Frank Balonis is Chief Information Security Officer and Senior VP of Operations and Support at Kiteworks. Frank has been in IT support and services for more than 20 years. In his current position, Frank is responsible for technical support, customer success, and corporate IT. Additionally, Frank oversees corporate security and compliance, and works closely with the company’s product and engineering teams. Frank is a veteran of the United States Navy, in addition to being a Certified Information Systems Security Professional (CISSP). Frank recently spoke with Smart Industry managing editor Scott Achelpohl about the types and objectives of cyberattacks in the manufacturing sector and best practices to improve cyber resilience.
Below is an excerpt from the podcast:
SI: In your article for Smart Industry in April, “Navigating red-alert security challenges in manufacturing,” you named five urgent cybersecurity action steps that manufacturing executives and their CSIOs and CIOs should take. They are 1) conduct cybersecurity assessments, 2) implement multi-factor authentication, 3) establish incident response plans, 4) educate and train employees, and 5) enhance supply chain security. Can you tell us what goes into each of these steps to make them successful?
FB: I sure can, Scott. First off, starting with conducting your first cybersecurity assessment, it can be a daunting task. So make sure you have the right understanding of the framework and its intent is in mind. These are crucial factors in doing your first assessment or doing an assessment. Seeking assistance from third parties that can provide guidance and understanding is a great way to start. They're invaluable in saving time and resources and completing the assessment in a timely fashion. It also helps you move on to the beginning stages of continuous monitoring improvements from that point on.
For multi-factor authentication, you need to start with a really good identity management system. These types of services allow for multiple forms of multiple-factor authentication and provide the flexibility needed not only for the individual and the service, but also the systems and the time they're being accessed. Having this flexibility makes things secure, but also easily accessible without interrupting work that has to be completed.