Entrust: Cyberattacks Show that More Digital Trust is Needed

The latest surge of cyber attacks – spanning sectors from retail and manufacturing to aviation – underscores not only the scale of disruption such incidents can cause, but the pressing need to strengthen digital defences.

As Chief Information Officer at Entrust, Rishi Kaushal oversees the company’s technology enablement strategy, ensuring its digital foundation remains secure, resilient and primed for innovation.

His remit covers infrastructure, business applications and strategic partnerships aimed at driving efficiency and trust throughout the organisation.

Entrust stands at the vanguard of identity-centric security, helping enterprises establish and protect digital trust through solutions that safeguard people, devices and data at every stage of their lifecycle.

From verifying identities and securing transactions to facilitating Zero Trust frameworks, Entrust plays a central role in enabling secure digital transformation – something Rishi understands intimately from his position at the heart of the company’s technology strategy.

In this interview with Cyber Magazine, Rishi discusses how he is advancing technology enablement across Entrust to bolster security and accelerate innovation – and what other organisations can learn from that approach.

How has your role evolved to translate technical cyber risks into board-level language?

The CIO role has now evolved far beyond being a strategic enabler – we’ve become critical communicators of risk and business impact. 

With the rising financial and operational fallout from cyber threats, it’s no longer enough for just us to understand the technology, we also need to translate risks into terms the board can act on.

Our IT team works closely with our InfoSec colleagues, providing oversight through organised committees, which focus on risk assessment and privacy. 

The findings from these groups feed into our key risk indicators, which are then audited internally and externally.

This structured, measurable approach allows us to turn complex technical threats into a format the board understands by linking them to business impact, audited metrics and strategic risk. 

In practice, it means we’re highlighting the vulnerability, and also explaining what it means for operations, finances, and long-term resilience.

What lessons do recent retail and aviation cyber attacks offer about current security gaps?

The most important lesson is the pressing need to safeguard individual identities. 

The rise of increasingly sophisticated attacks, from phishing attempts to organised cybercrime, shows that security needs to start there. 

That means verifying every individual appropriately, especially within today’s hybrid and global workforce, while also mitigating risks tied to advanced social engineering tactics and even deepfakes.

 It’s about protecting digital identities, such as transactions and machine credentials and also individual human identities – both need equal attention.

This is why identity and access management is so important – it directly addresses these challenges by securing identities and supporting a stronger Zero Trust strategy.

Which practical steps bridge communication between cybersecurity teams and executive leadership? 

Bridging communication between cybersecurity teams and executive leadership requires a strong governance structure and clear, consistent processes. We put a lot of emphasis on cross-functional collaboration – our cybersecurity, compliance, and audit teams all work closely together. 

Another key part of this is our use of risk registers, which capture risks across the organisation. These are then translated into dashboards and reviewed regularly by our steering committees. 

This creates a shared language for both technical teams and executives, ensuring risks are clearly understood in terms of operational and business impact.

Transparency and consistency are essential here too – we hold frequent reviews, huddles and committee updates to keep everyone aligned. 

By using governance frameworks to translate technical risks into strategic insights, we empower executive leaders to make informed decisions and ensure that cybersecurity remains fully embedded in our overall business priorities.

How critical are Zero Trust and phish-resistant MFA in defending against today’s targeted attacks?

Zero Trust and phishing-resistant MFA are no longer optional, they’re critical for securing an organisation’s most valuable assets. 

Attacks are becoming more targeted and sophisticated, and phishing remains one of the most common entry points. That’s why it’s not enough anymore to simply ‘switch on’ MFA; you need phishing-resistant MFA backed by stronger methods such as certificate-based authentication. These additional layers ensure attackers can’t bypass protections through social engineering or credential theft.

Think of identity like the crown jewel of a business: protecting it requires more than a simple lock. In many ways, it’s like a Mission Impossible scene: you don’t just see a keypad, you see biometrics, voice recognition and multiple barriers that make breaking in nearly impossible. That’s the level of layered security organisations need today.

Why must security leaders prioritise continuous education and identity protection alongside technology upgrades?

Technology is a powerful enabler, but it shouldn’t be the only line of defence. Bad actors are constantly improving their methods and technology often lags behind new attack vectors. 

Many breaches still occur because of human error and phishing is a perfect example. That’s why continuous education is just as critical as deploying the latest tools. 

Security leaders need to encourage a culture of resilience through ongoing training, from mandatory annual courses to simulated phishing exercises and role-based awareness programs.

We’ve already seen how fast AI transformed the industry and quantum computing poses an even bigger challenge, potentially outpacing our ability to respond. 

If organisations don’t prepare now, they’ll be scrambling later. By pairing strong identity protection with continuous education, we can close both the human and technical gaps and hopefully be better equipped for the next wave of disruption.