CXO Bytes

Data breach is a problem. But it’s also an opportunity for the tech ecosystem

As digitization becomes more common, there is a need to prioritize data security now more than ever. Established organizations having comprehensive security solutions constantly experience data security threats. It is mind-numbing how bad actors are getting customers to purchase fake services or gain sensitive information through fake tech support sites that have led to massive data breaches and financial losses. Manual errors in adhering to security best practices by administrators is another challenge. To illustrate the potential problem, nearly 3.2 million files of an airline’s data was leaked last year. That is a heavy data breach which left sensitive flight data, crew PII and other details exposed. In another example, a fintech company was recently exposed to data breaches, affecting hundreds of thousands of customers worldwide.


Of course, such breach of data could ruin reputation. But it also brings new opportunities for organizations and the industry to strive towards better security solutions to protect customers’ data.


With AI becoming more consumable, automated solutions could significantly drive efficiencies to organizations. However, incorporating appropriate security measures toward usage of such open solutions without compromising on sensitive data is evolving as another area to be addressed on priority. Tightening data protection is a massive responsibility. Lots of evidence shows that organizations have invested in advanced ML algorithms and analytics to detect anomalies and prevent fraud.


Technology is here to protect us from vulnerabilities. But the human aspect plays an equal role in ensuring technologies are deployed and maintained with extreme ownership and accountability. Organizations have technologists’ own data layers, AI capabilities, money movement capabilities, and much more—integrating people and technology for a powerful future.


Companies lean toward cloud native security solutions

Nearly 60% of companies in India are hosting their applications in the cloud. As a natural alignment, cloud native security solutions are adopted to achieve speed and protect resources. It is effective because cloud providers offer security solutions at every layer of their infrastructure and application solutions. From hardened images to network security to web application firewalls, customers’ data is protected through integrated security solutions in the cloud that makes it harder for bad actors to gain access to sensitive data.


For example, last year saw an exploitation of a vulnerability in Apache Log4j that could be utilized by an attacker to conduct remote code execution. However, the impact was minimal since most companies hosted in the cloud were either protected or were able to quickly update their web application firewall rules to prevent such attacks. For many, no changes were required since the cloud providers constantly detect vulnerabilities and protect their customers. For countries like India, are such security solutions good enough to fortify data?  


More laws, better future

Beyond technology, one of the most important gestures to boost data security is in the national policies and laws. Over the years, the government of India has been iterating on a bill for protecting personal data. The use of data needs to be braced by cybersecurity frameworks to build resilience and fight vulnerabilities.


The Digital Personal Data Protection Bill, also known as PDP 2022, is the latest version of the bill. While the purpose of the bill is to build awareness on how consumer data is used and the right to give consent for the data, it also emphasizes the importance of data protection.


PDP is a great starting point for defining roles and the right to access various players—such as companies that possess personal data of individuals, individuals to whom the data belongs, and companies that process the data. The bill sets clear expectations and guardrails including penalties for any deviations from abiding by the law. This will propel the industry to invest and innovate more comprehensive and integrated security solutions.


Current outlook will mark a new era of data protection


In India, 40% of internet users stem from rural regions—and this segment is growing at a faster rate. This means, there is also a huge investment required from the government and aided entities to introduce cybersecurity awareness programs. Fraud prevention in the areas of digital payments is another segment that will continue to evolve and ensure customers have complete trust in the system.


Large and small organizations are constantly innovating new solutions to address growing security needs in the country. This is especially important with open source becoming a prominent form of innovation. Encryption, backup, restoration, and disaster recovery are great developments in the areas of data security. Now it is time for startups and the tech ecosystem in India to take on bigger and bolder areas of threat modeling, threat detection and prevention by leveraging advanced algorithms.


(The author is Nandish Madhu, Director – Product Development – Cloud Engineering and Operations at Intuit, and the views expressed in this article are his own)

Leave a Response