“Cyber Security is a Guarantee for economic Success”- Interview with Fatih Denizdas

Fatih Denizdas, Head of Automation Cyber Security at Yokogawa Germany, has 25 years of IT and OT expertise with a focus on worldwide Cyber Security projects. Since October 2019, he leads the Automation Cyber Security department in Germany. As a […]

Denizdas

Fatih Denizdas, Head of Automation Cyber Security at Yokogawa Germany, has 25 years of IT and OT expertise with a focus on worldwide Cyber Security projects. Since October 2019, he leads the Automation Cyber Security department in Germany.

As a certified Global Industrial Cyber Security Professional (GICSP) and Certified Ethical Hacker (CEH), he has mastered the extensive and constantly changing security instruments. He also holds certifications as Cisco Security Expert, Microsoft Professional, and Virtualization Hyper-V | Vmware. Now Denizdas took the time for an interview.

Hello Fatih. Let’s start with the first question. Looking back, what were your first points of contact with Cyber Security? Why did you decide to put your professional and technical focus on Cyber Security?

Fatih Denizdas: In 1986, the first hacker attack was discovered and over the years the threats from viruses, trojans, etc. developed by cyber criminals increased. The possibilities of progressive digital transformation are immense. They are an enrichment in every respect, but at the same time, they offer an entry gate for individuals with criminal intentions if they are not sufficiently protected. With the help of digital transformation, for example, entire cities can be controlled, so-called “Smart Cities”, which could, however, also be paralysed accordingly. I am convinced that technology in all areas will make our lives easier, both at work and at home. With my daily work, I want to create the cornerstones for a secure implementation of the digital transformation. With the help of Cyber Security, I am able to actively participate in a better, safer future and thereby protect the lives and work of millions of people.

You have numerous additional qualifications, including being a certified Global Industrial Cyber Security Professional (GICSP). Why did you choose this particular certification?

Denizdas

Fatih Denizdas: Over the last five years, concerns about the security of industrial control systems (ICS) have increased enormously. The cyber attack on the Iranian uranium enrichment plant in Natanz in 2010 triggered increased activity around the security of industrial control systems. The worm Stuxnet ultimately manipulated the centrifuges at the plant. Since then, awareness of the dangers from the cyber world in the so-called critical infrastructure has also increased.
Of course, there are many security experts with experience and certifications in IT security, but there are very few professionals with experience and knowledge in Cyber Security specifically for the OT area. For specialists who want to focus on the security of industrial control systems, the acquisition of this certificate is mandatory. Therefore I completed the certification as Global Industrial Cyber Security Professional.

To what extent do you benefit in operational and strategic business from your skills and know-how as an ethical hacker?

Fatih Denizdas: Every IT system has weak points. Not a day goes by without a hacker exploiting a particular vulnerability. What goes on in a hacker’s head? Only by adopting the thinking of a hacker can one understand the actions of the opponent. An attack on sensitive company data does not always follow the same pattern, hackers are quite creative in their approaches. An ethical hacker has the same skills as a malicious hacker but uses them not to cause damage, but to avoid it. If you can put on the hacker’s glasses, you will be much more realistic about the dangers and risks. Looking at everything in a positive light is unfortunately naive, so you don’t see the attack vectors. In my professional career, I have already been able to uncover a large number of weak points in numerous company networks. Therefore I use my extraordinary knowledge continuously in the operative and strategic business as a contact person for our customers around the topic of Cyber Security in the OT world.

Digital Transformation – The world is in upheaval. The way we generate sales is changing fundamentally. Disruptive technologies are breaking through traditional processes and procedures. What should we focus on in the course of this?

Fatih Denizdas: Digital technologies are the central instrument for optimizing the value chain. In a networked value-added chain, for example, data from different stages are collected and shared with other internal and external participants. Data flows in real-time from A to B. This flow must, of course, be ‘secure’ in order to protect sensitive data. This means that in addition to the decisive industrial aspect of ‘Functional Security’, ‘Cyber Security’ must now also be seen on an equal footing. The two must go hand in hand to ensure a platform for the use of digital technologies that is both safe and secure.

What do companies need to consider in order to reconcile the digital transformation in terms of Cyber Security?

Fatih Denizdas: Cyber Security is an economic “guarantee of success” and thus a significant component of risk management. According to the current study ‘Assuring Digital Trust’ by the Infosys Knowledge Institute (IKI), almost 48% of the management board, as well as 63% of the executives participating in the survey, are actively involved in the development of Cyber Security strategies.

The supporting pillars for an effective Cyber Security strategy: People + Process + Technology. It is not enough just to introduce technologies. The processes must also be fine-tuned accordingly. So does the awareness of each individual employee with regard to security – keyword security awareness in the company. The overall solution must be coherent in itself. One should not forget that security is a continuous process that should be accompanied by experts who understand both the technologies and the business.

What are the emerging leading-edge technologies and trends for security?

Fatih Denizdas: Security awareness training will continue to be a regular feature of the agenda in the future. Social engineers have fatally recognized the influenceability of humans as the big, effective security gap – also called human hacking. Instead of the computer, computer or server, the psyche of a person is seriously ‘hacked’ in order to subtly extract sensitive data/information from him. Furthermore, the manipulations can, unfortunately, motivate people to do things they would not have done without the intervention. The human being is, therefore, a serious security risk, which can significantly influence cyber-resilience. As a result, the German Federal Office for Information Security (BSI) recommends regular training of all employees on the subject of social engineering.
In addition, the Basic Data Protection Regulation (DSGVO) or General Data Protection Regulation (GDPR) will play a greater role with regard to data security within data protection. Security and data protection must be sensibly linked because security must conform to data protection, whereas data protection cannot do without the security of processing.
The focus will also be on establishing a Security Operations Center, abbreviated SOC. The SOC is the control center for all security-relevant services in the IT/OT environment of companies. It immunizes the infrastructure/architecture against internal and external threats. All matters are managed at a central location so that the required security budget can be determined more easily. Moreover, this is also the charm of having one central contact person for all security related questions. The management is proactively and continuously informed by the SOC, so that they are always up to date on possible risks. This enables them to incorporate security strategies into corporate planning on the basis of dedicated information. If concrete security measures have to be taken, the SOC has the necessary competence and know-how. It can also act in an advisory capacity in various areas of the organisation.

Security is neither a product nor a state, but an ongoing process that affects the entire organization. We would be happy to inform you about how to implement a holistic security concept to keep your entire organization resilient.

 

 

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top