Dragos CEO and co-founder Robert M. Lee returned as a speaker at the World Economic Forum (WEF) Annual Meeting in Davos, Switzerland, for the session “Cutting through Cyber Complexity.” View the on-demand recording of the session below.
Rob joined government and industry leaders to share his perspective on cybersecurity for industrial and critical infrastructure during the conversation about how escalating cyber attacks, geopolitical instability, and unprecedented technological shifts are casting a shadow on an organization’s ability to stay resilient. The panel also addressed how global leaders can harness these insights to build a more secure and equitable future.
Rob’s Key Takeaways
Following are some key takeaways from Rob during the session.
On technology complexity:
Industrial organizations face significant challenges due to the increasing complexity of operational technology (OT) and rising threats from adversaries. Many have invested in updating their infrastructure, but this digitization and automation also introduces risks. Unfortunately, many industrial organizations are not monitoring their OT environments. Without this monitoring of transient data, it can be impossible to determine whether incidents like a refinery explosion are due to maintenance problems, cyberattacks, or contractor mistakes. This lack of visibility highlights a broader issue: many companies do not understand the current state of their operations and are unprepared for cyber threats. This is especially concerning with the automation and complexity of systems continuing to grow, while cyber teams struggle to maintain basic security measures.
On cybersecurity regulation and harmonization:
It’s crucial to focus on harmonization across public and private sectors, and across nations. Many governments are creating their own regulations, but a more collaborative approach is needed. An impressive example is how the Malaysian delegation attended a Singapore CSA conference to learn from existing regulations in Singapore and the US. They openly sought to understand what worked and what didn’t without ego, aiming to get it right. This proactive and collaborative approach should be encouraged in other countries.
On business and operational resilience:
To achieve resilience, it’s essential to first identify the specific requirements and objectives of the system or environment, rather than starting from a cybersecurity perspective alone. Too often, cybersecurity professionals focus on their methods without first considering the business’s core goals and how to mitigate the vulnerabilities that matter in that context. Many C-suite discussions on cybersecurity lack this fundamental conversation, leading to disproportionate spending on IT while neglecting operational technology. Addressing these requirements is crucial for an effective cybersecurity strategy for the business.
Ready to put your insights into action?
Take the next steps and contact our team today.