Cyber - March 2023

CYBER COMPANIES March 2023 cybermagazine.com

HEADSPACE: A mission to change how the world thinks about mental health

Innovators are paving the way for a more resilient, sustainable and efficient future. The rules have changed. It’s time for DISRUPTION.

Tech LIVE Virtual returns to highlight the innovators changing the industry through expert keynote speakers, interactive fireside and panel discussions. This exclusive 1-day virtual event will bring together the greatest voices in the industry for an essential deep dive into the future of Technology, AI and Cyber.

Brought to you by BizClik, Technology, AI and Cyber Magazines, the event will shine a light on essential topics such as the AI revolution, quantum computing, the virtual workplace, technology’s place in sustainability and much more.

Sponsorship Opportunities

Position your business as a pioneer in Technology and showcase your values, products and services at Tech LIVE Virtual.

This is your chance to share your innovations with the technology community by making an impact in front of fellow decision-makers and influencers as well as accessing potential partners via an active and engaged audience.

See you on the 8th June 2023.

It’s time for DISRUPTION.

Ways to Work With us

We produce Digital Content for Digital People across 20+ Global Brands, reaching over 15M Executives

Digital Magazines

Websites

Newsletters

Industry Data & Demand Generation

Webinars: Creation & Promotion

White Papers & Research Reports

Lists: Top 10s & Top 100s

Events: Virtual & In-Person

Work with us

EDITOR-IN-CHIEF

GEORGE HOPKIN

MARCUS LAW

CHIEF CONTENT OFFICER

SCOTT BIRCH

MANAGING EDITOR

NEIL PERRY

PROOFREADER

JESS GIBSON

CHIEF DESIGN OFFICER

MATT JOHNSON

HEAD OF DESIGN

ANDY WOOLLACOTT

LEAD DESIGNER

JORDAN WOOD

FEATURE DESIGNERS

MIMI GUNN

SOPHIE-ANN PINNELL

HECTOR PENROSE

SAM HUBBARD

JUSTIN SMITH

REBEKAH BIRLESON

ADVERT DESIGNERS

JORDAN WOOD

DANILO CARDOSO

CALLUM HOOD

VIDEO PRODUCTION

MANAGER

KIERAN WAITE

SENIOR VIDEOGRAPHER

HUDSON MELDRUM

DIGITAL VIDEO PRODUCERS

MARTA EUGENIO

ERNEST DE NEVE

THOMAS EASTERFORD

DREW HARDMAN

JOSEPH HANA

SALLY MOUSTA

JINGXI ANG

PRODUCTION DIRECTORS

GEORGIA ALLEN

DANIELA KIANICKOVÁ

PRODUCTION MANAGERS

JANE ARNETA

MARIA GONZALEZ

CHARLIE KING

YEVHENIIA SUBBOTINA

MARKETING MANAGER

INDIA BERRY

PROJECT DIRECTORS

HARRY PALMER

KRIS PALMER

BEN WIGGER

TOM VENTURO

MEDIA SALES DIRECTORS

JASON WESTGATE

MANAGING DIRECTOR

LEWIS VAUGHAN

CEO

GLEN WHITE

Is the world ready for the great cybersecurity storm of 2023?

World leaders, police chiefs, and technology experts have warned cyberattacks present a global threat that demands a global response. And the clock is ticking, with the overwhelming majority of stakeholders expecting a catastrophic cybersecurity event in the next two years

A cybersecurity storm is brewing, and 2023 will be a critical year for global business – that was the warning from experts at the World Economic Forum's annual meeting in Davos.

Cyberattacks are increasing in sophistication and frequency, the world’s richest and most powerful business leaders were told at the annual gathering, and developments will include unprecedented cyberattacks.

The bleak outlook was reflected in PwC's 26th Annual Global CEO Survey, which was released during the Davos event and represents the most pessimistic outlook the survey has ever recorded. A report published by the WEF with Accenture found 93% of cybersecurity experts and 86% of business leaders think a catastrophic cybersecurity event is likely in the next two years.

It looks like the global cybersecurity industry is going to have its first year of being truly tested in 2023. And we’ll be following the fallout in Cyber Magazine – we hope you’ll join us for the battle.

“It looks like the global cybersecurity industry is going to have its first year of being truly tested in 2023”

CONTENTS

UP FRONT

012 BIG PICTURE

Bringing home the Space-BACN for US defence agency DARPA

014 THE BRIEF

Thelatest insights from the world of Cyber

016 TIMELINE

A world without passwords: the rise of passwordless tech

018 TRAILBLAZER

Kevin Mandia, Founder and CEO at Mandiant

022 FIVE MINS WITH Sam Linford, VP of EMEA Channels at Deep Instinct

040 CYBERSECURITY

Zero trust hand-in-hand with third-party risk management

062 NETWORKS AND APPLICATIONS

5G and data security –managing a new kind of threat

070 OPERATIONS

Global industry faces an arms race of cybersecurity risks

080 TECHNOLOGY

Data leaders have a crucial and developing role

088 TOP 10

The Top 10 cybersecurity companies in the world in 2023

Prevent Ransomware and Malware.

BlackBerry prevents DarkSide, NOBELIUM and REvil attacks with security powered by Cylance ® AI

BIG PICTURE

Bringing home the Space-BACN for US defence agency DARPA

Phoenix, Arizona, United States

Arizona State University Professor Daniel Bliss and his team are working on the Space-BACN project for the US Department of Defense Advanced Research Projects Agency, or DARPA as it is known.

The Space-Based Adaptive Communications Node (to give it its full name) is the first phase of an initiative to connect low Earth-orbit satellites with each other and their Earth-bound operators.

“Optical link processor technology has the potential to revolutionise space communications, enabling the exchange of large quantities of data between satellites,” says Bliss.

THE BRIEF

Middle East leaders urged to go on attack against hackers

READ MORE

READ MORE

Attack is the best form of defence when it comes to cloud and cybersecurity. That’s one of the key messages from a roundtable event held in Abu Dhabi, United Arab Emirates, this week.

This positive rallying call came from speaker Dr Aloysius Cheang, Chief Security Officer Huawei Middle East & Central Asia, who took to the stage at the W Yas Island Hotel for a roundtable entitled The Future of Cloud Security in the Middle East –presented by Cyber Magazine, sister title to Business Chief.

READ MORE

“We are going to take the banner to the enemy’s territory so that the cost is on them rather than on us,” said Dr Cheang. “Cybersecurity is cloud security, and security is the way of business.

“Increasingly, identitycentric, Zero Trust frameworks will be the best choice for any security-conscious organisation”

MARC ROGERS

Senior Director Cybersecurity Strategy, Okta

“Mental healthcare is a domain where privacy is super important for everybody, including our patients, user members, and our clinicians and coaches”

PUNEET THAPLIYAL CISO, Headspace Health

“About 55% of CEOs say that, by 2026, over 50% of their business will be new products that they don’t have today”

INDERPAL BHANDARI Global Chief Data Officer, IBM

BY THE NUMBERS

 FORTINET

Along with Microsoft, PayPal, and Santander, Fortinet is backing the Cybercrime Atlas, a World Economic Forum initiative that aims to combat the increasing cybercrime threat and has been welcomed by law enforcement agencies.

 UNITED STATES JUSTICE DEPARTMENT

Number of 12- and 13-year-old girls from across the UK who entered the 2023 CyberFirst Girls Competition, which is run by the National Cyber Security Centre (NCSC), a part of GCHQ.

EDITOR'S CHOICE

SENSITIVE US CENSUS DATA IS VULNERABLE TO THEFT AND EXPOSURE

Computer scientists have designed a “reconstruction attack” that shows US Census data could be stolen or leaked using a laptop and machine learning code.

ONE IN FIVE BUSINESS LEADERS FEAR CYBERSECURITY “INSIDE JOB”

71% of survey respondents worry about accidental internal staff error, with 51% saying they are only "somewhat prepared", in their cyber defence strategies.

GLOBAL BUSINESSES NOT PREPARED FOR “TERRORISM ON STEROIDS”

Organisations are not prepared to handle cyberwarfare – responses to ransomware vary wildly and cybersecurity spending is on the rise, a new report reveals.

The US Justice Department has disrupted Hive, a global ransomware group that has targeted over 1,500 victims across 80 countries. The FBI infiltrated Hive's computer networks, preventing victims from having to pay the ransom demands.

 ALPHABET

Alphabet, Google's parent company, suffered a $100bn loss in value following an error made by its new AI platform. Bard claimed the James Webb Space Telescope took the first pictures of exoplanets. It didn’t.

 MICROSOFT

Microsoft's Bing AI, which uses technology from OpenAI, has puzzled beta testers with an "alternative personality" named Sydney. The chatbot made unhelpful suggestions and provided strange advice, threatened some users, and declared love for others.

U P D O W N

MAR 2023

TIMELINE

A WORLD WITHOUT PASSWORDS: THE RISE OF PASSWORDLESS TECH

From MFA to biometrics, the humble password could soon be a thing of the past. Cyber Magazine looks at the past, present, and future of passwordless technology

1960 s 1980 s

The origin of the password arrived in the mid-1960s at MIT with the development of the Compatible Time-Sharing System. It allowed hundreds of users to share the computer with a common mainframe. The password was developed as an accounting tool to allow users access to their specific resources for a certain amount of time.

