In an interview with Technowize, Mark Hughes, President of Security, DXC Technology, comments on the passion to deliver core cyber resilience in the IT industry. Serving the goal to bring a truly sustained program within the cyber landscape, DXC is working hard to include security and engineered technology in its tech-savvy world. Read on to see what Mark Hughes has to say about its cyber resilience program and its transforming security.
Technowize: Would you like to educate our readers about DXC’s cyber resilience program?
Mark Hughes: Cyber resilience is at the heart of everything that DXC Technology does. In today’s world, increasing complexity and threats demand that a company’s efforts go beyond what is traditionally known as cybersecurity and more toward core cyber resilience.
This is about making sure that security is woven through the company’s entire IT infrastructure, whether the company runs it, or it’s run in the supply chain. DXC’s approach is to ensure that this baseline of security exists and is incorporated it into everything it does, so that the enterprise is truly resilient.
Technowize: How would you address the global and national imperatives and implications of how you compete, contribute, and operate from a security standpoint in the industry?
Mark Hughes: DXC addresses the imperatives that exist at every level. DXC has unrivaled links with governments and other organizations, as well as open-source intelligence to ensure that it has the very best visibility into everything that is happening within the cyber landscape.
What a company does with this knowledge is also very important. DXC has a sustained program that is not just about technology but also about making sure that it has the right behavioral approach. If an incident occurs, DXC mobilizes immediately to ensure it protects itself and its customers in the most appropriate and proportionate way.
Technowize: What can IT leaders do more to protect cyberattacks and cybercrimes in small and medium enterprises?
Mark Hughes: IT can become very complicated quite quickly even in small or medium organizations. Any company needs to first understand what assets it has, be aware of all risks it is exposed to, and then build a plan with a set of security controls to ensure the risk is proportionally managed and handled. The type of activity a business is in (whether small, medium, or large) may determine the level of risk appetite it has. Certain types of security incidents are much more serious for one type of organization in a particular sector than potentially another.
Many solutions are available for small and medium enterprises now where those security controls are natively built into the technology, the company just needs to implement them in the right way.
Technowize: How can CISOs position themselves in the industry to lead data and analytics?
Mark Hughes: At the heart of security is the conundrum that there is a lot of data, and the only way for a company to mitigate itself from an attack is to identify the weak signals within that data, providing the opportunity to react and respond in a timely manner. So, having an analytics capability within a company’s security setup is increasingly vital to ensure the data can be processed and sorted out as quickly as possible using tools such as artificial intelligence (AI).
A company must have access to the right data sets and the analytics tools engineered and tuned to be able to spot those signals to give them the all-important time to respond to the threat. Any CISO now operating understands this and there are many tools on the market that can help with it.
Technowize: What’s next for DXC Technology’s security program?
Mark Hughes: DXC security is absolutely focused on all aspects of cyber resilience and will continue to be well into the future. It’s all about embedding security into everything the company does so that it’s foundational and the company has a base from which to build.
When a company has that foundational set of controls it can make use of and interpret the data, to get ahead quite often of where the threat actors are and mitigate or even prevent potential attacks.
DXC’s approach is and will continue to be a foundational layer with a sophisticated set of people who are very adept and skilled at ensuring that it can analyze data and then produce actionable intelligence to protect its customers. This is all built on DXC’s ringside view of the infrastructure, being one of the largest infrastructure providers in the world, giving DXC insight that others simply don’t have.