Sebastian Thrun on cybersecurity awareness at Udacity
October marked cybersecurity awareness month, which is a month dedicated to helping individuals and businesses protect themselves from ever-increasing online threats and cyber attacks.
Here, Sebastian Thrun, Executive Chairman and Co-Founder of digital talent transformation platform Udacity, shares his thoughts.
Hi Sebastian! Tell us about the widening cybersecurity skills gap concerning C-suite and senior level managers.
“The average number of attempted cyberattacks per company rose 31% between 2020 and 2021, according to Accenture’s latest State of Cybersecurity Report. Because of escalating threats, 70% of organisations are including cybersecurity as an item for discussion in every board meeting, and 72% of CEOs state that strong cybersecurity strategies are critical for their reporting and trust to key stakeholders. However, according to a global research study conducted by Trend Micro, which included the perspectives of over 5,000 IT professionals in 26 countries, only half of the respondents said they believe C-suite executives fully understand cybersecurity threats and risk management.
“The reality is, C-suite and senior level managers are not knowledgeable about core cybersecurity concepts like zero-trust security architectures. Many have struggled to keep pace with the digital transformation of their industries, leaving significant knowledge, process, and technology gaps in how they assess and manage threats. When they are asked to proactively plan to improve their cybersecurity postures, or they are faced with managing teams who are responding to massive incidents like the December 2021 Log4j vulnerability, this skills gap highlights a huge mismatch between expertise and responsibility at the executive level. Today, in order to protect a business and its sensitive internal and customer data, executive leaders must now also be cybersecurity experts. They need to drive a culture of security, understand the risk that their decisions potentially create, prioritise proactive work, and respond when incidents occur.”
Why does the manufacturing sector's reliance on technology and automation make it appealing to cybercriminals?
“According to Sophos data, the average ransomware pay-out made by manufacturers in 2021 was US$2m. This is higher than many other sectors. Why? It's because of the high reliance on technology - both greenfield and brownfield - to get work done. On the shop floor of any manufacturing plant, you'll find machines of all types, of all ages and security levels, all of which have now been connected through middleware to each other, to Industrial Internet of Things (IIoT) platforms or other central systems. This visibility into machine data is critical to ensuring operational continuity and facilitating continuous improvement. These advances in the Industrial Internet of Things (IIoT), as well as in automation, autonomous systems, and even AI or machine learning have unlocked new efficiencies - but they have also increased cyber risk and created opportunities for vulnerabilities to emerge. “Manufacturers must address the cybersecurity risks that stem from ageing infrastructure, data collection and centralisation, machine networking, the Industrial Internet of Things (IIoT), new AI applications, and cyber-physical security resulting from damage to manufacturing facilities and their end products.
“Beyond their own plants and networks, manufacturers must also address the cybersecurity of their broader supply chain. To successfully manage their supply chains, vendors must securely share data and IP with their suppliers - suppliers who often work on different systems, in different countries, and across many vendors. Not only does this span mean there are more opportunities for data and IP theft, but it means the global nature of these supply chains make manufacturers particularly susceptible to the cybersecurity risks associated with geopolitical conflict. Trusted supplier programs, which have typically been used to ensure overall quality, safety, and as a means to track counterfeit parts, must now evolve to include cybersecurity best practices and audits.
“Manufacturing leaders must understand both the benefits and the risks associated with every new Industry 4.0 initiative, every new factory, and every new supplier that they add to their ecosystem.”
How can leaders mitigate threats and ensure their cybersecurity strategy is as strong as possible?
“C-suite and senior level managers must be able to identify potential cyber threats to their organisation and understand systemic risks present within their ecosystem.
“Business leaders who upskill themselves in the core tenets of modern cybersecurity can drive an organisational culture of cybersecurity and strengthen their tech stacks, supply chains, processes, and teams from the top down. CEOs don’t need to become Information Security Analysts, Penetration Testers, or white-hat hackers - instead, they need to demonstrate core competencies that truly impact their work. They need to know how to make the right decisions about the organisation's digital transformation, air gapped factories, IIoT platforms, supplier data sharing policies, and more.”
How can senior level managers build a culture around cybersecurity?
“Getting buy-in from employees is important when implementing a culture of cybersecurity. Managers need to understand how to design and put forth initiatives that will motivate employees at every level and in every department to take ownership over security measures, as well as reward folks who speak up to identify current risks inherent in the business. Managers also need to lead by example - they need to demonstrate that cybersecurity is top-of-mind. They need to be visibly seen engaging and consulting with cybersecurity experts about their decisions - before, not after the fact. They need to emphasise the need for proactive work to address vulnerabilities and help employees navigate addressing issues quickly when they arise.
“They need to be true champions of cybersecurity within their teams and organisations, keeping pace as the risks and conversations evolve.”