One-time passwords

The first version of ‘passwordless’ authentication arrived in the 1980s in the form of dynamic, one-time passwords (OTP) held on physical fobs. OTPs would eventually develop into two protocols: time-based OTPs (TOTP) and cryptographed hash-based message authentication codes, or HMAC OTPs. Dynamic OTPs are still widely used as an authentication protocol.

2011 2013

Touch ID

The rise of mobile boosted the popularity of passwordless technology. In 2013, Apple introduced Touch ID, a precursor to Face ID, making passwordless biometric authentication ubiquitous today. Since then, passwordless strategies have allowed mobile-first businesses to authenticate users and perform account verification in a single, easy step through a user’s mobile phone.

Multi-factor biometrics

In late 2011, IBM predicted that “multifactor biometrics” would become the dominant authentication protocol, creating a completely passwordless world. Two years later, in 2013, Google announced it had made multi-factor authentication protocols standard within the organisation.

Single Sign-On

The first Single Sign-On solutions appeared with Active Directory in the late 1990s, an early Access Management system that was first launched with Windows 2000 Server Edition. SSO helped organisations manage user authentication across an entire network of applications.

Multi-factor authentication

The late 1990s and 2000s saw the rise of multi-factor authentication. AT&T actually holds the earliest recognised patent – dating back to 1998 – but multi-factor auth (MFA) and single sign-on (SSO) really took off when organisations like Google began building them into their applications as a form of passwordindependent authentication.

Founder and CEO,

Having worked in different corners of the industry for over 30 years, Kevin Mandia is a force to be reckoned with in cybersecurity. He joined the US Air Force in 1992, where he spent the outset of his career at the Pentagon as a Computer Security Officer before becoming a Special Agent for the Air Force Office of Special Investigations.

Upon leaving the military, Mandia spent two years as Director of Training for Sytex/Lockheed Martin and three as Director of Foundstone, before going on to found Mandiant in 2004.

Mandiant as part of Google Cloud

Mandiant’s journey from conception to cybersecurity giant over the next two decades may be an ongoing story, but it has definitely caught the sector’s attention, becoming part of Google Cloud in 2022 while retaining Mandia as CEO.

Despite Mandian experts boasting 99% resolutions without incident response and an average of less than five minutes from alert to triage, at the inaugural Mandiant

mWise conference in 2022, Mandia professed that “we should never rest, we should maintain constant vigilance” as “wherever money goes, crime follows”.

“The Mandiant brand is synonymous with unmatched insights for organisations seeking to keep themselves secure in a constantly changing environment,” Google Cloud’s CEO, Thomas Kurian, told Cyber Magazine last year. “Together, we can make a profound impact in securing the cloud, accelerating the adoption of cloud computing, and, ultimately, make the world safer.”

Mandia echoes him: “Google Cloud shares our mission-driven culture to bring security to every organisation.”

The focus on cybersecurity is in-line with the international increase of attacks: since COVID-19 and the increase in staff working from home, the FBI have reported an increase of 300% in reported cybercrimes.

“CYBERSECURITY IS A MISSION, AND WE BELIEVE IT’S ONE OF THE MOST IMPORTANT OF OUR GENERATION”

Education

Mandia started his journey into cyber at Lafayette College, where he completed his Bachelor of Science in Computer Science from 1988 –1992, before moving to The George Washington University in 1993 to accomplish a Master of Science in Forensic Science. In 2013, he went back to education, completing the Owner/President Management Program at Harvard Business School.

Alongside his work within Mandiant, Mandia is a founding partner of Ballistic Ventures where he mentors entrepreneurs on their journey into cybersecurity; he has served as a member of the Cybersecurity Advisory Committee for the Cybersecurity and Infrastructure Security Agency since December 2021; and he is on the Board of Directors for Cohesity, a next-gen data management company. In 2014, he co-authored his book ‘Incident Response and Computer Forensics’.

International Cyber Espionage

Mandiant rose to international prominence in 2013, when it created a lengthy report summarising seven years of work, which described

how the Chinese government had been digitally infiltrating the US. The report, led by Mandia, offered details of theft towards 147 Western corporations across 20 industries by a Chinese military unit, known as the hacking groups ‘Comment Crew’ or ‘Shanghai Group’. The Chinese response was defensive; they denied the accusations and accused Mandiant of attempting a largescale publicity stunt. Although not created for recognition, the report did propel Mandiant to national news: on February 19th 2013 the front cover of the New York Times read “Chinese Army Unit Is Seen as Tied to Hacking Against U.S.” and reported on the “unusually detailed

60-page study by Mandiant”. The Forbes’ article headline read “The CEO who caught the Chinese spies red-handed” and compares Mandia to Amazon Founder Jeff Bezos. It also put a target on the ex-Air Force CEO and his company, with him even joking to the New York Times journalist “if anything happens, I expect to be avenged properly”, during their interview before publication.

A decade later, however, Mandiant is still going from strength to strength, now a part of one of the world’s foremost digital companies and still headed by Mandia, manning the front lines of the ever-expanding digital world.

“ DATA SECURITY AND DATA MANAGEMENT LEADERS MUST WORK HAND - INHAND TO KEEP BAD ACTORS IN THEIR PLACE”

Sam Linford

Cyber Magazine speaks with Deep Instinct's Sam Linford on reducing the cycle of stress in security teams and using AI to reduce productivity challenges

Q. TELL ME ABOUT DEEP INSTINCT AND HOW IT HOPES TO REDUCE STRESS IN SECURITY TEAMS?

» Deep Instinct, founded in 2015, is the first company to apply end-to-end deep learning to cybersecurity. Our deep-learning framework is one of only six in the world, and, furthermore, is the only purpose-built deep-learning framework dedicated to cybersecurity. Through our deep-learning solution, we shift organisations’ focus from responding

to cyberattacks to preventing them, preexecution. Our deep-learning brain can also go one step further by stopping zero-day malware and ransomware threats, with both superior accuracy and speed compared to other endpoint protection platforms (EPP).

Thanks to our advanced solution, we are able to take the stress and pressure off security teams by stopping the fastest cyber-attacks before they enter the network or compromise endpoints, causing irreversible damage.

Q. WHY IS THERE SO MUCH STRESS AND PRESSURE PLACED ON THE C - SUITE, AS WELL AS THE FEAR FELT BY THOSE WHOSE DECISION IT IS TO PAY RANSOM DEMANDS?

» The cyber-threat landscape has grown exponentially, and the task of protecting networks against sophisticated cyber-attacks becomes increasingly difficult. Ultimately, the pressure felt by cybersecurity professionals has resulted in them not only leaving their employer, but the industry itself.

Deep Instinct’s research has shown that 49% of UK professionals have considered quitting the industry due to stress, with the unrelenting threat from ransomware and the fear of the next supply chain attack the primary factor. Compounding the situation, nearly half felt their stress had measurably increased over the last 12 months.

It is not only the fear of when an attack will come, but the pressures exerted when a ransomware attack hits. When ransomware attacks breach an organisation’s network, correct decision-making is crucial – it can be the difference between an enterprise surviving a cyberattack unscathed or it costing millions. This pressure normally ends up falling into the laps of C-suites and security leaders, and, unfortunately, not all can handle the pressure.

Q. HOW CAN ORGANISATIONS STOP A CYCLE OF STRESS AND PREVENT THEMSELVES FROM BECOMING THE VICTIMS OF RANSOMWARE ATTACKS IN THE FIRST PLACE?

» Clearly, the mindset of reacting to and mitigating cyberattacks is not working – ransomware attacks are continuing to grow in number, and this is pushing people away from the cybersecurity industry. EDR tools that work on a reactive and mitigation approach are increasingly being evaded by the latest malware and techniques used by threat actors, and these solutions alone are therefore not enough to guarantee protection against such attacks.

As such, organisations should flip their mindset by looking to prevent ransomware attacks: having a preventionfirst cybersecurity strategy means that security teams are able to stop ransomware attacks before they encrypt files and data. This would immediately lift the stress off security teams, as they would no longer feel like sitting ducks waiting for the inevitable ransomware attack to hit and wouldn’t have the pain of trying to recover their stolen data.

Once there is acceptance, you then need to start implementing solutions that will help encourage a prevention-first strategy.

AI has proven to be an extremely useful tool in shifting an organisation’s mindset towards prevention-first. There is a consensus among cybersecurity professionals that AI-enabled tools are highly effective against sophisticated ransomware attacks.

Our research has backed this claim up, with 47% agreeing that “they need greater automation through AI/ML to improve security operations”, and 79% saying they would rather depend on AI than humans to hunt threats.

“AI HAS PROVEN TO BE AN EXTREMELY USEFUL TOOL IN SHIFTING AN ORGANISATION’S MINDSET TOWARDS PREVENTION-FIRST”

Q. WHY IS AI RECOGNISED AS HAVING THE POTENTIAL TO REDUCE CRITICAL PRODUCTIVITY CHALLENGES? WHAT CHALLENGES CAN IT HELP WITH?

» While conventional machine learningbased security can provide support against known threats, it does have its limitations when it comes to zero-day threats and false positive rates.

