Executive Interview: CVA’s Cyber Leaders on Navigating Emerging Threats

In the rapidly evolving world of digital security, maintaining strong cybersecurity measures is no longer optional but crucial, particularly for industries managing critical infrastructure. For CVA, a leader in the renewable energy sector, cybersecurity efforts are helmed by two strategic figures—Eng. Erik Capecchi, Head of IT and the Information Security Management System (ISMS) ISO IEC 27001, and Eng. Danny Trèves, Head of Vulnerability Management and member of the CVA Privacy Team. In a conversation with SOCRadar, both leaders shed light on the current cybersecurity landscape and how CVA navigates the turbulent waters of emerging threats.

Emerging Trends and Technological Adaptation

“Cybersecurity rapidly adapts to incorporate advanced technologies like AI and machine learning, reshaping attack strategies,” said Eng. Erik Capecchi. In response to these shifts, CVA places high importance on digital identity security with solutions such as multi-factor authentication (MFA) and risk-based access control to safeguard user identities. This is especially relevant given the sophisticated social engineering attacks that exploit AI-driven digital impersonation tactics. “It makes user education and awareness even more imperative,” he emphasized.

Industry-Specific Threats and Investment Priorities

Danny Treves & Erik Capecchi on Prioritization in Cybersecurity

The energy sector faces unique threats that require specialized defenses. According to Eng. Danny Trèves, SCADA/ICS networks are particularly vulnerable, given their crucial role in managing energy infrastructure. “Vulnerabilities in these networks could be exploited by attackers to manipulate or disrupt operations, causing severe economic and reputational damage.”

Furthermore, Distributed Denial of Service (DDoS) attacks can overwhelm essential services, while supply chain vulnerabilities pose additional risks as attackers seek unauthorized access via service providers. Both Capecchi and Trèves highlight CVA’s strategic alignment of cybersecurity investments with current threats, prioritizing predictive and reactive protection measures through partnerships like SOCRadar’s threat intelligence.

AI and ML Revolution in Cybersecurity

CVA isn’t losing sight of artificial intelligence and machine learning’s potential. As Capecchi elaborates, these technologies have a transformative impact on cybersecurity strategies, improving detection accuracy and automating incident response. “AI and ML can analyze large volumes of data in real-time, providing predictive security by identifying patterns of user behavior that signal non-standard activity.”

Another aspect that changed the fundamentals of cybersecurity is remote work. It has expanded the digital attack surface, demanding new strategies. CVA leverages modern SaaS solutions to ensure secure remote access. “Our solutions operationally secure both online and offline assets without requiring a direct connection to our on-premise infrastructure,” said Trèves.

Cybersecurity Awareness and Strategic Prioritization

Both leaders recognize that technology alone isn’t enough; fostering a cybersecurity-aware culture is vital. Through regular training and awareness campaigns, CVA ensures that employees can contribute to defending the organization. “We focus on simplicity when transferring concepts and practical examples to engage everyone,” they emphasized.

Balancing known and emerging threats requires strategic prioritization. “We use a paradigm based on the type of asset affected and the exploitability of the vulnerability,” they explained. CVA’s approach is comprehensive, using a SaaS service to monitor zero-day vulnerabilities and predict impacts.

Effective Communication and Leadership

Despite the absence of a traditional CISO, CVA thrives through the combined leadership of Capecchi and Trèves. They ensure effective communication of cybersecurity priorities by engaging non-technical stakeholders with clear, relatable examples that broaden understanding. Guided by their strategic approach, CVA meets current security demands and anticipates future threats through innovative strategies and technological investments. Their dynamic leadership keeps CVA resilient, ensuring uninterrupted operations and safeguarding the company’s role in renewable energy.