networking Hype Cycle and Market Trends report, Secure Access Service Edge (SASE) introduces a new architecture where networking and security functions are bundled in a cloud-delivered service. As IoT and internet-based traffic continues to soar, SASE allows enterprises to streamline network integration, security, and policy management of distributed devices with a centrally-managed platform.

“Whilst on the surface it seems like security and networking performance are at complete opposite ends of the spectrum, SASE has proven to be able to strike the perfect balance between the two entities,” explains Apurva Mehta, CTO and co-founder at Versa Networks.

“SASE allows for a tighter integration between networking performance and security. This means IoT devices can be secure, while also ensuring that high performance

is maintained. Additionally, through SASE, organisations can ensure that all endpoints on IoT networks receive the same amount of security coverage and management capabilities – giving security teams complete visibility across their network.”

Not only does SASE give organisations visibility across all endpoints in IoT networks, but it also segments the network, too. By doing this, organisations can restrict the movement of malware on IoT networks, meaning that the cyber-risk of an organisation is dramatically reduced. Additionally, when suspicious activity is spotted within IoT devices, it can be easily located by security teams and mitigated.

“IoT devices are here to stay and they have proven to be extremely valuable to businesses, however, they must be secure,” Mehta concludes. “With SASE, IoT devices can maintain their performance to meet the needs of the business but also ensure that security is watertight.”

KYMERA INTERNATIONAL: Innovation and value in every particle

Gabor Szentivanyi, CIO of leading specialty material manufacturer

Kymera International, elucidates how digital prowess achieves multi-industry impacts

What happens when an international technology catalyst – itself composed of many companies – undergoes its own technological transformation, and makes that transformation the heart of its processes?

Kymera International is a leading specialty material manufacturer, focused on the production of diverse particles and special alloys for a perfusion of technology requirements with truly global applications.

The company’s core activity involves atomising different metals to create small particles used in powder metallurgy – particles which serve as the building blocks for manufacturing alloys, pastes and other materials that meet specific client needs – across a multitude of industries.

One of Kymera’s distinguishing features is its ability to provide a customised mix of products tailored to the unique requirements of its clients. Whether the need is for high RPM, extreme temperature tolerance, rigidity or flexibility, Kymera leverages its research and development capabilities to create alloys and powder mixtures that fulfil these demands.

Their products find applications in a wide range of industries, including metallurgy, medical, aerospace, defence and electronics.

Kymera’s reach: Truly global Kymera International operates through two major lines of business: engineered materials and surface technologies.

Under the engineered materials segment, the company provides specialised materials to meet specific requirements. In the surface technologies segment, Kymera International combines its material expertise with advanced surface treatment technologies to offer comprehensive solutions that enhance the functionality and durability of materials.

With 16 sites worldwide, Kymera International is a global player in the industry. The company’s extensive network includes nine North American sites and seven overseas sites, all working together to form the unified entity that is Kymera International. This global presence allows the company to leverage its diverse resources and expertise to serve clients around the world effectively.

“Combining human expertise with AI-generated insights, Kymera strives to achieve more precise sales forecasting, contributing to overall business success”

GABOR SZENTIVANYI CHIEF INFORMATION OFFICER, KYMERA INTERNATIONAL

GABOR SZENTIVANYI

TITLE: CHIEF INFORMATION OFFICER

COMPANY: KYMERA INTERNATIONAL

Gabor Szentivanyi is a global Information Technology leader with 25 years of cross functional experience within the manufacturing industry.

As the Chief Information Officer at Kymera International he has successfully implemented an M&A optimised IT strategy with heterogeneous ERP strategy which includes a centralised global data warehouse and reporting platform, a DoD-compliant IT infrastructure and Cybersecurity solution, all while growing into new markets.

Previously, as Vice President at Element Solutions Inc Gabor led IT Merger and Acquisition activities, Szentivanyi managed global IT services, and optimised a widely diversified infrastructure. He also held various IT leadership roles in France at COTY Inc. and Bonduelle S.A., implementing enterprise-wide solutions and driving

Szentivanyi is a multilingual professional with fluency in four languages and a deep understanding of diverse cultures. He holds an Electrical Engineering and Masters of Business Administration degree and maintains a robust IT strategy, M&A, and enterprise transformational

GABOR SZENTIVANYI CHIEF INFORMATION OFFICER, KYMERA INTERNATIONAL

COLLABORATE. CONNECT. CONVERGE.