Therefore, organisations need to look towards advanced AI-based solutions such as deep learning, which can accurately prevent ransomware threats in real time with little human input. Deep learning is developed through neural

“IT’S NOT ONLY THE FEAR OF WHEN AN ATTACK WILL COME, BUT THE PRESSURES EXERTED WHEN A RANSOMWARE ATTACK HITS”

networks that are designed to mimic the human brain. The neural networks are trained on massive sets of raw data samples consisting of millions of files, with the deep-learning “brain” independently teaching itself to detect which files are malicious and which ones are benign.

This results in the extremely intelligent system being able to stop the fastest known ransomware attacks in less than 20 milliseconds – even including unknown and zero-day threats. By preventing ransomware attacks, security teams can finally end the stressful situation of detection, response, and mitigation.

Q. WHAT'S NEXT FOR DEEP INSTINCT?

» Deep-learning technology has recently come into the mainstream with some of the biggest tech giants – such as Google, Netflix, Amazon, and Tesla – now using it to support their services. As we continue to develop deep learning, cybersecurity will be seen as the natural evolution of the technology.

We at Deep Instinct will continue to push the message of using deep learning to help support a prevention-first mindset. We will continue to adapt the solution to fight against future cyber threats across endpoints and also data in transit with our new Prevention for Applications solution.

79% OF RESPONDENTS SAID THEY WOULD RATHER DEPEND ON AI THAN HUMANS TO HUNT CYBERSECURITY THREATS

SAP’s Sam Castro on AI and risk resilience in manufacturing

SAP’s Sam Castro is a solution manager for Digital Manufacturing. He tells us about AI, risk resilience and supply chain sustainability

SAP is a global software provider and a leader for enterprise business process software, including solutions to manage supply chains. SAP provides technologies, supports the cloud and cloud platform environments, as well as artificial intelligence/machine learning (AI/ML) libraries, robotic process automation (RPA) and in-memory technology for high-end computers. SAP’s solutions for manufacturing execution and insights are part of a portfolio of products for supply chain management and leverages these technologies.

“We're an enterprise business software and a technologies company,” says Sam Castro Senior Director, Solution Management, LoB Digital Manufacturing.

Castro is a Senior Director at SAP and a part of the line of business manufacturing solution management team. The line of business covers the 27 manufacturing industries for which SAP provides software solutions.

“All of those industrial companies have needs around operations visibility, control and reporting,” Castro explains. “The different industries have different targets that they're after. Some are heavier on the asset side, some of them are heavier on product quality and yields, others are all about logistics and moving products around on-time through the supply chain.”

SAP is met with a diverse set of requirements and needs from its customers. Solution management takes these industry needs and applies them to market direction and invests them in the portfolio.

“We provide guidance on where to focus and the emphasis for development, and that strategy big picture where we want to take the products,” Castro explains.

In college, Castro completed a Bachelor's in computer engineering and a Master's in computer science at the Rochester Institute of Technology (RIT).

“I came from the hardware bridge to the software bridge very naturally after graduating,” says Castro. “I was dropped into the manufacturing floor because that is exactly where the hardware automation side bridges over into the software.”

He was faced with a great deal of information and digital signals from the automation layer and was tasked to turn it into information — how does SAP make that translation?

“I started at the very lowest level and moved my way through Lighthammer Software, which was acquired by SAP back in July 2005,” says Castro. “I worked my way through SAP into the role that I'm in today.”

“Being a sustainable enterprise means that you're an efficient enterprise”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

SAP and RTS deliver on the “Factory of the Future” with SAP’s Digital Manufacturing Cloud

Reap the benefits of SAP’s shopfloor manufacturing execution system (MES) for your overall manufacturing process.

Enabling a new level of production continuous improvement, from raw materials to finished goods, while achieving Industry 4.0 benefits:

y Increased product quality

y Increased profitability

y Waste reduction

y Better staff utilization

y Easier regulatory compliance

y Increased customer satisfaction

Reach out to us for a consultation on how Industry 4.0 and Digital Transformation can help you achieve the “Factory of the Future”.

SAP’s Sam Castro on AI and risk resilience in manufacturing

actually add up to, and how that impacts the business financially, is one of the key topics around what customers will hear about resiliency from SAP, says Castro.

“Sustainability is an overlay to that, sustainability is a byproduct of efficiency,” says Castro. “Being a sustainable enterprise means that you're an efficient enterprise. If things are running effectively, things are running safely, and in a very energy-friendly manner as well.”

Castro views the impact of the cloud on manufacturing as a positive one.

“There are benefits for the IT team from a maintenance perspective and a continuous update and management of that software package,” he explains.

Cloud users are not dealing out of sync or outdated documentation, they’re not dealing with security issues that creep into the environment over time. Updates and patches are handled in real-time by the

cloud hosting and software provider, that SaaS provider in the cloud environment. Castro views offloading that burden from the manufacturing layer and the IT teams that support them centrally and locally as a big deal for organisations and businesses.

“It keeps that barrier to entry for managing efficient production and tracking off of those teams, and it puts it firmly on the shoulders of the software provider. What does that mean for the business? It means that the end users aren't working with stale software. You're not working with software that has a UI from 15 years ago. You're not working with an ad-hoc analytical environment that used to be cool but now uses plug-ins and stuff that your browser doesn't support and ultimately causes it to have problems,” Castro explains.

As businesses are not dealing with these issues from the end user perspective,

Risk resilience and sustainability in the supply chain

When you talk about risk resilience at SAP, it’s about how to handle the real world, not setting up a plan and adhering to it day in and day out.

“You would like it to be like clockwork, for sure,” says Castro. “Where everything always aligns and meshes the way that it's supposed to all the time, every second. But we know that's not always the case.”

Weather events, pandemics, labour shortages or large sporting events can cause

“Here are the enablers of AI and ML type algorithms that you can use and put together how you see fit”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

supply chain issues. For Castro, resiliency is the byproduct of having to have to handle these off-topic or out-of-sync scenarios and the ability to detect that you're out of sync with the original plan and react to it in a coordinated manner.

“The faster you can do that, the faster you can correct that problem,” says Castro. “Then you’re able to identify how often those deviations occur — that frequency of occurrence, that is your opportunity.”

Being able to quantify that opportunity and understand what those little deviations

SAM CASTRO

TITLE: GLOBAL VICE PRESIDENT, CENTRE OF EXCELLENCE

INDUSTRY: MANUFACTURING

LOCATION: PENNSYLVANIA, US

Sam Castro joined SAP in July of 2005 with the acquisition of a small company called Lighthammer. He was responsible for implementation consulting, field enablement, custom development, and training for the core products (Illuminator, Xacute, UDS, CMS). These products have since evolved into the core SAP Connected Manufacturing products (Mfg. Integration & Intelligence or MII and Plant connectivity or PCo) that you see today.

EXECUTIVE BIO

Sam is now part of SAP LoB Manufacturing Solution Management group, which is directly responsible for strategy, direction, and customer adoption of all of the manufacturing products at SAP. He is specifically responsible for Industrial Analytics, that is SAP MII, Digital Manufacturing for insights, and Digital Manufacturing for execution, and he is the solution owner for Process MES products. In this role, he is actively working on mid- and long-term features and deliverables and how they are positioned with the broader SAP portfolio; he also provides guidance for product development investment.

they're able to take advantage of a very modern, easy to consume and use software experience and focus on their core business functions.

“Despite not directly interacting with it, the work around you is what's driving that environment for you,” says Castro.

“You're not putting that burden of three or four extra clicks on somebody, this is just software that's being driven from digital signals; from integration, automation, and the tasks that the operator is performing.”

This newer approach to software design is how SAP leverages the industry investment companies have made and it is what's ultimately reducing the impact that end users have on that environment themselves.

How manufacturers can focus on business value versus technology

There are different pillars within organisations, which have their own priorities. CEOs, CIOs, CTOs and CFOs are all working together and have overlapping needs that drive different business cases. But they need to have the right information at the top layer to make the right decision for the lowest layers within the organisation. This doesn't happen unless there is a framework in place for the distribution and analysis of the data that is generated, from the very edges of the manufacturing and supply chain processes to the shop floor.

“If you don't have a way for that information to work its way up to the top, organisations really struggle to understand where the priority needs to be,” says Castro.

For manufacturers to focus on business value versus technology, Castro believes that they need to intelligently manage profitability

and investments. As a result of that additional profitability, they also need to protect that inflow of money and profitable behaviour for the company.

“Is that a CapEx investment? Is it an OPEX investment? Is it better granularity on product quality and an emphasis on quality for certain products or certain areas within a process that are very tricky and cumbersome?” asks Castro. “Maybe it's a new product that you're introducing and as a result, that process isn't fully stable yet. What is the emphasis in how much we put into that project to stabilise it? Those are the goals that are very coveted from the C-suite down, but they really are reliant from all edges of the supply chain and having that information roll all the way up.”

“Sustainability is an overlay to that, sustainability is a byproduct of efficiency”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

SAP MII and ME 24/7 Support

With your SAP MII and ME system being paramount to achieving high-performance manufacturing, let RTS support your shopfloor solution to maintain peak plant operating performance at all times.

Our experienced and knowledgeable staff provide quick support response on a 24/7 basis. RTS not only provides support but will also deliver:

y System upgrades to newer versions

y Modifications to your existing MES solution

y Adding completely new capabilities to your existing system

y IoT connectivity

Reach out to us for details on how we can “support and service” your existing SAP MII and ME shop floor solution.

SAP DMC, ME, MII, it’s all we do!

