Key Cyber Security Initiatives for Indian Enterprises: Gartner

by CXOtoday News Desk    Aug 04, 2017

security

With the digitalization boom in India, more Indian enterprises are upgrading their security capabilities to make their enterprises more secure against the latest threats. Rajpreet Kaur, senior research analyst at Gartner, shared her insights about the latest cybersecurity attacks on Indian enterprises and steps to mitigate risks from the attacks.

Kaur believes that there has been a spike in targeted attacks including state sponsored attacks against Indian enterprises of all sizes not just the large ones. There is an increase in the following four attack vectors, including web application attacks, Distributed Denial of service (DDoS) attack, advanced malware attacks such as ransomware attacks such as WannaCry, Petya to name a few, as well as spear phishing attacks in the form of phishing emails.

“While enterprises are working towards deploying sophisticated technologies, they first need to get their basics right. The majority of cyber-attacks try to exploit an existing unpatched vulnerability and then move in the network using machine privileges. Before investing in new security tools, organizations should get their “3Ps” right: Patching, Privileges, and Passwords. Another grey area is poor detection and response capabilities, which needs a big improvement, explains Kaur.

However, she believes these attacks are still the same. However, with digitalization it has become easier to target Indian enterprises as the networks are expanding as opposed to the earlier closed networks. In such a scenario, security needs to evolve as business evolves, and so does the responsibility of the security team. Years ago the security team used to manage firewalls. Now they are looking after end point security, network security, security monitoring, analytics, forensic analysis and much more based on the network of the respective organization.

Kaur offers CXOs the following three critical steps to manage risk and security in the digital ecosystems. First, sit with the stake holders and ask them about the key risks to the business, categorize the risks into high, medium and low, and then tie it back to the organization’s cybersecurity key initiatives and finally, adapt and evolve the organization’s cybersecurity continuously.