energycioinsights

Overcoming the Tireless Endeavor of Staying Up To Date on Current Threats

By Ian Thomas Cook, Head of IT, charity: water

Ian Thomas Cook, Head of IT, charity: water

Can you shed some visibility into the threat landscape?

IT professionals from small to large companies have had to pour many more resources into cybersecurity over the last few years than in the past. This is due to the fact that there are more people and more devices accessing online services. Storing sensitive data in these types of services has become standard and the trend is continuing in that direction. Email, chat comms, data storage, data sharing and our LAN take up the majority of my security focus for charity: water.

In the face of increasing threats to IT, OT and IoT, security and risk leaders need to build resilient organizations that can withstand attacks and continue to attain enterprise objectives. What is your take on managing risk & delivering security in a digital world?

It’s a tireless endeavor to stay up to date on the current threats and then implementing polices, trainings or technology to protect our organization from them. It’s a balancing act between staying informed and the actual implementation for the most critical needs. We try to plan our implementations in ways that reduce disruption to our workflows as best as possible, but when breaches or leaks occur, we have to act fast and expect understanding from our team.

Cloud computing is now a mission critical part of the enterprise. Please share some lessons learned in securing your cloud and achieving compliance objectives

I decided to take charity: water in the direction of a cloud-first org back when I started 5 years ago. This was met with some hesitation at first, but when a product has strong focus on keeping our data secure like encryption at rest and in transit, security compliance certs, and we’re able to develop great communication with their sales and technical teams, I’m able to advocate strongly to our leadership.

What are some of the new technologies, you think should be adopted in the near future?

I’d love to see other organizations who work with amazing partners in the field, as we do, find ways to bring their technology closer to what is considered standard/best practice. This would create so much more efficiency in the working relationships.

What are the barriers to using IoT in enterprise security-vulnerability management?

Knowing what the vulnerabilities are and then doing the risk analysis to decide on if it’s best for our mission, which is to bring clean water to people in need around the world.

From direct regulation to indirect influence on negligence suits, the government is doing what it can to change network security practices around the country. Can you share with us one or two approaches that will have significant impact on the initiatives?

Having a standard for the non-profit sector would be helpful and relieve a lot of stress and uncertainty about what is best for specific cases. If we all had to have redundancy with backups, have e-discovery tools, and retention polices that everyone had to follow, I think that would be helpful and have a positive impact on our sector.