Enterprise-led manufacturing follows in tune with this exactly.

“The enterprise has to provide guidance to the manufacturing and supply chain teams as a whole,” says Castro. Where they want to see improvements and how much they're willing to invest in those improvements, what's it worth? How do you build that community up?”

To understand the role that manufacturing plays in an organisation’s reinvestment strategy, you must first understand where it matches up with other locales in the manufacturing environment.

“Manufacturing isn't just a single-faceted environment. It's often made up of plants that have been around for a long time, some

that were built up by your own organisation, some that came into the organisation through acquisition,” says Castro. “So you see different heritages and mentalities. They have this communal approach for how the plant manager wants to lead that group in the business forward.”

SAP’s AI standardisation journey

At SAP, being able to take advantage of AI standardisation in a universal way is important.

“You can take and apply these very technical algorithms in order to get information off them. Here's the technology, here are the enablers of data, here are the enablers of AI- and ML-type algorithms that you can use and put together how you see fit,” says Castro. “Then that carries over into the

application side, which says, we know we have these technologies, we know that this data is being generated from our transacting processes, so we have our own structured analytics pieces and now we can use these structures to drive our own models to influence our execution process.”

SAP has global partners, as well as local partners, who rely on its technology. When Castro talks about partnerships, he does not put one partner over another.

“We try to keep the community as open as possible,” he says. “We try not to promote one partner over another, because they're all very important to us.”

The openness of SAP and the openness of its software is for its customers to take advantage of, but also for their partners to put their own industry expertise behind.

“It is what gives SAP the power that we have to leverage in our own technologies to leverage partner-led innovation using those technologies to intelligently power our applications.”

“ You want it to be like clockwork, where everything always aligns. But we know that that's not always the case”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

ZERO TRUST HAND - INHAND WITH THIRDPARTY RISK MANAGEMENT

Third parties – a necessity for modern business –can make organisations vulnerable to data breaches and other security incidents. Enter zero trust

Working with third parties is a necessity for modern businesses. These relationships are critical to business success – delivering affordable, responsive and scalable solutions that can help organisations to grow and adapt according to the needs of their customers. But as reliance on third parties grows – according to Gartner, 60% of organisations now work with more than 1,000 third parties – so does the exposure to additional risk.

Third parties, such as vendors, partners, or service providers, often have access to an organisation's sensitive information, systems and networks. This access can make organisations vulnerable to data breaches, cyber attacks, and other security incidents, especially if the third party's security controls are insufficient or if the third party is targeted by cybercriminals.

Additionally, third parties may have their own vulnerabilities that could be exploited to gain access to an organisation's network. By identifying and managing third party risk, organisations can better protect themselves against cyber threats and ensure that their sensitive information and systems are secure.

A survey from the CyberRisk Alliance and SecurityScorecard found that over a third of respondents had at least 100 thirdparty vendors. Of those, 91% said they had experienced a related security incident.

To benefit from the rewards strong third-party relationships can offer, it’s vital for organisations to manage the risks. That is where a rigorous Third Party Risk Management (TPRM) programme comes in.

Today, businesses inherit the cyber-risk posture of not just their direct, third-party vendors, but also of their vendors’ vendors – often known as ‘Nth party’.

A report by The Ponemon Institute explains that while many businesses continue to outsource critical business processes to third parties, 63% of organisations don’t have visibility into the level of network access and permissions for internal or external users, and have a limited-

“INCREASINGLY, IDENTITYCENTRIC ZERO TRUST FRAMEWORKS WILL BE THE BEST CHOICE FOR ANY SECURITY-CONSCIOUS ORGANISATION”

MARC ROGERS EXECUTIVE DIRECTOR OF CYBERSECURITY, OKTA

to-no view of who or what has how much supervised/unsupervised access and why.

Meanwhile, according to research from PwC, 86% of business leaders said that complexity in their organisation was creating concerning levels of risk, with third-party cyber risks a glaring blind spot.

The importance of zero trust

Enter zero trust. By ensuring that all access to a network or system is verified and

authenticated – regardless of whether the request is coming from inside or outside the network – implementing a zero-trust approach helps to prevent unauthorised access and reduces the risk of a data breach or other security incident caused by a third party. Additionally, zero trust can help organisations to more effectively monitor and manage their third-party vendors and partners, allowing them to better identify and mitigate risks.

Start Today

According to Third-Party Risk and Cybersecurity Program Management provider ProcessUnity, in the third-party risk management context, a zero-trust strategy generally involves ensuring that the organisation has comprehensive controls in place to limit vendor access to the minimum resources required to perform the job.

Zero trust can minimise vulnerabilities created by insufficient security practices of outside vendors, with continuous verification ensuring that compromised vendors are notified immediately, in near real-time.

“Increasingly, identity-centric Zero Trust frameworks will be the best choice for any security-conscious organisation,” says Marc Rogers, Senior Director Cybersecurity

Third-party risk

Though an organisation may have strong cybersecurity measures in place and a solid remediation plan, outside parties, such as third-party vendors, may not uphold the same standards. According to cybersecurity software company UpGuard, these third-party relationships can increase vulnerabilities by providing an easier way for potential threats to attack even the most sophisticated of security systems.

Strategy at Okta. “The principle of Zero Trust architecture is simple: all network traffic should be considered untrusted until validated. Using this ‘don’t trust, always verify’ approach is particularly helpful when managing remote and hybrid workforces, especially as the threat of ransomware continues to grow.

“We’ll increasingly see organisations switch to a Zero Trust approach in the coming years,

CYBERSECURITY

with security-conscious sectors such as financial services having already made the leap,” Rogers predicts. “In Okta’s State of Zero Trust report, 100% of financial services organisations said they planned to have a Zero Trust initiative underway in the next 12-18 months. This comes after the sector has faced a 35% increase in ransomware attacks, more so than any other industry, according to the latest report by the Anti-Phishing Working Group (APWG).”

Traditionally, security has been a world where there are a number of problems

every time an attack surface expands, describes Vats Srivatsan, President and COO of ColorTokens.

“If you transition some of your processes to the cloud, suddenly the cloud becomes an area that is ripe with a diverse set of attacks,” says Srivatsan. “This means that CISOs are constantly playing Whack-a-Mole, fixing one area of vulnerability, just to ask if they are safe now – and the truth is no one can really tell whether they're safe or not.

“This approach is not sustainable. As a whole, we have tried – and largely failed

– to find a way to keep bad actors, phishers and hackers out. That’s why operating from a place of Zero Trust makes perfect sense.”

Change in culture needed

As Okta’s Rogers explains, many organisations are still unprepared to deal with ransomware – and employee education is key. “Staff need to be empowered to understand all security threats and be aware of the risks created by remote and hybrid working, such as when a family shares passwords, or corporate resources are accessed on personal machines,” he says.

“Employees must understand the dangers as well as the reasoning behind measures such as Zero Trust, so they’re not tempted to bypass security for the sake of convenience. However, it's equally important that security is designed in such a way that it complements user behaviour and empowers them to do their jobs rather than just add additional, often unnecessary friction.”

“Gartner has released predictions for cybersecurity that found that by 2025, 60% of organisations will use cybersecurity risk as a determinant in conducting third-party transactions and business engagements, effectively making security threat resistance a differentiator in the market,” concludes Srivatsan.

“Therefore, the time for businesses to get serious is now. Businesses need to start putting measures in place to prevent breaches, identifying and allowing only trusted transactions so that bad actors can’t take advantage of an undefined circle of trust. That starts with a Zero Trust security architecture and defining where the circle of trust is.

“Keep in mind that Zero Trust is a journey, however, you need to define your starting point now.”

“AS A WHOLE, WE HAVE TRIED – AND LARGELY FAILED – TO FIND A WAY TO KEEP BAD ACTORS, PHISHERS AND HACKERS OUT. THAT’S WHY OPERATING FROM A PLACE OF ZERO TRUST MAKES PERFECT SENSE.”

VATS SRIVATSAN PRESIDENT AND COO, COLORTOKENS

How Headspace Health created a culture of cyber awareness

Headspace Health is changing the way the world thinks about mental healthcare, delivering beloved meditation and mindfulness exercises and one-on-one care anytime, anywhere.

In 2021, Headspace and Ginger joined forces to form Headspace Health, the world's most comprehensive and accessible mental healthcare platform. In the midst of a growing mental health crisis, Headspace Health set out to democratise mental healthcare so people everywhere could get the care they need when they need it. Today, Headspace Health touches nearly 100m lives worldwide through its brands Headspace, Ginger, and Headspace for Work.

Puneet Thapliyal is the Chief Information Security Officer at Headspace Health. Joining the company in 2016 when it was a Silicon Valley startup, and had zero revenue and zero customers, Headspace is now a company of more than 1,100 people, with revenue of hundreds of millions of dollars.

“It's been an incredible journey and a great opportunity, and I feel lucky to be part of this journey,” he says. “Prior to starting at Headspace Health, I was CEO of my own security product company called Trusted Passage. I wanted to be part of a company that has a large impact on the world, and I got introduced to Ginger in 2016.

