CXOToday speaks to experts in the tech industry who have offered their insights on how companies can bolster cyber defences.
Last year, organizations transitioned their entire workforces and operations to an at-home, remote model almost overnight. Suddenly collaboration tools and video conferencing became more vital than ever, but in the haste to deploy them, security became an afterthought. And taking the crisis to their advantage, hackers and cyber goons executed a series of sophisticated cyber attacks, from phishing to targeted ransomware and much more. This year, as businesses are moving towards a new era of hybrid operations the need of the hour for organizations is to make security a strategic imperative.
While cybersecurity is an ongoing issue, the National Cybersecurity Awareness Month, celebrated every October to raise the importance of internet security and cybersecurity measures for businesses and consumers, is an excellent opportunity for the enterprise to reflect on their cybersecurity practices, and promote cybersecurity awareness in the best possible ways. In 2021, Cybersecurity Awareness Month highlights the importance of cybersecurity education for all around the theme: Do your part. #BeCyberSmart. In other words, with more workers using personal and corporate devices interchangeably, it is ever more important to be cyber-aware today.
Taking this into consideration, CXOToday speaks to experts in the tech industry who have offered their insights around the evolving cybersecurity threat landscape, problems facing security teams, and how companies can bolster cyber defences.
“Ad-hoc adoption of cloud technologies has created a more complex IT landscape to secure, with gaps in visibility and data being spread across multiple tools, cloud and on-premise infrastructure. Further, the rapid shift to remote work had a tremendous impact on security programs. Organizations were focused on getting online and security became an afterthought. The problem here isn’t the adoption of these new technologies –it’s the fact that they were implemented very quickly, and companies existing security strategies and technologies were not able to adapt as quickly.
Companies should consider evolving to “zero trust” security approach, which requires companies to unify their security data and approach, with the goal wrapping security context around every user, every device, and every interaction. They also need to adopt unified security platforms that can connect disparate security tools as well as analyze data that resides across multiple, hybrid cloud environments. With data breaches costing companies Rs.165 million on average, companies should also implement the right data security and privacy policies in order to maintain consumer trust. Finally, they should consider dedicated testing to ensure the security strategies and technologies they’ve relied on previously still hold up in this new landscape; re-evaluating the effectiveness of incident response plans, and testing applications for security vulnerabilities are both important components of this process.” – Prashant Bhatkal, Security software sales leader, IBM Technology Sales, IBM India/South Asia
“Cyber crime is growing in volume while adversaries are evolving their tactics, techniques and procedures making it harder than ever for organisations to navigate security threats. Adopting a cybersecurity first approach and engaging cyber hygiene capabilities has become a critical need. This includes network segmentation, principle of least privilege, IT hygiene, vulnerability management and patching and now even Zero Trust capabilities. Doing this makes an organizations environment much more hostile for adversaries to enter and operate in. Organizations should think cloud-native, designing their strategy around prevention, detection and response to combine technology with human threat hunting. They need to ensure security awareness among their employee base is strong, particularly as remote working becomes more prominent but this also comes from an organisational culture of focusing on security from the top down. They should transition to next generation antivirus, invest in threat hunting and threat intelligence to keep up with the fast-evolving threat landscape because there is a human behind every attack. They also need to run tabletop exercises in order to prepare teams in case of an attack. Staying ahead of today’s ever-evolving adversary groups is critical and can be accomplished with effective threat intelligence.” – Jagdish Mahapatra, Vice President-Asia, CrowdStrike
