Please introduce yourself and your role. 

“My name is Stephen Faulkner and I am solutions director for Orange Cyberdefense, part of the UK executive management team. I’m responsible for the team of cybersecurity solutions consultants and architects that directly engage with customers to understand their cybersecurity challenges and requirements. We then translate our customer requirements into proposed solutions by leveraging Orange Cyberdefense’s broad intelligence-led cybersecurity portfolio. I also play an additional role in providing executive sponsorship and advice to executive peers and senior business leaders.” 

What is Orange Cyberdefense? 

“Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection and response services to organisations around the globe. We are Europe’s go-to security provider, and strive to build a safer digital society. To do this, we leverage our threat research and intelligence-driven approach to offer unparalleled access to current and emerging threats.

“We also have close partnerships with numerous industry-leading technology vendors, and wrap elite cybersecurity talent, unique technologies and robust processes into an easy-to-consume, end-to-end managed services portfolio.”

What led you to a career in this sector? 

“Firstly, one person who understood that I was looking for a new challenge in life after having an expansive career in both the military and IT. I stepped into cybersecurity with little expectation that it could meet my appetite for something more challenging, but I realised what a truly unique and challenging industry this is within the first month. This is an industry that is constantly having to think of better ways of mitigating the risks and challenges businesses and organisations are facing from both current and emerging threats.”

Tell us one fact about cyberattacks which keeps you up at night.

“The one fact that keeps me up at night is the devastating impact cyberattacks can have on people, businesses and organisations. I’m especially concerned about cyberattacks impacting blue light organisations, as they could actually have a direct or indirect effect on someone living or dying.” 

Tell us about your work in the healthcare sector. 

“I’ve worked with both the private and public healthcare sectors including many of the NHS Trusts, NHS Digital, Bupa and Spire to name but a few, and honestly, it’s always been a pleasure to know you may have helped in some small way. I also worked with the MHRA before and during COVID-19, first to help it respond to a data breach and then to help it prevent more of them by improving its overall cyber situational awareness.” 

What is the greatest threat or challenge to the healthcare industry from cyberattacks?  

“One of the greatest threats to the industry seems to be ransomware, if recent history is anything to go by. However, another crucial challenge facing the healthcare industry, especially in the public sector, is its sheer size and complexity. The scale of their IT infrastructure, the volume of people – for example, the NHS employees 1.2m people – and the myriad of specially designed connected devices and applications they have means healthcare organisations present a very large attack surface, and the larger the attack surface, the harder it is to defend against cyberattacks.”

How can the healthcare sector better protect itself?

“Firstly, having some basic cyber awareness training for all staff to give them continuous awareness throughout the year would go a long way to reducing the cyber risk it faces if you think of the sheer number of people in this industry. Just conducting some basic awareness training will help these staff members become a ‘human firewall’. Secondly, because of the sheer size of the NHS for example, I would regionalise the consumption of some of their cybersecurity services that are being delivered nationally. This would provide a better way to measure the success or failure of any outsourced providers and make them more accountable for the services they may be delivering. Thirdly, I believe in Orange Cyberdefense’s intelligence-led approach, which helps us build much smarter cyber-resilient and responsive services.”

During your time working on cybersecurity, what has been your biggest lesson? 

“That’s an easy question, and my answer would be that there is no silver bullet in cybersecurity.”

What do the next 12 months hold for you and Orange Cyberdefense? 

“My team and I will continue to support our customers of course but, as always, we will also be keeping one eye on our cyber-adversaries and continuing to think of ways to better protect our clients in the future. Orange Cyberdefense has already made plans for continuous investment over the next 12 months and is leading the way in driving more innovation in order to best serve our clients.”