Events , Governance & Risk Management , Operational Technology (OT)

OT Security: Know What You've Got and Where Your Risks Are

OT Security Lags IT Security But the Basics Are the Same, Panelists Say
Susan Koski, CISO, PNC Financial Services Group, and Sapan Talwar, global CISO, Perfetti Van Melle Group

Threat intelligence is an important component of OT security because it maps the techniques and tactics of threat actors to what they are likely to attack, and it collaborates across teams to cover potential vulnerabilities, according to Susan Koski, CISO and head of enterprise information security at PNC Financial Services Group, and Sapan Talwar, global CISO at Perfetti Van Melle Group.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

Talwar said that only 11% of operational technologies are properly secured, whereas 80 to 85% of IT systems are secured. Koski added that while defenders are always playing catchup with new offensive capabilities, cybersecurity vendors can help by building things more securely rather than chasing after attacks when they happen.

Priorities start with visibility, knowing what you have on your network and then patching and mitigating known risks, after which comes threat intelligence, they said.

In this video of a panel discussion sponsored by CyberEdBoard and recorded at RSA Conference 2023, Koski and Talwar discuss:

  • The maturity of OT security and how it needs to catch up with IT;
  • How threat intelligence can be used to mitigate risk;
  • Why visibility of assets should be a top priority.

Koski achieves a business balance of security and risk management, rebuilds programs and develops highly functional teams. She also re-engineers processes and technology for efficiency and innovation. Koski previously served as managing director of technology risk management at BNYMellon, CISO at Synovus and chief data protection officer at Aetna.

Talwar previously worked in senior security roles with companies including Aon, Adobe and Tower Research Capital. He has more than 24 years of experience in information risk management, cybersecurity, regulatory compliance, security engineering and governance.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community -

Apply for membership

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.