“Being cyber resilient embarks on #BeingCyberSmart. With the increasing reliance on the internet and technology, entrenching cyber resilience into a digital transformation strategy has become a business imperative. Millions of new devices and users are now connected virtually, leaving sensitive information exposed to malicious actors. CISOs and security leaders must become strategic advisors from the onset of digital transformation initiatives and adopt an integrated approach for securing the digital environment. Today’s cyber defenders must have visibility across applications, networks, and devices, along with the ability to leverage machine speed and predictive intelligence to deliver scalable, adaptable protection. Another top priority in this hybrid working environment is to secure remote networking and fortifying endpoints and defend the organization from cyberattacks. At Cisco, we are proud to add voice to this essential cyber awareness theme. Cybersecurity is embedded into everything we do, and it continues to be a top priority for our customers. Ultimately, in this virtualized world, security must be built-in, not bolted on. To help our customers manage their dynamic security needs, Cisco’s Security portfolio is now integrated across all critical control points for the network, users and endpoints, cloud edge, and applications. It is now cloud-managed with the SecureX platform that offers unified visibility and simplicity. We are also embracing future-rich conversations like Passwordless Authentication and bio-metric-based Multi-factor Authentication. We will continue to strengthen our leadership in cybersecurity through SASE, XDR, and zero trust integration into our networking and security unified platforms. We truly believe that we have the technology, and more importantly, the intent to make a real difference.” – Vishak Raman, Director, Security Business, Cisco India & SAARC
“Gone are the days when security was considered to be an add-on, now it has become the imperative, the necessity, without which successful businesses cannot be built or sustained. With hybrid working becoming a routine of our professional life, organizations have an increased pressure to ensure data security. With the rising instances of data breaches, CIOs across sectors are compelled to think of security-first approach. It comprises establishing clear security policies and guidelines, securing endpoints, monitoring privileged accounts and access, modernizing legacy applications and infrastructure. Maintaining a strong security posture would help organizations to secure systems, lower costs, and enhance the overall reliability and reputation.” – Neelesh Kripalani, Chief Technology Officer, Clover Infotech
“Data breaches have posed a significant roadblock to faster digital adoption at a time when the world is adopting digital-first approaches to work-related activities. India Inc. continues to be highly vulnerable to cyber crimes, due to a lack of continuous threat visibility. Indian companies are regularly confronted with cyber threats such as data leakage, connection to unsecured Wi-Fi networks, phishing attacks and ransomware attacks. In the wake of the pandemic, it is even more important for organizations to not only build a robust cybersecurity infrastructure, but also establish enough situational awareness about the pertinent cyber threats they face. A huge amount of resources are available for threat actors who are actively upgrading their tools and skills as the threat landscape evolves. To have a dependable security approach, an organization must know what is happening in its operational environment, so it must begin consuming, analyzing, and sharing threat intelligence to all the stakeholders. It is imperative that Indian businesses and organizations, both large and small, #BeCyberSmart and get a handle on building cybersecurity awareness and invest in a robust security automation infrastructure. Cybersecurity hygiene should be cultivated in every organization to avoid the threats they are exposed to. It is time to make cybersecurity a core component of business activities, by bringing together all the relevant teams and decision-makers through virtual cyber fusion for effective threat management and response” – Akshat Jain, CTO & Co-Founder, Cyware
“It may be 18 years since the launch of Cybersecurity Awareness Month, but the need for awareness about it has increased manifold now more than ever. Since 2020 the rapid and hurried need to introduce newer and better cybersecurity details in their organization caught everyone by surprise as only a few were ready to function remotely on a large scale. Things are now changing for the better, yet not at the speed and advancement necessary. However, awareness campaigns like these will certainly boost the knowledge needed among the C-Suite across verticals – banking, healthcare, education, etc to implement stringent cybersecurity norms in their organization. While earlier there was just a need for implementing cybersecurity solutions, now organizations are educating or training their employees about cybersecurity in terms of implementation, detection, etc. This is more helpful with a united front to fight cyber crimes that have increased due to the gaps in security created due to remote working. Unsafe practices, vulnerable networks and internet connections and internal threats are all the reasons why employees must be prepared to be fighters of cyber crimes. Insider threats are now the biggest reason for worry as knowingly or unknowingly security is breached and consequences need to be faced by the organization and the responsible employees. Hence it is very much necessary for organizations to implement Zero Trust, MFA, Password Protection and other security measures to fight cybersecurity breach and create awareness around cybersecurity.” – Subodh Anchan, Director – VP Alliance at iValue InfoSolutions