Converge Technology Solutions is a services-led, software-enabled, IT & Cloud Solutions provider focused on delivering industry-leading solutions.

Our global solution approach delivers advanced analytics, application modernization, cloud platforms, cybersecurity, digital infrastructure, and digital workplace offerings to clients across various industries.

Creating innovation and value in every particle

Kymera International’s vision is rooted in creating innovation and value in every particle it produces. The company takes great pride in its ability to manufacture tiny, precise, high-quality particles.

“With a strong emphasis on quality control and continuous improvement, Kymera International ensures that each particle is produced with the utmost competence and advanced technology,” says Gabor Szentivanyi, Chief Information Officer (CIO) of Kymera International.

Szentivanyi brings a wealth of experience and expertise

Szentivanyi’s journey in manufacturing began in 1998. Since then, he has dedicated a significant portion of his career to working with companies involved in the manufacturing of various products.

Recognising the intrinsic connection between manufacturing and information technology, he naturally gravitated towards IT activities. His extensive experience in both domains has positioned him well as the CIO of Kymera International, with a focus on taking the organisation to the next level.

to

his role. With a professional journey spanning more than two decades, Szentivanyi’s career has primarily been focused on the manufacturing industry. His passion for creating tangible products and his love for IT led him to pursue a path in manufacturing, where he could witness the physical output of his work.

“Our commitment to excellence extends not only to our products, but also to our resources, guaranteeing that our clients can rely on Kymera International as a trusted and dependable partner,” he adds.

How big data analytics is powering Kymera’s transformation

In leveraging big data analytics, Kymera International has embarked on a transformative journey to streamline its

operations and enable data-driven decisionmaking. Recognising the limitations of its previous approach, Kymera International has embarked on a transformative journey to leverage big data analytics in its operations.

“When I first joined as CIO, I observed that the company had multiple independent enterprise resource planning (ERP) systems spread across its entities,” says Szentivanyi. “Each facility operated with its own set of specifications and requirements, resulting in fragmented data management.

“To address these challenges and unlock the potential of data-driven insights, I spearheaded an IT strategy focused on consolidating and integrating the disparate ERP systems. Instead of opting for a single, standardised ERP solution, we pursued a heterogeneous ERP approach topped with a central data warehouse that welcomes and hosts all data of the enterprise.”

Kymera’s emphasis on Cybersecurity

The operational domain of Kymera is naturally extensive – compounded by its dive into big data and analytics – and this extent requires a robust cyber security environment. In recognition of the everincreasing importance of cybersecurity, Kymera International places a strong emphasis on maintaining robust security measures. As a company with a longstanding history and a vital role in providing critical materials to various industries, cybersecurity is paramount.

The company also recognises that being a reliable and sustainable company requires a proactive approach to cybersecurity, going beyond the minimal requirements and ensuring the highest level of protection for its operations, customers, clients and partners.

Furthermore, following the recent announcement of a merger with TSS and the expansion into new markets (including the US Department of Defence), Kymera International is poised to seize additional opportunities. This strategic move will allow them to enhance existing products and develop new materials and solutions that may not be readily available within North America – giving Kymera a comparative advantage and opening up new avenues for growth.

Kymera’s Common Data Warehouse: A single source of truth

The heterogeneous ERP strategy allows each entity to automate local business processes according to its unique needs, while ensuring that global reporting and visualisation could be achieved through a common data warehouse. The company’s primary objective is to establish a single source of truth – a comprehensive data warehouse that hosts transactions from all ERP systems and other important systems.

With a strong emphasis on quality control and continuous improvement, Kymera International ensures that each particle is produced with the utmost competence

Having a central repository enables the standardisation of data across geographies and provides the foundation for generating valuable insights. By consolidating and harmonising data from various sources, Kymera International aims to shift from mere data representation to data-driven insights, empowering business leaders to make informed decisions and steer the company effectively.

