Sometimes, when talking about the challenges facing the cybersecurity industry, it’s difficult to know where to start.
Do you begin with the rising tide of cybercrime that promises to cost the world $10.5 trillion annually by 2025? How about the skills crisis — an industry-wide dearth of expert labour that’s making the day-to-day operation of a cybersecurity function a persistent headache? And, if the everyday and ordinary are difficult, what happens when disaster strikes and it turns out there aren’t enough hands on deck to handle a coordinated cyber attack, natural disaster, or other significant disruption?
What about the ongoing tripfalls and headwinds presented by legacy technology? Security protocols and compliance procedures developed over decades with increasingly outdated technology are proving more and more to be just the sort of weak points that bad actors like to exploit.
Empowering cyber defences
Disruptive new technologies promise to put powerful tools into the hands of cyber professionals, plugging gaps with automation and empowering their cyber defences with artificial intelligence (AI). But the bad actors creating the need for increased cybersecurity have new toys to play with as well. Generative AI-powered phishing templates, democratised ransomware for hire, and sophisticated state-sponsored hacking campaigns are consistently ratcheting up the ambient cyber risk, something geopolitical tensions and an ever-shifting landscape of regulatory compliance only serve to exacerbate.
“The main challenge we’re dealing with is overcoming the disconnect between cybersecurity and business goals”
Piotr Topor, Director of Information Security and Governance at LSC Communications, thinks about all these things. As an experienced cybersecurity leader with over a decade in the industry, he’s spent a long time thinking about the problems facing his industry. I spoke to him about his unique approach to the skills shortage, implementing new technologies, and cultivating a cyber-conscious culture.
However, first and foremost — and throughout our discussion — Topor stresses that “the main challenge we’re dealing with is overcoming the disconnect between cybersecurity and business goals.”
Topor joined LSC Communications in April of 2023. The Illinois based firm provides high quality printing, mailing, and office products, with DNA it can trace back over 150 years to the dawn of modern industrial printing. You’d be forgiven for thinking that the high-tech sphere of cybersecurity couldn’t be more at odds with an organisation whose roots are 12 years older than the telephone.
But, as Topor lays out for me over the course of our interview, by bringing cybersecurity into alignment with the broader business goals, he has been able to better help safeguard LSC Communications against an increasingly complex threat landscape, as well as support the company’s broader strategic ambitions.
Bridging the business-cyber gap: Security transformation at LSC Communications
When Topor joined LSC Communications, he recalls, the company’s cybersecurity function didn’t have a dedicated leader — the responsibility shifting from one person to another as the business underwent a series of organisational changes.
“They’d had some great leaders — some people who had been with the company for many years and really understood the organisation and some great IT people with lots of technical expertise, who laid the groundwork for someone who is, first and foremost, a cybersecurity professional to take the program to the next level,” says Topor. Tasked with taking LSC Communications’ cybersecurity strategy “to the next level,” he set about leading an organisational, cultural, and technological transformation.