Daniel Bren, OTORIO: “supply chain dependencies have extended an organization’s attack surface to its suppliers’”

While the advancements in technology allow companies to automate and manage some of their most complex processes, the growing numbers of devices and networks also offer many opportunities for threat actors.

Although more enterprises are starting to take cybersecurity seriously and adopt new measures to secure their devices with antivirus firewalls and VPNs, many still struggle with choosing the right solutions for their OT environments. With ransomware attacks and other cyberthreats becoming a daily occurrence, operational security is now more important than ever – especially when critical processes are on the line.

To discuss what actions companies need to take to secure their operational environments, we spoke with Daniel Bren, the CEO and Co-founder of OTORIO – a company helping organizations understand their OT security risks by providing actionable insights.

Tell us a little bit about your story. How did OTORIO evolve over the years?

My personal journey started like most Israeli youth with compulsory service in the IDF. I had the privilege of serving nearly 30 years in different cyber security roles: tech, operational management, and leadership. During the period that I served as the military’s Chief Digital Officer and Cyber Defence Commander, I met Yair Attar, OTORIO’s CTO and co-founder. Based on our shared interest in defending converged mission-critical environments, we developed the deep domain understanding and approach that became the foundation of OTORO.OTORIO is an end-to-end OT cyber security company whose proactive digital risk mitigation solutions are deployed at enterprises worldwide to protect business continuity and ongoing operations. We provide comprehensive risk assessment, monitoring, and management solutions and services for critical infrastructure, smart transportation and logistics, and industrial manufacturing organisations. Our solutions enable them to effectively secure their digital transformations in converged IT-OT-IIoT networked environments.

Can you introduce us to your risk management solutions? What methods do you use to secure industrial organisations?

OTORIO’s unique solution delivers a proactive approach to operational resiliency. By ingesting and correlating cross-domain data sources: industrial, network, and cyber security, our platform enhances the data and creates insights to identify exposures and risks. This enables us to prioritise them based on their potential impact on operational continuity, productivity, and safety, and propose feasible mitigations for these risks by leveraging existing security controls. As part of an organisation’s cyber governance, the platform manages and publishes dashboard reports to the different stakeholders.

What would you consider to be the most serious problems that industrial IT & OT environments face nowadays?

There are several unique tendencies of OT and two main issues that compound the main challenges endangering converged networked environments today. First and foremost are the convergence of inherently insecure multi-generation technologies, enhanced connectivity to the cloud, and third-party vendors whose digital services organisations use (e.g., those performing maintenance, and performance optimization). Supply chain dependencies have also extended an industrial manufacturer's or critical infrastructure organisation’s attack surface to its suppliers’ as well. IT-centric cyber security solutions are inadequate to protect such environments. Secondly, the number one risk for industrial converged OT-IT-IIoT network operations is ransomware.

How did the recent global events affect your field of work? Have you noticed any new threats arise as a result?

The main driver of the growth of OT-related cyber risks is the global COVID pandemic because it expedited digital transformations. This pushed organisations to open their operational floors for remote management, maintenance, and optimization.

What security tools should organisations and individuals have in place to combat these new threats?

An OT security risk assessment and management platform is crucial.

What are the most common issues that companies run into on their digital transformation journey?

I would say that governance, roles and responsibilities, policies, and processes are some of the main challenges companies face nowadays.

Why do you think certain companies still hesitate to digitize various processes?

They lack a deep domain understanding of the potential of digitalization, and how it can enhance their operations, increase safety, and make their production more efficient. Some companies also fear change itself.

What other aspects of our daily lives do you hope to see automated or enhanced by technology in the upcoming years?

We hope to build a community in our marketplace where people could share insights, alerts, and litigation playbooks.

Would you like to share what’s next for OTORIO?

We are continuing to build a capable and trusted network of partners to deliver our solutions, and grow a community of users to share knowledge to expedite learning and maturity.