KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Experts define Operational Technology (OT) as «hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.»
OT differs from IT, in terms of functionalities, the culture of operators and threats. In recent months, we witness an increasing convergence of IT and OT systems. This area is a novel and rapidly expanding one for both cybercrime and industry. Recent IBM’s 2020 X-Force Threat Intelligence Index summarizes that attacks targeting operational technology (OT) infrastructure increased by over 2000 per cent in 2019 compared to the previous year. The COVID-19 pandemic accelerated these trends: it is the digital accelerant of the decade and accelerated companies’ digital transformations by approximately a global average of 6 years.
For example, one of the impacts of COVID-19 –at least until a vaccine is discovered– is the reduction of on-site staff. In the case of OT systems, this put a strain on the already limited resources and required an increase in external connectivity. The result is the numerous industrial plants exposed to, for example, ransomware attacks.
From a bird-fly point of view, IT and OT are still missing a holistic approach that includes cybersecurity, physical security and cyber-physical security, an integrated cyber-risk estimation and governance models able to span across IT and OT domains. Overall the primary need concentrates around as reconciliation of IT Security (typically built on Confidentiality-Integrity-Availability paradigm) with OT Cybersecurity (which fundamental properties are instead Safety-Reliability-Productivity).
Key Takeaways:
- Status of IT and OT security
- long term impacts of the pandemic on the digital transformation agenda of industry
- Main challenges and trends for the IT and OT security
- Some possible solutions
Experts define Operational Technology (OT) as «hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.»
OT differs from IT, in terms of functionalities, the culture of operators and threats. In recent months, we witness an increasing convergence of IT and OT systems. This area is a novel and rapidly expanding one for both cybercrime and industry. Recent IBM’s 2020 X-Force Threat Intelligence Index summarizes that attacks targeting operational technology (OT) infrastructure increased by over 2000 per cent in 2019 compared to the previous year. The COVID-19 pandemic accelerated these trends: it is the digital accelerant of the decade and accelerated companies’ digital transformations by approximately a global average of 6 years.
For example, one of the impacts of COVID-19 –at least until a vaccine is discovered– is the reduction of on-site staff. In the case of OT systems, this put a strain on the already limited resources and required an increase in external connectivity. The result is the numerous industrial plants exposed to, for example, ransomware attacks.
From a bird-fly point of view, IT and OT are still missing a holistic approach that includes cybersecurity, physical security and cyber-physical security, an integrated cyber-risk estimation and governance models able to span across IT and OT domains. Overall the primary need concentrates around as reconciliation of IT Security (typically built on Confidentiality-Integrity-Availability paradigm) with OT Cybersecurity (which fundamental properties are instead Safety-Reliability-Productivity).
Key Takeaways:
- Status of IT and OT security
- long term impacts of the pandemic on the digital transformation agenda of industry
- Main challenges and trends for the IT and OT security
- Some possible solutions
Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and It is not only about training and awareness. It is about the way users must behave online and IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.
How do you prepare for the increasing regulatory challenges in a time of ongoing cloud migrations with global service providers? The invalidation of the EU-US privacy shield and the enforcement of the NDAA Section 889 will require a thorough review of existing controls and a swift management of stakeholder interests. This key note will provide practical experiences and guidance to ensure you meet your compliance goals.
You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views. But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.
Security is Culture – and culture starts with people (not technology!) The complex topic of SAP-security is a massive challenge for the almost 500.000 companies worldwide using SAP. The challenges are the same for everyone, and it is the combined corporate responsibility of the C-Level and all employees to protect the enterprise from threats. These core applications can be secured by focusing on the 3 main attack vectors: People, Processes, and Technology. Within this keynote, Jochen Fischer shares what needs to be done to define clear ownership and responsibilities for SAP-security. Enabling people to understand the risk in SAP is fundamental to design a sustainable strategy that is based on the individual risk profile of each individual company. It is time to stop the monkey business when it comes to mission-critical topics like security. As independent expert, Jochen Fischer provides state-of-the-art methodologies to deliver the right people the suitable skills required to protect SAP without burning money on tools that have no or limited effect on corporate cyber resilience.
This talk aims to share the experience achieved during Q-Secure Net, a 2020's project co-financed by the European Institute of Technology (EIT) and Italtel, Cefriel, Politecnico di Milano, CNR, UPM and Telefonica. Q-Secure Net will provide a cost-effective and flexible network solution for unconditionally secure communication services based on Quantum Key Distribution (QKD) thought for fiber-optic networks.
The talk will also present an application of Blockchain Atomic Swaps for the exchange of securities and cryptocurrencies, developed in the project and based on QKD. Atomic Swaps have great potentials for financial scenarios regarding securities, crypto exchanges and cryptocurrencies but have specific security threats.
The QKD market is expected to grow over $980 million by 2024. In the long term, the QKD will be strategic for the design of new architectures in many sectors like telco, defence and transports and 5G sectors. QKD's infrastructural security and its ability to mitigate cyber-risks, also allow a whole new class of approaches and applications for Decentralised Finance.
Key Takeaways:
- QKD Features
- Capabilities for Fintech applications
- Atomic Swap and Crypto Exchanges
- How QKD can mitigate risk in applications like smart contracts for Decentralised Finance Scenarios (for example in the Atomic SWAP use case)
In the crisis created by Covid-19 it is even more obvious how C-level are reacting and in cases not reacting properly to new cybersecurity situations resulting from rapid and enforced digitalisation. Can or should they be given more time to adapt? Can they build up the proper cybersecurity decision making skillset? Is it worth the effort? The speaker explains how that is possible, what new digital roles should be created within an organisation and how to meet challenges posed by the transforming digital ecosystem.
Cyber resilience, a term often heard but never fully understood, has made headlines for many years. Nonetheless, we are still confronted with ransomware attacks that lead to the standstill of organizations, as evidenced in the 2017 Maersk attack or the declared state of emergency by the mayor of the city of New Orleans in December 2019 after the city was hit by a cyberattack.
Many organizations perceive cyber resilience as yet another regulatory topic to be addressed by the IT department or the IT security teams, ignoring the regulatory requirements deriving from stakeholders such as the European Central Bank, or the need to interlink cyber preparedness with business continuity efforts and the much-needed support not only by the business departments but also the C-suite.
All this stems from an incomplete understanding of cyber resilience and what added value it can offer to an organization. The presentation aims to close this knowledge gap by highlighting key regulatory requirements, and how these can be addressed in coordination with key decision-makers. It will also provide insights into future regulatory developments with a specific view on the EU legislation. The presentation will also talk about testing approaches for cyber resilience, such as the TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) framework.
Key takeaways:
1) After completing this session, the participant will be able to refer to relevant CR regulations and put them into context and everyday use and to understand expectations from the FS regulators.
2) After completing this session, the participant will have knowledge about how CR is applied in other FS organizations, and what tools and methods exist to assess CR readiness.
3) After completing this session, the participant will be able to discuss key CR topics with senior management to promote the importance of CR, and to make a business case for it.
4) After completing this session, the participant will be able to refer to available resources on the internet to deepen his/her knowledge of CR.
Is your cybersecurity as fast as your business? Finding the right strategy to secure the growing speed and diversity of DevOps driven application development and dynamic infrastructures is hard. To master this journey, organisations have not only to adapt new security controls but in most cases to redefine their cybersecurity strategy and traditional approaches such as Defence-in-Depth and Zero Trust Architectures from scratch.
In this session, you will learn the FIRST PRINCIPLES how to align the pace of your cybersecurity to your business speed from both perspectives: a cybersecurity expert and a former developer.