With this new data infrastructure in place, Kymera International significantly reduces data latency. Instead of relying on weeks-old data, the company now operates with the previous day’s business data from all geographies. This real-time access to accurate and relevant information allows for proactive decision-making and a

deeper understanding of market trends. By identifying and analysing these trends at an early stage, Kymera International gains a competitive advantage and can align its operations with evolving market demands.

The real value of Information Technology Szentivanyi says: “The value of IT lies in the transition from raw data to actionable insights. By providing leadership with a clear understanding of ongoing trends and future directions, IT becomes a driving force for the company’s success.”

This shift from a rear-view mirror perspective to a windshield-view enables Kymera to proactively navigate the dynamic landscape of the industry and stay ahead of the competition.

From Excel spreadsheets to spreading excellence: Cloud-based data warehousing and business intelligence

In the past, many Kymera employees stored vital data in Excel sheets on their local hard drives. Gaining momentum in the digital era, Kymera recognises the need to move away from this traditional approach. The company is focused on encouraging its workforce to embrace Power BI, a powerful business intelligence tool, as a central platform for data visualisation and analysis. By utilising Power BI, employees can access up-to-date information in real-time, ensuring they have the latest insights necessary for informed decision-making.

Shifting from a culture of file ownership to embracing cloud-based solutions comes

“The integration of AI algorithms with historical data empowers employees –among others, the sales team – to make accurate and reliable forecasts”

with its challenges. Kymera acknowledges the initial hesitation and concerns around trusting data stored in the cloud. To address this, the company is actively working to build trust in the technology by emphasising its reliability, security and convenience.

“The goal,” says Szentivanyi, “is to create a seamless and secure connection experience, whether employees are working from the office, a coffee shop, or even while enjoying personal activities”.

“Kymera is determined to ensure that its workforce has constant access to business-critical information through a variety of devices, be it a computer, tablet or a mobile phone.”

Kymera’s unified digital infrastructure

Another key aspect of Kymera’s digital transformation is the establishment of a unified digital infrastructure. Prior to this transformation, Kymera operated with diverse computing and collaboration platforms due to various acquisitions.

“The value of IT lies in the transition from raw data to actionable insights”

GABOR SZENTIVANYI CHIEF INFORMATION OFFICER, KYMERA INTERNATIONAL

Szentivanyi identified the need to consolidate these platforms into a single, reliable and globally accessible solution.

“This unification enables enhanced collaboration, seamless communication and elevated levels of cybersecurity,” he says. “Kymera selected its most suitable networking and remote access solution to provide secure connections for its employees, regardless of their location, ensuring data privacy and protection.”

Kymera is committed to fostering a healthy work-life balance for its employees. The digital workplace initiatives, driven by Szentivanyi, not only aim to improve productivity, but also prioritise the wellbeing of the workforce by enabling hybrid working. The company provides the necessary tools and technologies that allow employees to connect and work efficiently from anywhere, without sacrificing security or incurring additional costs.

Kymera’s cybersecurity training, AI and ML

Moreover, Kymera invests in continuous cybersecurity training for its employees, raising awareness about the importance of cybersecurity both inside and outside the office. By creating a secure and flexible work environment, the company ensures its employees can focus on their responsibilities both professionally and privately, as they are equipped with the necessary cybersecurity competency.

The adoption of cloud-based data warehousing serves as a foundation for Kymera’s future growth and innovation.

“By centralising and consolidating data in the cloud, Kymera creates a unified repository that facilitates more effective data analysis and enables the application

of advanced technologies such as artificial intelligence (AI) and machine learning,” says Szentivanyi. “The integration of AI algorithms with historical data empowers employees – particularly the sales team –to make accurate and reliable forecasts. Combining human expertise with AI-generated insights, Kymera strives to achieve more precise sales forecasting, contributing to overall business success.”

Manufacturing challenges, partner ecosystems and future plans

Szentivanyi highlights that, as a manufacturing company, Kymera faces unique challenges in adopting new technologies due to its preference for solid, cost-effective solutions with clear return on investment.