“When I talked to the founding team, I was very impressed by the vision they

Headspace Health is on a mission to change the way the world thinks about mental health. But to protect users’ data, innovative solutions are needed

How Headspace Health created a culture of cyber awareness

had of solving mental healthcare for the whole world. I wanted to be part of the journey, and that was how I got into digital healthcare,” adds Thapliyal. “The company itself was building a tele-mental healthcare platform, which just five or six years ago was unheard of. I wanted to contribute as much as possible to make it a reality and, fast forward to today, it's a very mainstream offering.”

On a mission to solve mental healthcare for everybody in the world, Headspace Health offers a whole spectrum of services, from mindfulness tools to CBT, coaching, therapy, and psychiatry. The service starts with the mobile app, which helps users with meditation and helps users build good daily habits around sleep breathing.

“That is a consumer offering, so anyone could go to the app store and download and start using that and help themselves get

“OUR CORE MISSION IS TO BUILD A SERVICE WHERE MENTAL HEALTHCARE IS EASILY ACCESSIBLE TO EVERYBODY IN THE WORLD. WE WANT TO SEE A WORLD WHERE MENTAL HEALTH IS NEVER AN OBSTACLE FOR ANYONE”

better,” Thapliyal comments. “Beyond that, if you need a little bit more help, then you are able to talk to a life coach, through text and video, for your subclinical needs.

“If you have a certain situation where you need clinical help, then you are able to elevate the service level to clinical where you can now schedule time with a therapist or psychiatrist, get medication, or whatever it takes to get you into a better state from a mental healthcare standpoint,” he explains. “That's the vision of the company: to focus on outcomes and to make sure anyone who comes and uses our service is able to get better from a mental healthcare standpoint.”

Helping remove the mental health stigma

Millions of people worldwide are living with a mental health condition, not helped by the COVID-19 pandemic which exacerbated mental health concerns, with a study by the Kaiser Family Foundation finding that nearly half of adults in the United States reported symptoms of depression or anxiety during the subsequent global lockdowns.

According to Headspace Health, mindfulness and meditation can positively impact mental and physical health, whether by reducing stress, improving sleep, increasing focus, or improving relationships.

“Our core mission is to build a service where mental healthcare is easily accessible to everybody in the world. We want to see a world where mental health is never an obstacle for anyone,” Thapliyal says.

Building this world is a huge challenge.

According to a recent World Health Organisation study, about one in eight people – a billion people worldwide – suffer from some kind of mental health disorder. Of those, Thapliyal comments, about 75% of them never even get any help for their mental healthcare.

PUNEET THAPLIYAL

TITLE: CHIEF INFORMATION SECURITY OFFICER

INDUSTRY: MENTAL HEALTH CARE

LOCATION: CALIFORNIA, US

Puneet is the Chief Information Security Officer at Headspace Health where he heads up overall strategy and direction of product and IT security as well as member data privacy. He is a seasoned cybersecurity and networking executive with previous stints at Yahoo! and Oracle. Puneet is an active member of the OWASP, Cloud Standards Customer Council (CSCC) and Cloud Security Alliance (CSA) where he actively contributes towards security emerging research topics such as the Software Defined Perimeter (SDP) and Cloud Standards activities. He has extensive experience with cloud security and has helped build one of the first Firewall As A Service (FAAS) offerings. He holds multiple technology patents including in the areas of Web App Security and Multicast Protocol Congestion Control.

EXECUTIVE BIO

Puneet earned an undergraduate degree in Computer Science from HBTI, Kanpur and a masters degree in Computer Science from Rensselaer (RPI), NY.

“WE ARE SEEING AN UPTICK IN MALICIOUS ACTIVITY IN THE HEALTHCARE INDUSTRY. FOR EXAMPLE, THE HEALTHCARE INDUSTRY IS BEING TARGETED BY RANSOMWARE MORE THAN ANY OTHER INDUSTRY”

PUNEET THAPLIYAL CHIEF INFORMATION SECURITY OFFICER, HEADSPACE HEALTH

“That's a huge number, which has been exacerbated by the COVID-19 situation and the lockdowns,” he adds. “So, the core mission is to get our care services available to as many people in the world as quickly as possible, so that we can build a happier, healthier world.”

By making services available to more people, organisations such as Headspace Health are helping dispel stigmas associated with mental health. Figures by the National Attitudes to Mental Illness Survey show that people’s willingness to have contact with someone with a mental health problem has improved by 11% since 2009, while attitudes towards people with mental health problems improved by 9.6% in the same period.

“The fact that we've been able to contribute a little bit towards removing the stigma or taboo associated with mental healthcare, by bringing this very accessible platform and the service that we have, is a proud moment for me,” explains Thapliyal. “We've been able to actually move the needle in the last several years, and a whole team has been part of that, the founding team of the company, the executive leadership team and everybody else in the company who has joined the company with this mission in mind.”

The importance of cybersecurity and data privacy

While cybersecurity is important for every company in the world today, it is even more important in the healthcare industry. Technology has transformed modern healthcare but bad actors mean that there are unique risks when it comes to virtual mental health services.

“Healthcare is one of those industries where cybersecurity and data security are extremely important,” comments Thapliyal.

in the healthcare industry. For example, the healthcare industry is being targeted by ransomware more than any other industry.

“On top of that, we are a single-purpose mental healthcare service provider, and in many of the regulations, including the Health Insurance Portability and Accountability Act (HIPAA) in the US, mental healthcare data is called out separately, from a security and privacy standpoint.

“We are highly aware of that, and we feel like that's a huge responsibility,” he explains.

“The company has always had an extremely strategic focus on cybersecurity from the very beginning. We have built a very mature programme, and now we are morphing it from just purely cybersecurity to a very privacy-focused programme as well.”

As Thapliyal explains, part of Headspace Health’s success from a cybersecurity standpoint is the creation of a culture where everyone is aware of the importance of security and privacy.

“Unlike many other companies and industries, mental healthcare is one of those domains where privacy is super important for everybody, including our patients, user members, and our clinicians and coaches. Everybody in the company is highly aware and sensitive about preserving privacy,” he describes.

“The whole cybersecurity industry is still learning how to build that culture of security, which permeates through the whole organisation and is not just limited to the InfoSec teams or the IT teams or engineering teams. It's a challenge, and it requires a thoughtful approach. When we onboard a brand new employee, for example, we focus on cybersecurity from day one. That's where the journey starts for a new employee, and then it has to continue throughout their time at the company.”

But, as Thapliyal explains, relying on training alone isn’t enough. Highly compliance-driven training can quickly become repetitive, so keeping everyone engaged is critical.

“We have a strategic plan in the InfoSec team to drive engagement within

the company to spread awareness of cybersecurity,” he adds. “These are from the small little things, from having a shared Slack channel, which we fondly call the ‘tinfoil hats channel’, where everyone is able to voice cybersecurity or privacy concerns, to more mature programmes such as our Security Insiders Programme, which involves deeper engagement, where every department volunteers a couple of team members to engage with the InfoSec team.”

All of this is about instilling a culture of cybersecurity awareness at all levels of the organisation, Thapliyal comments.

“We have now built out a programme where we depend on some of these security insiders to fulfil InfoSec requirements and instil this culture of cybersecurity awareness in their respective teams,” he says. “Those are initiatives where we need to be focused,

According to research by Headspace Health, 32% of users benefit from a decrease in stress after 30 days of using the service. Meanwhile 22% of users show an increase in focus after one session, while 19% benefit from a decrease in anxiety symptoms after eight weeks.

we need to put the right resources, we need to fund it, and that's how we've been able to achieve this sense of heightened awareness around cybersecurity in the company.”

Extra focus on third-party risk

Healthcare providers, along with businesses around the world, are increasingly relying on third-party vendors to carry out their dayto-day operations. But while working with vendors has a range of benefits, the practice can also introduce information security and vendor compliance risks.

Research by the Ponemon Institute has found that 54% of third-party respondents had at least one data breach involving protected health information (PHI) over the last two years, while 41% of third-party respondents had six or more data breaches during the same two-year time frame.

“Our third-party ecosystem is extremely important,” comments Thapliyal. “We are in a new world. We call our company a SaaS-first company, meaning given a problem business challenge, we first go and look for a SaaS service provider that can help solve that.

“This is very different from how traditional healthcare companies operate, where they

run their own data centres and maintain their own networks,” he explains. “Since we are operating in SaaS-first principles, that – by the very nature of it – means we are dealing with a lot of third parties. As a result, dealing with all these vendors and third parties requires us to put extra focus on third-party risk management (TPRM).

“We have a team which is helping in our third-party assessments on a continuous basis, not just at the beginning of the contract,” he adds. “We have deployed tools to help with that, making sure our TPRM team is well-equipped to perform the access reviews at scale. And then we also categorise our vendors to the sensitivity of what data we might be transacting with them. So we have an extra special focus on any vendor that might transact with our PHI or personal identifying information (PII).”

An important part of Headspace’s operations, the business is continuing to improve its TPRM processes through technology investments.

“One such vendor we recently onboarded is called Privado,” says Thapliyal. “They are really

“MENTAL HEALTHCARE IS A DOMAIN WHERE PRIVACY IS SUPER IMPORTANT FOR EVERYBODY, INCLUDING OUR PATIENTS, USER MEMBERS, AND OUR CLINICIANS AND COACHES”

PUNEET THAPLIYAL CHIEF INFORMATION SECURITY OFFICER, HEADSPACE HEALTH

helping us with maturing our secure software development lifecycle (SSDLC) and making sure we are not, for example, unnecessarily tracking users on our websites or on our mobile apps, and that we're not sending any PII or PHI to unapproved third parties.

