Why Cyber Resilience Is Crucial to Protect EmployeesHow Holcim CISO Anbu David Is Building Cyber Culture and Cyber Resilience Plans
Building a culture of cyber resilience is crucial in an organization, especially since people are the key targets of cyberattacks. Holcim, a sustainable building material company, is working to ensure the safety and protection of its 70,000 employees worldwide, as well as its IT-OT environments, in its cement plants. This includes securing both customer information and confidential business data.
See Also: Redefining with Intelligent Automation: A Focus on the Manufacturing Industry
"People are the weaknesses for ransomware attacks and 80% of attacks target people. So, it is important that people are aware of data privacy and protection practices and that they follow it regularly," says Anbu David, head of ITSM, information and cybersecurity, and CISO at Holcim.
David and his team are conducting a series of cybersecurity awareness campaigns to ensure that people are aware of cyber hygiene. Their second priority is building cyber resilience.
"We are currently focusing on our cement plans which are critical assets. There are challenges in securing the plants and the OT environments," David says.
To address this, Holcim initiated a program called global IT-OT convergence last year. It is also preparing cyber incidence response and recovery plans for all its cement plants. Apart from this, the company plans to make its engineers cyber aware, and to conduct tabletop exercises this year.
In this video interview with Information Security Media Group, David discusses:
- Building cyber culture in the organization;
- How cyberattacks on supply chains impact the building material industry;
- Cyber resilience strategies for OT systems.
David has 24 years of global experience in IT and security. He is responsible for ensuring information security, cybersecurity, OT/ ICS security, SAP security, and risk and compliance management for Holcim's businesses in the APAC region. He drives initiatives around building cyber hygiene, cyber awareness and cyber resilience for IT and business processes.