“Manufacturing has often been considered a late adopter of technology,”

he continues, “but recent events such as the COVID-19 pandemic and cybersecurity threats have shifted perspectives. The integration of IT and manufacturing is crucial, presenting numerous opportunities for automation and value creation. By combining expertise in technology, data and manufacturing processes, I believe that significant improvements can be achieved, significant enough to transform the manufacturing industry.”

Discussing Kymera’s partnership with Converge Technology Solutions Corp, Szentivanyi commends the company’s diverse expertise and its approach based on trust. He says the long-standing relationship between Kymera and Converge has yielded successful results, particularly in the development of a complex data warehouse solution. Szentivanyi highlights

Converge’s guidance and ability to futureproof the solution, providing Kymera with the necessary technology infrastructure to implement artificial intelligence and automated forecasting.

“The partnership has enabled us to exceed our IT commitments and support continuous improvement and growth,” he adds. “Blueshift is our important partner in cybersecurity. Their approach to ensuring the security of our IT systems instils confidence in our cybersecurity measures.”

The next 12 to 18 months

Looking ahead, Kymera International anticipates further acquisitions, adding new companies and thus additional potentially different ERP solutions to the mix.

These new acquisitions can rapidly connect to the data warehouse and add to

the overall information package. The company aims to maximise the utilisation of its data warehouse and Power BI dashboarding automation, transitioning from traditional spreadsheets to comprehensive global insights.

“Improving or replacing certain ERPs to capture relevant, currently non-existing, but much needed data and enhance data governance is also going to be important,” Szentivanyi concludes.

“Kymera aims to address the emerging challenges of data governance and master data management through a collaborative and non-intrusive approach, striving for a global solution that meets local requirements in all of our operating locations.”

THE ROLE OF GENERATIVE AI IN TACKLING CYBER THREATS

AI can be used to boost cybersecurity in a number of ways, enhancing threat detection, malware analysis, vulnerability assessment and automated response

From privacy breaches to ransomware attacks, cybersecurity threats are a continuous challenge facing businesses across the globe.

Cybercriminals are constantly innovating their tactics, exploiting vulnerabilities, and breaching defences with alarming precision. Consequently, businesses must adopt a proactive approach – one that not only responds to attacks, but also anticipates and thwarts them before they materialise.

To help security teams deal with these endless attacks, AI is becoming an essential ally.

AI’s ability to analyse vast amounts of data, identify patterns, and make intelligent decisions in real time has positioned it as a game-changer in the ongoing battle against cyber threats. As foundational models continue to evolve, AI is a solution businesses should certainly consider implementing when it comes to combatting these risks and threats.

Firstly, as Hitesh Bansal, Country Head (UK & Ireland) – Cybersecurity & Risk Services at Wipro, explains, the best defence is a good

Secure Your Federal Software Supply Chain with the Sonatype Nexus Platform

A better way to build software and manage open source security risk.

Control. Define open source component policies by organization, team, and application type.

Automate. Automatically and contextually enforce policies across your entire software development lifecycle.

Secure. Decrease false positives and negatives and reduce gaps in security and quality assurance

Integrate. Continuously visualize component intelligence within your favorite tools.

offence: “Advanced AI now leverages existing protection technologies to build a logical layer within models to proactively protect data. For example, this can take the form of blocking traffic at the firewall level, before the threats compromise the boundaries of an organisation.”

Next, Bansal explains, businesses must be able to accurately detect and identify the threats and risks they are facing. “By processing and analysing large data sets, AI can provide useful intelligence upfront to recognise potential threats; for example, spotting anomalies through correlated network activity which would help engineers to identify payloads in malicious codes and malware.

“Finally, managing the response mechanisms in the event of cybersecurity threats is essential. Now, more sophisticated AI and Machine Learning-enabled playbooks and strategies are being refined and developed. While SOAR (Security Orchestration & Response) as a concept is not new, the role that enhanced AI plays is now allowing access to more data, analytics and most importantly, behavioural context

“Generative AI is changing the game for cybersecurity, analysing massive quantities of risk data to speed up response times and augment under-resourced security operations”

that will help IT teams to manage response mechanisms for each threat the business faces.”

