Mansi Thapar, a cybersecurity expert with 24 years of experience across IT and security domains, leads global cybersecurity at Apollo Tyres. A recognized speaker, writer, and award winner, she advises leading industry bodies and mentors initiatives like CyberPotter, promoting cybersecurity awareness, especially for women and children.
In a thought-provoking interaction with Women Entrepreneurs Review Magazine, Mansi shares insights on the evolving cybersecurity landscape in manufacturing, highlighting emerging threats. She also talks about the balance between innovation & security, and outlines strategies for safeguarding globally connected supply chains while maintaining operational efficiency.
How do you perceive the current landscape of cybersecurity in the manufacturing industry? Are there any emerging trends or threats that are particularly concerning?
The current landscape in manufacturing is very exciting and at the same time very challenging. With this significant and beneficial transformation, driven by convergence of IT/OT networks, adoption of advanced technologies like industrial IOT, AI, Gen AI, and interconnected supply chains have introduced complex cyber security challenges.
Besides the regular threats like ransomware where manufacturing has been the prime target, supply chain attacks by exploiting vulnerabilities of third-party vendors, attacks on OT systems, insider threats due to unknown and unaware employees, and last but not least, lack of cyber security professionals understanding OT networks are the key trends and threats which are concerning.
How do you balance the technical and strategic aspects of cybersecurity with your role as a mentor and advisor? What strategies do you use to stay updated with industry trends and innovations while guiding others?
Balancing technical and strategic aspects of cyber security is a critical responsibility for any cyber security head. I have been lucky to sit on both sides of the table, having worked in IT companies and manufacturing companies in varied IT and business roles, which provides me good understanding of business as well as IT along with business risks and security. The main aspect of handling the balance is to ensure cybersecurity is everyone’s responsibility in an organization and not just IT.
Given the dynamic nature of cyber security, continuous learning and proactive adaptation are essential.
Following are some steps taken by me to ensure the same.
- Attending cyber security conferences (RSA, Blackhat), industry specific conferences (ICS cyber security conference).
- Obtaining and maintaining information security certifications (C—ciso, CISSP)
- Engaging in threat intelligence and information sharing by joining cyber threat intelligence networks (ISACs, CISA, FIRST
- Collaborate with Industry experts and think tanks (CyberAICommune, LinkedIn groups, Owasp community, Eccouncil)
- Track evolving Regulations and Compliance changes (GDPR, AI Governance Laws, IEC 62443, ISO 27001)
How can organizations strike the right balance between embracing tech innovation and maintaining robust cybersecurity? What role do you see for cybersecurity leaders in facilitating this balance?
Awareness, Awareness, Awareness and cyber security being everyone’s responsibility are the two areas which should be facilitated by senior leaders to strike a balance. Security team as well need to be aware of business needs and rather than playing a police man’s role, it should act as an enabler. I always ask a question to all stakeholders to understand the importance of cybersecurity, which is “What do brakes do to a car?” Most of them say it helps us stop. But if you look closer, it gives you speed as you have assurance at the back that brakes will support you. Similarly, that is what cyber security is to an organization which is on a path to digital transformation.
What are the unique cybersecurity risks faced by manufacturers in a globally connected supply chain? How can businesses ensure the security of their extended supply chain partners while maintaining operational efficiency?
A single weak link in the supply chain can compromise the entire organization’s network. Compromised credentials, malware spread via shared data and integrated systems, impersonating suppliers for financial email scams etc. are some of the cyber risks associated with supply chain.
Third party cyber security assessments before onboarding a vendor, secure remote access via ZTNA tools to all third parties, awareness to the suppliers on security best practices, cybersecurity clauses in supplier contracts, and continuous monitoring and governing the entire lifecycle are some of the key aspects to secure supply chain.
How can manufacturers build a resilient incident response strategy that ensures business continuity? What lessons can be drawn from recent high-profile breaches in the industry?
I would say being Breach Ready is the mantra for protecting our organizations from major cyber-attacks. Enforce an incident response plan which includes maybe 7-10 scenarios which can hit the organization and create an idiot checklist (technical as well as business), create an IR team which includes senior stakeholders like CDO, or a board member who can take decisions, as during an incident, TIME saved is MONEY and BRAND saved.
Lessons learnt from most of the breaches are that it mostly starts from an unknown unaware IT user who clicked on a wrong link, used an infected malware or downloaded a software. Hence, the strategy has to be people process and technology, as tools alone cannot help us fight this war against cyber terrorism.
As a mentor and advisory board member in cybersecurity, what emerging trends or threats in the field are you most concerned about? How do you think businesses should prepare for them?
Besides the ones we mentioned above, we are going to see a big disruption happening with Gen AI. While Gen AI is transforming cyber security and business operations, it also introduces new attack vectors that cybercriminals can exploit. AI-powered phishing and social engineering attacks like deepfake audio and videos, conversational scam chatbots, data poisoning and AI Model manipulation, code generation exploits are some of the examples. Organizations need to implement a holistic approach by strengthening cyber security frameworks by adopting ZTNA arc, aligning to NIST AI Risk Management framework, regularly auditing AI generated outputs, deploying AI powered anomaly detection and, of course, increasing awareness on deepfakes.
