Industry Director - Cybersecurity UK & EMEA
JP Cavanna began his career in cybersecurity in 2003 with the Metropolitan Police in London and worked in their digital forensics department for six years, before moving to the private sector to run a forensic capability for QinetiQ. Cavanna then joined Hewlett Packard Enterprise in March 2014 where he oversaw the security architecture and cyber assurance enterprises and served as a Director at Capita prior to joining Unisys. “I’d never worked for a technology vendor before or been focused specifically around one product,” he explains. “Once I found out about Stealth and its capabilities and what it can really do, it piqued my interest and I joined as an Industry Director.”
Cavanna believes that cybersecurity has become more complex in recent years since joining Unisys in late 2019. “Since its inception, cyber is becoming ever more complex as we bolt on solutions to problems that appear that we perhaps haven’t foreseen,” explains Cavanna. “The convergence of IT and OT is a big deal for businesses at the moment because that conversion brings a lot of tangible business outcomes for them but also brings a huge amount of risk too. This is because these operational technologies could only be previously attacked physically, but now if they are connected to an IT system you can get to them from pretty much anywhere.”
Cavanna believes that cybersecurity is about a balance of people, processes and technology, and, whilst there have been huge advances in relation to technology over the years, the same can’t be said of how the human element is dealt with. “Every year, the number of successful cyber breaches rises. Of those increases, more than 90% are actually enabled by us humans. This means that effective cyber awareness and education are critical if we want to mitigate this risk.”
He believes that effective leadership has been essential to helping mitigate the impact of COVID-19. “Leadership plays a huge part in this and good leadership will be a guiding light in this respect. Creating a culture of fear and blame will drive employees underground. They will not admit to making a mistake that could have security consequences, for fear of being punished or losing their jobs. So, an opportunity to stop or mitigate a breach has been lost. COVID-19, of course, forced organisations to provide remote working capability for 90%+ of their employees and created a whole new set of challenges for leaders. These include hugely increased attack surfaces, vulnerable technologies that were never designed to support such large-scale remote working, and the inherent insecurity of employees’ home networks. For those not well used and adapted to working from home, professional and personal boundaries can blur. Private space in the home merges with the new work environment and employees likely end up working much longer hours, without the physical human interaction they are used to. This increases stress levels, and with that comes a drop in attentiveness and alertness making the employee a perfect target for phishing attacks.”
Three key areas of consideration for leaders:
1. Provide effective cyber awareness and education and hardening home network security.
2. Ensure employees can maintain proper boundaries between work and home life, without fear of judgement.
3. Develop a culture of support and acceptance rather than fear and blame.
Read the full feature in the magazine here
From an infrastructure perspective, 2U is actually in a really good state because we have a lot of infrastructure as code deployment builds, so have many security guardrails built into those CI/CD pipelines