“There has recently been a lot of focus in the media on apps that are doing nefarious things. We don't want to be in that business at all – that's not where we are. But we need to still build the tools to prevent any accidental sharing or tracking. So that's where Privado comes in as a big partner, for us, structurally built into our SSDLC, and we're very excited about how our partnership will shape up in the future.”

Looking at the big picture in challenging economic times

Since tech startup Ginger and Headspace merged in 2021, there has been what Headspace Health CEO Russell Glass described as a ‘staggering’ increase in demand. Ginger reported demand for its services increased threefold during the pandemic. But what does the future look like for Headspace Health?

“To answer that, we have to take a step back and look at the big picture, what's happening in the industry today,” comments Thapliyal. “There are a lot of macroeconomic factors in play, within the US and other parts of the world. There is

constant chatter around a slowdown in the economy and a recession, and then most recently in the US, we have seen companies take corrective actions to right-size their companies. A lot of layoffs have been announced by the likes of Facebook and Twitter and all the large companies.

“The general sense is that tough times are coming and we need to hunker down and prepare for that, and whoever does a better job in preparing for that will come out as a successful company on the other side.”

In a challenging economic environment, what is clear however is that the most important thing is to focus on the health and wellbeing of Headspace’s users.

“Given that broader context, our board and our executive team have given the directions to be very mindful,” Thapliyal explains. “We are trying to take this as an opportunity to refocus on doing less and doing better. So that's how we are changing our strategy as we go into 2023.

“What that means to the company as a whole is that we will continue to get better and offer more features and more services in the coming years,” he concludes. “The focus will be on what we call members first, meaning anything that we do should ultimately benefit our patients.”

mid the current surge of technological innovation, businesses need to strike a careful balancing act.

It’s a case of adopting pioneering new technologies to keep pace with the rest of the industry, while still implementing the required security strategies to match. But how can businesses prepare themselves for threats that they are completely unfamiliar with?

Are mobile companies sufficiently prioritising cybersecurity?

According to the Equinix 2022 Global Tech Trends Survey – which interviewed 2,900 global IT decision-makers – 47% of global tech companies said they plan to use the cloud to facilitate their global expansion plans. Within the swathe of findings, the survey clearly demonstrates that 5G, XaaS models, and cloud storage remain at the forefront of expansion strategies.

72% of respondents said that their organisation is planning to expand in the next year, with 38% saying that their companies plan to expand into a new region entirely. Almost half (47%) of global respondents said they plan to facilitate global expansion plans by deploying the cloud.

WHEN THE BASICS OF 5G ARE ONLY JUST BEING UNDERSTOOD, HOW CAN BUSINESSES BRING THEIR SECURITY SOLUTIONS UP TO SCRATCH, AT THE SPEED REQUIRED?

Enabling

educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience.

To achieve this planned expansion, digital transformation plays a pivotal role. Within this survey, 59% stated their intent to increase their investment in interconnection services, and 71% of respondents plan to move more business functions to the cloud. And, of those respondents, 50% plan to move more of their business-critical applications to the cloud.

Among the answers provided by respondents, significant concerns were raised about cybersecurity. In fact, 85% named improving cybersecurity as a key component of their digital-first strategies, while 83% expressed a need to future-proof their business. The most feared cybersecurity threats named were cyberattacks, security breaches and data leaks (all of which were expressed by 70% of respondents).

If we take a look at this on an industry-byindustry basis, it would seem that progress towards the required level of cybersecurity is slower than expected. For instance, a report from Capgemini revealed that 51% of industrial organisations predict that there will be an increase in smart factory cyberattacks within the next year. Despite this, almost half (47%) of organisations have yet to classify cybersecurity in smart factories as a C-level concern. In light of the fact that manufacturing overtook financial services as the most attacked sector last year, this slow response is both surprising and concerning.

“LIKE ALL OTHER INDUSTRIES, TELECOM PROVIDERS ARE UNDER A CONSTANT BARRAGE OF CYBERATTACKS. THIS MEANS IT’S A QUESTION OF WHEN, NOT IF, A BREACH OCCURS”

The discrepancy between technology’s adoption, and the industry’s current data-security skills

New technology – enabled by 5G – is being adopted at a rapid pace. “About 55% of the CEOs that we talk with say that, by 2026, well over 50% of their business will be new products that they don’t actually have today,” commented Inderpal Bhandari, the Global Chief Data Officer of IBM.

“Pre-pandemic, when we talked with CEOs, there was just a small percentage that thought of digital transformation as important. Then the pandemic hit and, over the course of about a year, we saw (in our customers at IBM) that the awareness at the CEO-level went through the roof. And we’ve probably had as much digitisation in the last year, year and a half, as we’ve had in the previous 10.”

While this will open up a wealth of opportunities for the sector – and enable businesses to expand across the globe more seamlessly than ever before – there are a number of obstacles in the way. And, if these are not overcome first, there is the risk that businesses will be vulnerable to serious cybersecurity risks.

The Capgemini report identified that internal disconnect and poor collaboration are key blockades to stronger cybersecurity measures. In fact, 53% of respondents

mentioned a disconnect between the C-suite and smart factory leaders, saying that the lack of collaboration between smart-factory leaders and CSOs is hindering the organisations’ ability to detect cyberattacks early.

Another is the cybersecurity skills gap –a growing concern that is being felt across a number of areas in the industry. There is a limited amount of upskilling within cybersecurity teams, who will need to quickly develop their knowledge to manage these new types of threats.

Mitigating the unknown – how can companies successfully prepare themselves for the next wave of data security risks?

Firstly, if a business is implementing a 5G mobile network, then the architecture and infrastructure will need to be designed with cybersecurity in mind. It’s a case of adopting a security mindset, right from the outset.

“Securing a 5G network starts with securing the servers. Security needs to be built-in, not bolted on after the fact. This includes at the hardware and firmware level by leveraging an immutable Root-of-Trust that can be used to verify subsequent operations within the server. Building-in security in this way goes a long way to helping keep the broader 5G network secure when one location is breached,” advises Sonya Mathieu, the UK

INDERPAL BHANDARI GLOBAL CHIEF DATA OFFICER, IBM

“ABOUT 55% OF THE CEOS THAT WE TALK WITH SAY THAT, BY 2026, WELL OVER 50% OF THEIR BUSINESS WILL BE NEW PRODUCTS THAT THEY DON’T ACTUALLY HAVE TODAY”

Resilience at Dell Technologies.

“Like all other industries, Telecom providers are under a constant barrage of cyberattacks. This means it’s a question of when, not if, a breach occurs.

“Isolating and securing an organisation’s data to protect against these threats is essential to any network strategy. To do this, providers should take advantage of the security provided by an air-gapped data vault that duplicates data behind a secured interface. Data with an air-gapped data vault is literally and wholly isolated

accessible when needed. This solution allows operators to protect themselves when the worst happens and restore operations quickly.”

The knowledge that these attacks could very well (and do) happen is a widespread theme.

James Blake, the CISO at Rubrik, stresses how important it is that businesses also give recovery strategies equal attention. “Ransomware has driven collaboration between IT and security, in more of a resiliency-focused mindset.

“WE NEED TO FOCUS ON IMPACT, BECAUSE WE ARE LOSING THE PREVENTIONAND-DETECTION BATTLE. BUT THAT DOESN'T MEAN WE NEED TO LOSE THE OVERALL BATTLE”

“We need to focus not just on recovery, because recovery is rebuilding from rubble. Resilience is the ability to withstand that attack at a degraded level yet still be able to continue serving business.”

According to Blake, there is an intrinsic flaw with the way that businesses currently perceive, and mitigate, the risk of cyberattacks.

“This is the security model we're all used to – walls and moats. And we build the walls higher and we build the moat wider, but the adversary has the first-mover advantage.”

“We can only learn what they're doing after they've done it. Right? So, if they think of a new way of doing things, there's always a lag. There's always a period where our defensive and protective controls won't work properly. And, as soon as we build those walls higher and the moats wider, they build better boats or Trojan horses.”

To overcome this cyberattack cycle, Blake recommends that businesses divert their budgets appropriately and intuitively, so that they are prepared for the worst-case scenario and equip their business with the foundations to recover from it.

“We spend on average 85–95% of our budgets on likelihood reduction, but we spend about 5–10% of our budgets on impact reduction.”

“So, the way I look at it is, it’s like a cardboard tank: we're spending all this money on likelihood reduction, and all we're doing is making the tank slightly faster, slightly harder to hit. But when you hit it, it’s completely destroyed and causes unbelievable amounts of damage.

“We need to focus on impact, because we are losing the preventionand-detection battle. But that doesn't mean we need to lose the overall battle,” Blake finishes

GLOBAL INDUSTRY FACES AN ARMS RACE OF CYBERSECURITY RISKS

Duelling AI bots, rogue avatars, and digital warfare are just some of the most shocking global cybersecurity events to expect in 2023, say industry experts

Industrial cybersecurity is among the most critical issues facing large and small organisations today. With the increased connectivity of industrial systems to the internet, the threat of cyber-attacks has become an ever-present danger. As a result, organisations must take the necessary steps to ensure their systems remain secure and their data protected.

