Green technology is a relatively new and rapidly changing market. Green technology, according to The Environmental Magazine, is defined as technology that, “reduces the impact of humans on the environment, reverses damage to the environment, or reduces resource usage,” and can include everything from solar panels to wind turbines.
Bryan Galloway, Director of Information Security with Enphase Energy, has navigated building a cyber strategy in this space twice and brings a unique perspective in the latest Reimagining Cyber episode, “Powering your cyber strategy.” In this episode, he discusses the importance of tying the criticality of security to business outcomes, shifting business culture, and getting back to fundamentals (something Ikjot Saini echoed in “Connected Vehicles and the Cyber Equivalent of Seatbelts and Airbags”) when creating a cyber strategy.
One goal, one team
The best defense is the a good offense, but sometimes, getting internal alignment and agreement from the C-Levels and the Board can be difficult. Tying cyber goals to business outcomes can be a game-changer when trying to get everyone on the same page.
“The differentiation is, how do we build security in a way that makes sense for the business to operate effectively? You know, they're more willing to invest at a rapid pace, because they're more aware and more sensitive to it, and a willingness to adapt, but it still has to work for the business.”
Build it into the culture
Galloway also suggests integrating security into the business culture.
“And really what that turns into is, for any organization, is a culture change. It's an understanding of the relevance of security within the business culture and making it part of that every step of the way. So, it's about how we build it in.”
“I'm no longer in a position as a security leader be able to say that, you know, my my goals and objectives and my timelines don't get tied to business outcomes. They absolutely do,” he says.
Bob Guay, CISO of Momenta Pharmaceuticals, who was a Reimagining Cyber guest on “Everyone needs to be cyber savvy,” said [of getting the executive team on-board with a new cyber strategy], “Today everyone needs to be cyber-savvy…You should be thinking cyber-savvy all the time. Everything you do is a target of actors, so I try to make sure that all the training and resources we have it’s about everything they do all the time; to protect themselves, the company, and our patients.” Putting yourself in their shoes and showing people “what’s in it for them” is another helpful strategy when trying to get buy-in from others.
OT, IOT, and Getting back to basics
Green technology is a relatively new field that is growing exponentially. Enphase Energy is an energy technology company that manufactures software-driven devices like solar panels. Oftentimes, their software will integrate with PLCs (Programmable Logic Controllers) that will make real-time decisions on the fly.
“Our approach had to change for the risk profile. Which means we had to understand the changing in the threats, right? Once I allow an OT or an IoT device to make decisions, then it has the ability to do things, which means it changes an active player now. It's not just a passive collector or sensor, or intruder,” Galloway said.
Additionally, Galloway recommends getting back to basics and keeping basic cyber hygiene when creating a cyber strategy.
“The interesting bottom line due to a lot of this is that the the sophistication and the nature of the technology underpinning my industry, you know, it all reduces to the same fundamentals.”
“There is a simple way to look at cyber hygiene and the fundamentals of what we do,” Galloway says. “When we have vulnerabilities to identify, we have to patch, meaning we have to have an open line of communication to a device in order to send an update that closes a security vulnerability.”
Regardless of industry, a holistic approach that includes basic cyber hygiene and fundamentals, tying security to business outcomes, and encouraging business culture shifts, is key to building a strong cyber strategy that will prevent ransomware attacks and breaches.
Do you have any additional tips to share? Drop them in the comments below. Let’s crowdsource together!
CyberRes is a Micro Focus line of business focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberResilient.com.