Jose Maria Labernia, Head of IT Security & Internal Controls at Holcim EMEA Digital center shares in this interview, today´s main challenges and keys of cybersecurity for organizations


Today's main challenges of cybersecurity for companies


“The biggest challenge facing organizations today is being able to ensure business continuity from an IT standpoint while keeping up with reputational image and legal data protection requirements."


This is not easy in today's environment with so many threat factors:

  • where ransomware grows exponentially every year,
  • with extensive use of third-party vendors and services usage that facilitate supply chain attacks,
  • business email compromise remains effective as a high-profit attack and, also,
  • deepfake technology accessible to criminal organizations.

On top of that, organizations have many security vulnerabilities to patch within their software and hundreds of security configurations to harden systems. So overall, it's a big puzzle to manage to ensure security is preserved and business units are not severely affect.


What are the key aspects that organizations should consider to prevent Cybersecurity threats?

First, build the best possible team to support cyber security risks within the organization. The more and stronger talents, the better a company will protect itself. Get rid of bureaucracy and promote an agile and hands-on culture within the organization.
Second, define and stick to agreed processes and policies. I see many organizations with hundreds of exceptions in every IT domain and end up in unmanaged and out of control situations. Company and senior management buy-in on cybersecurity issues is a key success factor.

Third, having the best tools and third parties to support and protect endpoints, mail relay, user access, proactive scanning, monitoring, etc…

And finally, prepare for the worst: train and conduct drills, create a strong business continuity plan along with recovery strategies before it's too late, and keep your users informed about cyber risks and trained".