Making risk-based decisions in a rapidly changing cyber climate

In today’s blog, we are featuring an interview with Nicole Darden Ford, Global VP & CISO, titled “Managing Risk-based Decisions in a Rapidly Changing Cyber Climate”, which was published by Help Net Security on April 6, 2023. Nicole shares her expert perspective on the ever-changing cybersecurity landscape, highlighting the latest trends and developments.
Nicole Darden Ford is an Advisory Board member at Lynx Technology Partners. She plays a key role in guiding and shaping Lynx’s vision and direction for the future. We are so proud and fortunate to have Nicole helping Lynx in such an important role.

In the article, Nicole reveals the three key indicators she uses to assess an industrial organization’s cybersecurity readiness. “To defend and protect our respective organizations from cyber threats, our role as CISOs begins with exercising the discipline needed to make smart decisions that accelerate progress in a rapidly changing threat environment.”

Nicole believes that rising regulatory pressure for greater accountability means cybersecurity leadership is pivotal to an organization’s ability to reduce risk. She looks at the following points in order to determine an industrial organization’s cybersecurity readiness: alignment to a standard industry framework, assessment of the operational technology (OT) environment, and the presence of a thorough OT cybersecurity plan.

Since cyber-attacks targeting critical infrastructure have been on the rise since the start of the pandemic, it is imperative that businesses and governments are prepared. “Organizations must make risk-based decisions in a cyber climate that has become a race against time”. Nicole thinks they must understand the drivers of attacks on critical infrastructure to help determine cyber defense measures.

She uses a CISO playbook for OT security and has created a catchy acronym “DRIMR” that includes four steps she sees as fundamental and adaptable to any OT cybersecurity roadmap. These are Discover (conduct a security and risk assessment to know where you stand), Remediate (Prioritize assets you need to eliminate, upgrade or replace), Isolate (establish a perimeter physically and logically which includes controlling third-party access), Monitor and Respond (enable real-time OT network monitoring and continuously view and react to the data.)
Finally, Nicole discusses the most pressing cybersecurity concerns for industrial organizations and what steps they need to take to protect their assets and finances. “Knowing that manufacturing is the most targeted of all sectors, we must act and address the most pressing security concerns in the manufacturing environment.”
The article is rich with practical information that businesses and governments can implement before becoming the next cybersecurity attack victim. The threat is real.

You can read the article in its entirety here.