Kris Lovejoy. Image: Connor McKenna/SiliconRepublic.com
Kyndryl’s Kris Lovejoy discusses cyber resilience, what the EU’s DORA regulation will mean for businesses and how to improve diversity in the sector.
The cybersecurity landscape is constantly evolving, with new threats appearing constantly and new regulations being rolled out to ensure organisations keep themselves secure.
With different threats, rules and forms of protection to consider, it can be easy for businesses to become overwhelmed when it comes to developing their cybersecurity. But Kris Lovejoy, a global security and resiliency leader at Kyndryl, has a key piece of advice to simplify things – she said that companies should think of cybersecurity protection “from the perspective of hygiene”.
“Most organisations will chase a lot of technology to solve the problem; it’s not really the answer,” Lovejoy said.
“The answer is really to focus on knowing what kind of technologies you have in place through good inventory systems, ensure you’re patching them, ensuring you’re hardening them, ensuring you’re monitoring them, and ensuring that you have some mechanism to recover them when something goes wrong.”
Preparing for DORA
While some organisations may not be taking cybersecurity as seriously as others, businesses from various sectors will need to ensure their security standards are ready for new regulation in the EU, such as the Digital Operational Resilience Act (DORA).
This act will come into effect in January 2025 and will bring about various new criteria to follow. Lovejoy said DORA ensures that organisations think about cybersecurity risks in a “very holistic manner”.
Lovejoy said DORA will require organisations to adopt a “cyber risk management framework” to ensure they have the right controls and the right investments to “remediate the risk” and that they can recover – all of which is “cyber resilience essentially” according to Lovejoy.
“It also requires you to have a mechanism in place where you can detect, respond and then actually tell the related agencies about the particular incident when it rises to a particular level,” she said. “It also requires that you have the ability to implement reasonable controls to manage that framework.”
Another key part of DORA is that organisations will need to think about supply chain cybersecurity, which Lovejoy describes as an “important and fairly new requirement” due to the amount of threat actors using supply chain vulnerabilities as “essentially a Trojan horse” to get into organisations.
DORA requires some enhanced control around supply chains, and this includes outsourcing partners, companies like Kyndryl, who are critical partners to these businesses and organisations to ensure that they are not posing any issues.
Improving diversity
Lovejoy also gave tips for companies trying to improve their gender or ethnic diversity when bringing in new potential candidates. She explained one of the initiatives she is involved with to boost diversity through Kyndryl.
“One of the more successful things that we do here at Kyndryl through our kinships, and I’m lucky enough to be the co-executive sponsor for the women’s kin, which is to support women in the workplace, is we have facilitated co-evangelist circles,” she said.
“Co-evangelism is all about creating networks of women who are kind of in the same scope range from a career perspective where the goal is really just for them to talk about themselves and talk about what they want to a group of women who will just file that away.”
“I strongly believe that this kind of creative focus on letting women just get over the hurdles that they’ve kind of established for themselves in forms of things like co-evangelism can be really successful.”
Last November, Virginia Lee of Tata Consultancy Services spoke to SiliconRepublic.com about the need for more upskilling and diversity in cybersecurity.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.