The money involved is significant –a recent report from Meticulous Research revealed that the global industrial cybersecurity market is expected to be worth US$49.53bn by 2030, according to the report, Industrial Cybersecurity Market by Component, Security Type, End User and Geography Global Forecast to 2030, which attributes the market's growth to the rising demand for advanced cybersecurity solutions, increasing cybersecurity threats and the emergence of disruptive digital technologies.

The report notes that small and medium-sized enterprises (SMEs) are becoming increasingly vulnerable to cybercrime. The adoption of connected

Get reliable network coverage and security protection, fast.

ADVERT PAGE MEDIA SALE

A modern network must be able to respond easily, quickly and flexibly to the growing needs of today’s digital business. Must provide visibility & control of applications, users and devices on and off the network and Intelligently direct traffic across the WAN. Be scalable and automate the process to provide new innovative services. Support IoT devices and utilize state-of-the-art technologies such as real-time analytics, ML and AI. And all these must be provided with maximum security and minimum cost.

This is the power that brings the integration of two cloud managed platforms, Cisco Meraki and Cisco Umbrella. This integration is binding together the best of breed in cloud-managed networking and Security. cisco.com

devices in the industrial sector drives the demand for cloud-based security solutions. Cloud-based security solutions offer advantages such as threat detection, policy enforcement, and flexible architecture, which drive their adoption. The endpoint security segment is expected to account for the largest share of the market, while the industrial manufacturing segment is projected to account for the largest share of the end-user segment.

North America is expected to account for the largest share of the industrial cybersecurity market in 2023 due to increasing government initiatives, growing advanced technologies, and rising cyber attacks in the industrial sector. The report also covers the key players operating in the market, including Fortinet, Cisco Systems, and IBM Corporation, who are collaborating with various organisations to provide enhanced cloud-based security solutions, creating growth opportunities for the market.

“THE CYBERSECURITY ARMS RACE IS AN APT ANALOGY – THE RIGHT SIDE MUST WIN”

MARK HUGHES, PRESIDENT OF SECURITY, DXC TECHNOLOGY

What is in the Dragos 2022 Year in Review

An evolving landscape of threats

The world is seeing an evolving landscape of threats and opportunities to tackle them, according to DXC Technology, and 2023 will be another busy year for the global cybersecurity industry.

“If someone were to tell you that duelling AI bots, rogue avatars and digital warfare would be a staple of 2023, you might not want to leave the house,” says Mark Hughes, President of Security at DXC. “But then cybercriminals are also expected to target critical infrastructure that could see your lights go out at any moment, so the cyber threat could reach you there, too.”

But the fact is that the rate of cyberattacks is increasing, says Hughes.“There are

currently over two million of them per year with an estimated economic cost of US$10.5 tn worldwide by 2025 – up from US$3tn in 2015 and growing 15% per year.”

DXC has forecast five ways the digital security landscape will impact life and business in 2023 and beyond.

The cybersecurity arms race will accelerate Cybercriminals and cybersecurity professionals will use AI in an increasingly sophisticated battle of wits. In the case of cybersecurity defence, AI has been mainly used to identify patterns of suspicious behaviour. Due to the volume of suspicious activity and the number of false positives, cybersecurity staff are often overwhelmed.

The good news is that in 2023 and beyond, we should be able to start automating AI-based security controls and response mechanisms – helping to react faster and more accurately to cyberattacks, reducing possible downtime and protecting personal and business-critical data.

"While AI can automate threat detection and elimination, the underlying processes are based on an understanding of past activity, which will incentivise cybercriminals to come up with new types of attacks," says Hughes. "Keeping pace will be a challenge, especially if quantum computing enters the fray in the coming years, which could see today's defences breached in seconds."

“KEEPING PACE WILL BE A CHALLENGE, ESPECIALLY IF QUANTUM COMPUTING ENTERS THE FRAY IN THE COMING YEARS”

MARK HUGHES, PRESIDENT OF SECURITY, DXC TECHNOLOGY

Watch your wallet in the metaverse

This year is set to be essential for the metaverse, with Meta, Microsoft, Virbela and others counting on virtual worlds going mainstream. However, activity in the metaverse can raise questions around identity; how do you know that the person you think you are talking to is who they say they are? Digital certificates, perhaps built on the blockchain, could help. These certificates could also be used to secure virtual transactions in the metaverse. What is clear is that as the metaverse expands, so too will the risks.

Geo-political cybersecurity attacks will increase

Russia's attack on Ukraine has reminded us in the starkest way possible that warfare is now hybrid and the risks of geopolitically motivated cyberattacks are real.

As a result, many cyber insurance policies are now being written to exclude acts of cyberwar, creating challenges for cyber risk mitigation.

With lingering geopolitical tensions, this threat is set to continue in 2023. In fact, with more than 70 countries due to hold government elections in 2023, it will be a challenging year for cybersecurity defences, as these are events frequently targeted by statesponsored actors. However, businesses can learn from case studies such as Ukraine's 'exemplary' defence against Russian cyberattacks, say researchers.

Cybersecurity attacks will target critical infrastructure

When the lights go out, or the gas is cut, most people are unlikely to think it results from an industrial cybersecurity breach. But Operational Technology (OT) is an

Ransomware risks are growing

Ransomware is cited as the top financial and operational risk to industrial organisations in the 2022 Dragos ICS/OT Cybersecurity Year in Review, which attempts to provide an on-the-ground understanding of what is happening in the industrial space.

The sixth edition of Dragos’s comprehensive report contains the latest threat intelligence on adversary activity targeting operational technology (OT) and recent ICS-specific malware discoveries.

Out of the 57 ransomware groups targeting industrial organisations and infrastructures, Dragos observed, through public incidents, network telemetry, and dark web resources, that 39 groups were active in 2022.

Dragos identified 605 ransomware attacks against industrial organisations in 2022, an increase of 87% over last year.

Manufacturing claimed the highest share, a staggering 72%, but ransomware attacks spanned many industries, including food and beverage, energy, pharmaceuticals, oil and gas, water, mining, and metals.

$49.53bn Estimated value of the global industrial cybersecurity market by 2030, according to Meticulous Research

“THE INCLUSIVITY OF THE CYBERSECURITY SPACE EXTENDS TO NEURODIVERSITY”

MARK HUGHES, PRESIDENT OF SECURITY, DXC TECHNOLOGY

emerging battleground for cyberattacks, with the systems that control and automate factories and civil infrastructure, including power stations and dams, becoming a target.

With ongoing geopolitical tensions, the OT cyber threat will grow in 2023, putting pressure on industries to stay one step ahead by enforcing cybersecurity protection across their operations.

Career opportunities in cybersecurity will grow

There is an estimated global shortfall of around 3.4 million cybersecurity workers. With growing threats from advanced technologies, this number is likely to increase.

The cyber skills gap creates career opportunities for people of all ages and backgrounds. In the UK, for example, there are currently approximately 1,000 cybersecurity opportunities for graduates listed on the GradCracker careers portal.

But it's not just graduates who can benefit. Many companies offer the chance for people to retrain in cybersecurity. "The inclusivity of the cybersecurity space extends to neurodiversity," says Hughes. "For example, DXC's Dandelion Program helps individuals with autism, ADHD, dyslexia, and other neurological conditions to build careers in IT, including cybersecurity. The growth of the cyber threat creates career opportunities for people of all backgrounds."

Cyber threats will continue to increase in speed and complexity during 2023 and beyond, but so will the ability to apply the latest technologies, approaches and talent to tackle them. "The cybersecurity arms race is an apt analogy – the right side must win," says Hughes.

DATA LEADERS HAVE A CRUCIAL AND DEVELOPING ROLE

RANDY BEAN INNOVATION FELLOW, DATA STRATEGY WAVESTONE

We are entering the second decade of data leadership roles like Chief Data and Analytics Officer, with companies depending on skilled teams and technology to make sense of the vast amounts of data they collect. These roles, teamed with the rise of AI, prove that using data-driven insights to drive business outcomes impacts across multiple sectors globally; living in the information age, embracing data is critical.

New Vantage Partners, a Wavestone company, have released the Data and Analytics Leadership Annual Executive Survey 2023, the 11th edition of this C-Executive survey, which was first published in 2012.

The survey was launched in response to a constituency of Fortune 1000 business and technology C-suite executives seeking to understand the transformational impact that data and analytics would have on their organisations and the industry as a whole. It contains findings related to data executives from 116 diverse Fortune 1000 and other leading organisations in 2022, with various industries represented – including healthcare and life sciences, retail and consumer packaged goods, media and entertainment, high tech and telecommunications, government, professional sports, and financial services.

As analytics and AI become integrated into boardroom roles, businesses are placing evermore trust in skilled teams to make sense of vast amounts of data

WRITTEN BY: CHARLIE KING

The results show that data and analytics executives report delivering business value from their corporate data and analytics investments with growing optimism as capabilities mature.

“This year, 91.9% of CDO/CDAOs and data leaders stated that their firms had delivered measurable business value from data and analytics investment,” says the report. “The growing optimism of data leaders is reflected in the projection that 98.2% of firms would see a return on their investments in 2023.”

Leadership requires change and investment

“Some of this change has taken place amazingly rapidly,” says Tom Davenport, Visiting Professor at Saïd Business

School, University of Oxford in the UK, who wrote the report with industry thought leader and author Randy Bean. “The Chief Data Officer role has quickly become much more common over time and across more industries, as has the incorporation of analytics and AI into the role, and the prevalence of Chief Data and Analytics Officer.

