Cybersecurity

Cooperation is key to curbing cyber threats

The growing proliferation of connected devices demands a more robust security routine.

By Bryan Bennett August 26, 2021
As cybercriminals become more stealthy by using access to internet of things (IoT) devices to eventually breach sensitive data, information technology (IT) and operational technology (OT) teams need to work more closely to prevent attacks. Courtesy: ESD

Historically, when it came to IT security, responsibility started with an IT team and ran all the way up the line to a Chief Information Officer (CIO) or Chief Information Security Officer (CISO) and eventually to the company’s Chief Executive Officer (CEO). According to Cybersecurity Practice Leader, Bryan Bennett, it may be time to expand this C-suite chain of responsibility. That is because “smart” building systems are becoming more integrated with IT systems than ever before. Bennett says previously ignored OT devices led to a false sense of security for many building managers.

According to Bennett, the ambiguity surrounding the question of who should be responsible for cybersecurity must end. He believes companies will adopt the most appropriate reporting structure tailored to specific business practices. A manufacturing facility, for example, may focus extra attention on building systems with a robust OT team, while a more data-driven operation may choose to maintain a more traditional IT approach. In both cases, however, increasingly connected IoT devices must be accounted for to maintain information and operational security.

International Data Corporation (IDC) predicts that by 2025 there will be over 55 billion connected devices worldwide with 75% integrated with an IoT platform. Bennett says this growing proliferation of connected devices demands a more robust security routine. He believes while companies will continue to support IT and OT daily operations, with one notable addition. There should also be a liaison working between the two groups to coordinate maintenance, updates, and mitigating risks. Should a cyber intrusion be detected, the IT team would immediately go into action to contain the attack.

 

 

This story originally appeared on ESD’s website. ESD is a content partner of CFE Media.


Bryan Bennett
Author Bio: Bryan Bennett, Cybersecurity Practice Leader, ESD