With enterprises shifting to the cloud, securing one’s data and escaping various cyberattacks has become the priority for all. Be it finance, healthcare or manufacturing, every industry generating a massive amount of data is a potential target for attackers. Deploying advanced SIEM solutions such as shifting to Next-Gen SIEM, UEBA (User Entity Behaviour Analytics), SOAR (Security orchestration, automation, and response), XDR (Extended Detection & Response) has become the need of the hour. Mr. Harshil Doshi, Director Sales (India and SAARC) – Securonix in discussion with CXOToday share more insights on the same
- What best practices are organisations following to improve cybersecurity and data privacy preparedness?
Answer: The following practices are being followed by organisations in order to protect themselves against potential threats and data leaks:
- Building a robust cybersecurity policy and secure network no matter how many devices, applications, and servers the company uses
- Securing access to sensitive data from any location or device especially in the WFH era
- Regularly backing up data and closely monitoring all activity connected to critical resources
- Raising cybersecurity awareness among employees through a people-centric approach, as employees can be an organisation’s biggest security risk or its strongest security defence.
- Mandating the use of password managers, SSOs, and multi-factor authentication (MFA) as the use of repetitive or weak passwords is still a very common practice among multinational corporation employees today. Implementing an enterprise password manager is the most viable option for improving cybersecurity and data privacy flaws in an organisation.
2. What are the biggest issues that companies must address from a privacy perspective when they suffer a data security incident?
Answer: When a company suffers a data security incident, one of the foremost things the concerned authorities should do is report it as soon as possible so that appropriate measures can be taken to combat the breach and prevent further data loss. Secondly, the company should secure all physical areas associated with the breach and mobilise the IT team. It is important to note that when a company faces a security threat, it is critical to notify law enforcement, other affected businesses, and affected individuals so that all vulnerabilities can be fixed as soon as possible.
3. When it comes to data protection, how vulnerable is the manufacturing industry? How can data privacy be strengthened in India?
Answer: When it comes to data protection and security, the manufacturing industry is one of the most vulnerable, as it is more prone to various cyber crimes such as email phishing scams and virus threats.
To strengthen data privacy in the country, there is a strong need for a comprehensive data protection bill which is in the works already. The bill will radically change the way companies collect, store and process data. Apart from that, businesses should start considering cybersecurity as a business risk and ramp up their security operations, rather than waiting to be attacked. The threat landscape is ever evolving and all kinds of businesses, whether big or small, are at risk. Therefore, a proactive approach towards cybersecurity is required.
4. What is your outlook for data security in the manufacturing industry, and what role could your company play? Does it have wider applications within automotive data?
Given the focus on innovation and the manufacturing industry’s increasing reliance on IoT, manufacturers are particularly vulnerable to cyber attacks. There is a notion that since manufacturers don’t process massive amounts of data, they are less likely to get attacked. Hackers might just target manufacturing plants to steal trade secrets, achieve remote control or even shut down operations completely. Manufacturers should think of a robust and integrated approach to cybersecurity as a lot of crucial information is stored at the shop floor which can be hacked.
Securonix can be integrated with PTC Windchill, which is a product lifecycle management application used by companies for design and documentation collaboration. Securonix for Windchill allows security monitoring in order to detect and stop intellectual property theft and accidental data leakage. So, this solution only works with PTC Windchill but Securonix has a wide range of security analytics applications that are scalable, cloud native and advanced that uses machine learning and AI to detect and respond to threats in real time.
5. How is the cloud database space growing in and outside India? How much has India’s cybersecurity awareness and practices advanced in the last two years?
The cloud database is growing immensely in India and abroad. In my opinion, cloud migration has been accelerated with the onslaught of the pandemic and many offices going into a WFH model. It’s not just about the need of the hour, but also the various benefits that cloud native applications provide. Keeping your data on-prem without the hassles of managing legacy systems has made it much simpler and effective to manage data. Furthermore, databases on cloud offer flexible pricing models, no capital expense and better operating expenses, which is preferred by businesses. India, in particular, is the fastest growing market with different kinds of tech industries shaping up – fintech, e-learning, e-health, e-commerce, etc. Companies are looking for data intelligence and data analytics for better business outcomes. And all of this requires a powerful database and storage.
With the growing cloud adoption, India has woken up to the need to have a comprehensive cybersecurity policy in place. Recently, the CERT-In also issued an advisory mandating companies to report any data leak or breach within six hours of the incident. This comes at a time when businesses and state authorities are constantly getting attacked as the threat landscape is evolving. As a result, cybersecurity these days has become a business goal rather than an added expense.
6. Which sectors/industries would you say are most attentive and least attentive towards information security?
Answer: Every industry in India is digitally transforming, creating a dynamic landscape for information security. When it comes to industries that are most concerned with information security, finance and healthcare industries are at the top of the list. These industries not only recognize the importance of information security but also implement various strategies and channels to ensure a secure cloud data architecture. Even the government is realising the need to have proper security measures in place with the rising nation state actors. The manufacturing industry, on the other hand, pays little attention to information security practices, which leads to a variety of cybercrimes such as email phishing scams and virus threats.
7. Please outline the context and current cybersecurity risk for manufacturing companies and the supply chain?
Answer: Manufacturing companies are extremely vulnerable to cybersecurity attacks. Many studies show that the manufacturing industry is the second most targeted industry, trailing only finance and insurance. Some of the current cybersecurity risks that a manufacturing company faces are as follows:
- Phishing attacks
- Internal breaches
- Equipment sabotage
- IP Theft etc.
Aside from all of these attacks, companies are particularly vulnerable to supply chain attacks due to long supply lines and fragmented security systems. Hackers can gain access to major corporations via partners and suppliers using a variety of vulnerable endpoints. Supply chain attacks are a double-edged sword because, once the main company is forced to shut down operations, every company it supplies is similarly impacted within days of the initial attack.
8. What are your thoughts on the Data Protection Bill in India?
Answer: India is increasingly becoming digital with the narrowing digital divide and proliferating technology applications. I think the data protection bill is long due and is very much needed right now. Businesses process and transfer a lot of data on a daily basis that has encouraged countries to build progressive data protection laws as every individual has a right to privacy. At the same time, the bill should set the right frameworks in place to support future businesses. The bill should be able to address all the data privacy concerns that we have been facing and enable businesses, government and people to fully utilise the benefits of data and digital technologies.