“There has been a pronounced shift to offence-oriented activities, such as revenuegenerating and business growth activities, during this short period,” says Davenport, with the report citing 61.8% of companies treating offensive activities as their primary focus while defence remains the priority for 38.2%, statistics that have remained fairly constant over the most recent reports.

“How ready are leading companies to make the changes and investments required to establish data leadership?”

Randy Bean

TITLE: INNOVATION FELLOW, DATA STRATEGY

COMPANY: WAVESTONE

LOCATION: MASSACHUSETTS, UNITED STATES

Tom Davenport

TITLE: VISITING PROFESSOR

COMPANY: SAÏD BUSINESS SCHOOL

LOCATION: MASSACHUSETTS, UNITED STATES

EXECUTIVE BIO EXECUTIVE BIO

Randy Bean is Innovation Fellow of Data Strategy at Wavestone, a global consultancy based in France. He was previously Founder and CEO of NewVantage Partners, a data leadership advisory firm supporting Fortune 1000 clients, which was acquired by Wavestone in December 2021.

Tom Davenport is the President’s Distinguished Professor of Information Technology and Management at Babson College, the Co-Founder of the International Institute for Analytics, a Fellow of the MIT Initiative for the Digital Economy, and a Senior Advisor to Deloitte Analytics alongside working with a variety of established companies and startups in the analytics and AI space.

“The number of companies reporting measurable business value from data and analytics has grown enormously, and the investment in these resources continues to increase even during a potentially uncertain economic climate.”

“The survey and our own observations indicate that data consumption has become much more of a focus in recent years and that companies are using analytics and AI to deliver value from data,” says Bean, “It’s clear that data is driving substantial amounts of business innovation.”

“A new generation of data and analytics professionals are assuming data leadership roles,” say both Davenport and Bean.

“How ready are leading companies to make the changes and investments required to establish data leadership?”

Attitudes vary across companies

Being receptive and open to the everdeveloping technologies surrounding data is key to success in data leadership roles.

“Becoming a data-driven organisation requires time, persistence, and relentless execution and focus,” concurs Bean. “Those organisations that commit to the course while adapting over time tend to prevail –fail fast, learn faster.”

The report finds 54.2% of the companies state that responsibility for data falls to the CDO/CDAO, while 18.3% presented

no single point of accountability within staff – a decrease from 28.4% five years ago. “A relatively small but steady percentage of organisations (12.5%) continue to place corporate responsibility for data within the Chief Information Officer function,” the section concludes.

Despite the rapid changes in data's importance, many companies face challenges in the human side of data. The survey recently revealed that most respondents consider human-related challenges the principal barriers to adopting a data-driven approach.

Moreover, companies have made little progress towards creating a data-driven culture, with less than a quarter of firms reporting success in this area. Though

In the end, however, the ultimate value of data comes when people use it in decisions and actions”

TOM DAVENPORT VISITING PROFESSOR, SAÏD BUSINESS SCHOOL

data executives focus on issues such as data modernisation, data products, AI and ML, data quality, and data architectures, the investment in "data literacy" ranked low among their top priorities, with less than 2% of respondents identifying it as a priority.

This raises the question of whether industry stakeholders are “leading the horse to water” but unable to make it drink. Companies need to shift their paradigms towards human issues and invest in data literacy to build a data-driven culture successfully. The low level of the overall success of the Chief Data Officer/Chief Digital and Artificial Intelligence Officer function found in the survey could be attributed to this emphasis on nonhuman issues.

“This is not to diminish the actual progress made with data in organisations,” says Davenport. “The survey and our own observations indicate that data consumption has become much more of a focus in recent years and that companies are using analytics and AI to deliver value from data. Data is driving substantial amounts of business innovation.

“In the end, however, the ultimate value of data comes when people use it in decisions and actions. That is both a long game and a difficult one.”

“Data consumption has moved into focus as companies use analytics and AI to deliver value from data”

RANDY BEAN INNOVATION FELLOW, DATA STRATEGY WAVESTONE

THE TOP 10 CYBERSECURITY COMPANIES IN THE WORLD IN

To prevent attacks, it has never been more important for enterprises to invest in cybersecurity. We look at the top companies offering cyber platforms

The global cybersecurity industry is big business. According to a recent Cybersecurity Ventures report, the global annual cost of cyber crime is predicted to top US$8tn in 2023 – which isn’t helped by an uncertain global economic outlook. With predictions that 2023 will be a turbulent year for cybersecurity, an increasing awareness of cyber threats has led to a rising investment in related infrastructure worldwide. Here, Cyber Magazine takes a look at the Top 10 cyber companies to watch in 2023.

VMware VMware

Zscaler

Zscaler

Founded in 2007, Zscaler provides enterprises with a cloud-based security platform built on zero trust principles. Zscaler mainly caters to US-based enterprises with 10,000 or more employees. The company showcased security detection capabilities available through its Zero Trust Exchange cloud security platform and the CrowdStrike eXtended detection and response (XDR) platform – helping customers correlate security data from multiple sources to identify new indicators of compromise (IoCs) and suspicious signals that show cyberattacks may be underway.

Founded over two decades ago, VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.

VMware acquired CloudHealth in 2018 and expanded it in 2019 to provide deeper integration with VMware workloads, alongside public cloud. CloudHealth provides cloud governance features to help organisations align security and regulatory compliance.

Fortinet Fortinet

Headquartered in Sunnyvale, California, Fortinet develops and sells cybersecurity solutions, including physical firewalls, antivirus software, intrusion prevention systems and endpoint security components. The Fortinet Security Fabric platform secures many of the largest enterprise, service provider, and government organisations around the world.

With its platform, the company brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications across all network edges.

Crowdstrike Crowdstrike

Crowdstrike provides cloudnative endpoint protection software. Its platform, Falcon, goes beyond simple threat detection by automatically investigating anomalies, removing the guesswork from threat analysis. Crowdstrike counts three of the 10 largest global companies by revenue among its clients. The company was founded in 2011 and is headquartered in Austin, Texas. Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon Platform leverages realtime indicators of attack and threat intelligence to deliver hyperaccurate detections, automated protection and remediation.

Cisco Cisco

Founded in 1984, Cisco is a software development company that offers its own security platform, SecureX. This cloudnative platform includes XDR capabilities and integrates the Cisco Secure portfolio with its customers’ security infrastructure, speeding detection, response, and recovery.

It delivers a consistent, built-in experience across customers’ products, giving them unified visibility, intuitive automation, and robust security for their entire security portfolio. Cisco Secure enables customers to defend against threats and safeguard the most vital aspects of business with security resilience.

Trend Micro Trend Micro

A leader in cloud and enterprise cybersecurity, Trend Micro has around 7,000 employees across 65 countries, with its cybersecurity platform protecting 500,000+ organisations and 250+ million individuals across clouds, networks, devices, and endpoints. The platform delivers central visibility for improved detection and response, with a powerful range of advanced threat defence techniques optimised for environments like AWS, Microsoft, and Google. Trend Micro is driven by decades of security expertise, global threat research, and continuous innovation.

Darktrace Darktrace

By using AI, Darktrace has the ability to interrupt in-progress cyber attacks with its technology. It can fight against attacks including ransomware, email phishing and threats to cloud environments and critical infrastructure.

The company has over 6,500 customers worldwide that rely on Darktrace’s digital immune system to avoid cyber disruptions.

Founded in 2013, Darktrace applies Self-Learning AI to enable machines to understand the business so they can autonomously defend it. The company is also headquartered in Cambridge, UK, with 1,700 employees and over 30 offices worldwide.

CyberArk CyberArk

CyberArk is a global leader in identity security. Founded by Alon N. Cohen and current CEO Udi Mokady in 1999, the company provides a comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle.

Since its founding, CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. The company delivers innovative security solutions that help leaders become more proactive to cyber attacks.

McAfee McAfee

The McAfee Corporation is an American global computer security software company, headquartered in San Jose, CA. Purchased by Intel in February 2011 to become part of its Intel Security division, McAfee is a worldwide leader in online protection. Its key attributes are to focus on protecting people, not their devices.

The cybersecurity business boasts over 108 million customers across 182 countries worldwide. McAfee’s suite of products include its antivirus software,

which can be used to scan PCs for viruses and protect them in real-time detecting all kinds of malware, such as ransomware, spyware, adware and more. With cloud-native data protection from McAfee Skyhigh Security Cloud and threat defence from McAfee Cloud Workload Security, customers can transform cloud risk into business acceleration. The company’s cyber solutions are designed to integrate threat defence across devices, IT infrastructure and the cloud.

Palo Alto Networks Palo Alto Networks

Palo Alto Networks is an American multinational cybersecurity company with headquarters in Santa Clara, California. Its platform includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. Created in 2005, it today boasts over 85,000 worldwide customers in more than 150 countries. The company’s mission is to be the cybersecurity partner of choice, protecting our digital way of life. By delivering an integrated platform and empowering a growing ecosystem of partners, the company protects tens of thousands of organisations across clouds, networks, and mobile devices. Palo Alto’s technology enables customers to secure any cloud, automate security operations, stop zero-data threats in zero time, and secure hybrid workforces.