Bridging business and cybersecurity: Lessons from a Kyndryl executive
When logging into Outlook and other univeristy accounts, it’s not unusual to be forced to use multi-factor authentication to get access to my locked information. While annoying, with horror stories of identity theft, credit card fraud, and data breaches, I understand this step is necessary to protect my personal information. However, it wasn’t until attending a presentation by Kyndryl executive Eric Johnson that I realized the precautions I take to deter cyber threats are comparable to the cyber resiliency efforts that businesses must take.
Service outages and cyber breaches, even those lasting only a short time, can cost firms hundreds of millions of dollars and result in customer loss. This is why Johnson focused on ways businesses can take steps to improve their cyber resiliency through building systems that proactively work to address potential threats.
One security strategy that stood out to me was immutable storage, a data protection method that prevents unauthorized alteration or deletion of data. This works alongside anomaly detection, which flags suspicious activity in real time. As an operations management major, I found this particularly compelling because it emphasizes preventive measures that support smooth business processes rather than reactive technologies that only address attacks after the fact.
I was also interested in the connection between cyber resilience, supply chain management and AI - all topics that tie into my curriculum at Fisher. A firm can have a rapid incident response system established to detect anomalies and take action to address threats, but it is only as strong as its weakest link. The realization that vendors, especially those with access to a company’s systems or who are vital to a company’s success, should follow the same safety standards as the company’s employees was an eye-opening concept for me. As was learning that since rapid incident response systems typically use AI to automate processes, many companies are choosing to build their own internal AI platforms to ensure the safety of sensitive information.
What struck me most was how relevant and immediately applicable Johnson’s information was. As a 3rd year student sitting amongst professionals with years of experience, the discussion closely aligned with my experiences as an intern and a student. It made me realize that cybersecurity is not just an IT issue; it is a business issue that affects all stakeholders. For business students like me, understanding the fundamentals of resilience is not optional; it is essential.