“SMBs form a huge chunk of India’s economy and cyber criminals are targeting the SMBs. According to a recent study, 74% of SMBs were targeted by cyber threats in the last one year and it cost 62% of the businesses Rs 3.5Cr. Organizations are yet to update their cybersecurity measures to the needed standard in order to protect themselves from cyber criminals. It is not just the organizations, event government web portals and offices too need to keep their systems secure. But with cyber threats growing every year, a robust solution needs to meet them head-on and cybersecurity can’t solely depend on anti-virus and network solutions. Secure hardware options too are necessary in keeping cybersecurity measures robust. With hardware and software-based security features built into the KVM units, businesses, military, intelligence, and federal agency installations can rest assured that their data is being protected on both physical and digital levels. It is necessary that organizations have a 360 degree approach and ensure cybersecurity measures are enforced.” – Vittal Salunke, Business Head at ATEN Advance
“With the stark rise in phishing attacks and other forms of cyberattacks in the post-pandemic times, Cyber Security Awareness Month has become more crucial than ever. National Cyber Security Awareness Month brings the perfect time to implement some basic practices that we should each be taking to safeguard our privacy and valuable digital assets. Companies should follow basic hygiene such as keeping a unique password for each account to protect passwords. They should not click on a suspicious links or emails, as repot says “Every day nearly 3 billion fake emails are sent”. Other important points to keep in mind are: It is important to always use a Virtual Private Network (VPN) when connecting to an untrusted network, set up multifactor authentication for sensitive account log-ins and regularly update antivirus and antispyware software on every computer.” – Amit Singh, General Manager: Security Business Unit at TechnoBind
“In today’s interdependent world, a vulnerability in a solution can cause hundreds of organizations around the world to go on semi lockdown mode. Since humans are the weakest link in the security chain, it is imperative that every organization invests in strengthening this weakest link by educating them about their role towards becoming a cybersmart company. Each company needs to maintain a comprehensive view of not only their assets, but also their supply chains. They must also continue to assess their risk exposure to any development, positive or negative, across the globe. In the past decade, organizations have adopted cloud solutions and infrastructure at a significant rate and scale. This allows users to remain connected and access information wherever they are. The end points have become the new perimeter. This eliminates the concept of Trusted network approach, in which users were considered trustworthy if they were accessing systems and applications from specific locations or networks. Every organization needs to continue to invest in user behaviour analytics enabled access solutions, monitoring third party services (including cloud), Zero Trust architecture, automating security controls/checks to limit human dependency and AI/ML enabled SOC for monitoring of systems. Moreover, organizations need to implement a comprehensive cybersecurity training program, periodically upskilling their security teams, and constantly monitor and enhance their cybersecurity posture to ensure they are adequately prepared to defend their operations in the new normal.” – Satya Machiraju, VP, Information Security, Whatfix
“Cybercrime is an evolving threat that’s getting more sophisticated with each passing day. The concern is critical – more so in the current hybrid work environment. Many employees are working from home, taking company and customer-sensitive information beyond traditional organizational boundaries. Along every step of the data management journey – from prevention to detection and response – there are some key aspects to ensure the protection of business-critical data. These include knowing where your data is, how to extract it, and how it interoperates across and beyond organizational boundaries. Data protection must be the foundation any data management strategy and therefore it is important to opt for solutions that address the full range of cybersecurity threats. An ideal data management solution leverages data protection the right way, irrespective of whether your data resides in the cloud, on-prem or in a multi-cloud hybrid environment.”
“Organizations, both big and small, can only sustain if they recognise their responsibilities around the data they receive; and as remote working continues, either full-time or in a hybrid model, it is important to consider a privacy-by-design approach that will reduce the likelihood of data breaches. As a starting point, companies should adopt the obligations of regulations applicable to their sector, such as HIPAA, PCI and GDPR. Additionally, companies must also focus on educating and training their employees and key stakeholders to build awareness of the sensitivity and importance of data protection.” – Barry Cook