Using AI to enhance cybersecurity

AI can be used to boost cybersecurity in a number of ways, comments Kunal Purohit, Chief Digital Services Officer at Tech Mahindra, enhancing threat detection, malware analysis, vulnerability assessment, automated response, data augmentation, adaptive defence strategies, and user behaviour analysis.

“AI enables more proactive and effective defence measures against evolving cyber

threats,” he explains. “And, with the advent of Generative AI, it is changing the game for cybersecurity, analysing massive quantities of risk data to speed response times and augment under-resourced security operations. It has massive potential to transform cybersecurity, including cloud, device, and even home security systems. By creating predictive models, generating simulated environments, and analysing large volumes of data, generative AI can help identify and respond to threats before they cause harm.”

As Damien Duff, Senior

Learning Consultant at Daemon, explains, AI can be

sometimes reflect the biases of their developers or the data they are trained on, leading to discriminatory outcomes. This can have serious consequences in the context of cybersecurity, resulting in false positives or false negatives.”

and data may not be the only reason”

IVANA BARTOLETTI GLOBAL PRIVACY OFFICER, WIPRO

As Bansal adds, while businesses should certainly embrace AI innovation and the new tools it brings, they must do so responsibly. “There are some known challenges with the use of AI, including the technical, social and organisational complexity of AI applications, bias of data sets and the associated cost of integrating AI algorithms,” he describes.

“All of these risks and challenges must be fully evaluated when AI models are built. The National Institute of Standards and Technology’s

(NIST) AI Risk Management

Framework is a good example of how organisations can keep track of risks and put in place a plan to mitigate them. If these ideas are followed, then enterprises will benefit from the development of more trustworthy AI.”

Ensuring the ethical use of AI in security

The integration of AI into cybersecurity practices, however, raises important considerations regarding privacy, ethics,

and the potential for adversarial exploitation. It is crucial to strike a delicate balance between leveraging AI’s immense potential and ensuring responsible implementation to protect user privacy while maintaining ethical boundaries.

Ivana Bartoletti, Global Privacy Officer at Wipro, explains that, first of all, companies need to have the right governance in place to assess the development and deployment of AI systems: “Whether it is by creating a separate structure or building ethical AI into an existing governance structure, using AI presents risks that need to be identified and managed.”

Developing these tools requires controls, training about how to label data and prepare the right datasheets, monitoring, and defining what fairness means, Bartoletti states: “When purchasing a tool from a provider, it is essential to assess that the product has followed due diligence and that its development is aligned with the corporate values of the business.

“Bias is never an easy thing; it can create harm as well as financial damage. Bias can emerge at many different points of the AI system life cycle, and data may not be the only reason. Aggregation, evaluation, and measurement bias are all dangerous, and these start with people. But it is also important for companies to protect their data. For example, secure data storage is important to avoid manipulation and tampering, which could lead to severe discriminatory issues in AI outputs later on.”

As Purohit adds, ensuring the ethical use of AI in security is critical to maintaining the trust and confidence of customers and stakeholders. “Businesses should develop ethical principles that guide the use of AI in security. These principles and guidelines should align with the organisation’s values and be based on internationally recognised ethical frameworks.

“Businesses must take a proactive approach to the ethical use of AI in security,” he concludes. “By developing ethical principles and guidelines, assessing and mitigating bias, certifying data privacy and security, businesses can use AI for security in a responsible and ethical manner.”

Predictive analytics

As Tech Mahindra’s Chief Digital Services Officer, Kunal Purohit, explains, AI can be used to improve incident response and crisis management in the event of a security breach in several ways.

In the case of predictive analytics for example, AI can be used to predict and prevent security breaches by analysing historical data and identifying potential threats before they occur.

“Predictive analytics can help security teams identify weaknesses in their systems and take steps to strengthen their security posture,” Purohit explains.

“By processing and analysing large data sets, AI can provide useful intelligence upfront to recognise potential threats”