India has made significant progress in its digital transformation journey and is poised to advance further over the next decade. The recent launch of 5G network is a testimony of India’s accelerated digital transformation curve. While automation and the adoption of emerging technologies are increasing across industries, ransomware attacks, data breaches, and other cyber-related threats are also surging rampantly. For threat actors, India offers a lucrative opportunity with its burgeoning economy, sizable corporate population, and rapid digitization. With the growing menace of cyber-threats coupled with hybrid working models, organizations are emphasizing on making sure they don’t fall victim to such hostile attempts and safeguard their sensitive data. With October being recognised as “Cyber Awareness Month”, here are a list of technology leaders sharing their opinions on what it takes to create a cyber-resilient company and a cyber-aware workforce.
Anand Jain, Co-founder and Chief Product Officer, CleverTap
India is one of the fastest growing markets for digital technologies fuelling the government’s ‘Digital India’ initiative and the vision for India to become a developed nation by 2047. To be able to achieve such a feat, it would require India to become a technologically advanced powerhouse that has especially championed cybersecurity. The nation currently has over 1.15 billion phone users and 700 million active internet users, creating a sizable pool of digitally vulnerable targets. According to Google, 18 million cyberattacks and 200,000 threats were made against India in the first three months of 2022.
Cyber threats have become more complex than ever. Malware, viruses, trojan horses, spyware, backdoors that allow remote access, distributed denial of service (DDoS) attacks and DNS (Domain Name System) poisoning attacks, are just the tip of the iceberg. Adopting a Zero-Trust security framework should be every organization’s priority to combat these ever increasing threats. At an individual level, citizens should be privy to multi-factor authentication (MFA) and must adopt the method to secure their internet accounts. Netizens must be aware of the most common hacking techniques- phishing, vishing and shimming- to be able to safeguard themselves against cyber criminals. Keeping complex passwords will also decrease the chances of being targeted. More importantly, governments, enterprises and educational institutes must promote cyber awareness drives to educate all citizens, because the wars of today are already being fought online.
Nitha Puthran, Senior Vice President – Cloud, Infrastructure & Security, Persistent Systems Ltd.
Cyber security organizations have been increasing the number of tools and technologies they deploy to protect their environment and detect threats. With all these technologies, which are good at detecting critical cyber security threats based on logic built into each tool, one of the unintended consequences has been keeping up with all the alerts being triggered in their SOC. This leads to alert fatigue and reduces the time to detect and respond to real attacks.
In order to minimize the time it takes to remediate these threats, it requires breaking down the silos between security areas. To accomplish this, you need an integrated framework to connect the silos, share information and bring the different expertise across security domains together. The result of this integration is to prioritize and quantify alerts based on the business context. An organization can then validate the probability of exposure and exploitation on an ongoing basis.
Rajesh Garg, EVP, Chief Digital Officer & Head – Cybersecurity, Yotta Infrastructure
“With technology playing a pivotal role in business continuity, one cannot ignore the importance of cybersecurity. While businesses are unlocking new levels of digital transformation, they are also at risk of exposure to an evolving and complex cyber threat landscape. The growing instances of cyberattacks are alarming for businesses, especially when digital assets have seen exponential growth in the recent years. Organisations must safeguard their digital footprint across all layers of their infrastructure. Our newest portfolio of comprehensive as-a-service cybersecurity solutions, Yotta’s Smart Cybersecurity Services suite, can equip enterprises with holistic, robust cybersecurity. As a result, they can safeguard their critical assets and relieve their teams from the mind-numbing task of gatekeeping their IT environment.”
Ravisha Chugh, Principal Analyst, Gartner
- The importance of cyber awareness: Cyber awareness is extremely important as there has been rise in data breaches caused by social engineering attacks which no single technology solution can detect. Therefore, you need a combination of technology, process, and user awareness.
- What are new emerging cyber threats that common people should be aware of, and how can they protect themselves: One of the most common threat these days are phishing scams ranging from email-based phishing to smishing (SMS Phishing) and social media phishing. Attackers are intelligent enough to persuade common people to collect personal and financial information. These types of attacks are difficult to detect and so the last line of defence is always the user.
- Quick top-line trends in the cyber security space:
- Identity Threat Detection and Response: More and more we are seeing that attackers are now actively targeting the credentials and passwords. This can be managed through ITDR which includes multiple products like MFA tools, PAM tools Account takeover fraud detection tools etc.
- Vendor Consolidation: Across multiple security domains, security technology convergence is accelerating driven by the need to reduce complexity, leverage commonalities, reduce administration overhead and provide more effective security. As a result, 80% of SRM leaders are now looking to consolidate their security spending with fewer vendors.
- Beyond Awareness: Many Security and risk management leaders are enhancing their security awareness programs by moving beyond traditional security awareness programs and investing in holistic security behavior and culture change programs.
Umesh Bhapkar, Senior Director – Technology, Synechron
Businesses today have made significant investments in creating a strong security infrastructure to safeguard their data as well as their companies. Endpoint Security, Zero-Trust Security, Multi-factor Authentication, etc. are just a few of the solutions adopted by a majority of the organizations. Maintaining data security and privacy are of the utmost importance to Synechron particularly because a significant part of our work largely caters to the BFSI sector. We have employed a ‘defence in depth’ strategy, which involves creating multiple layers of security around critical data and information belonging to our firm.
To swiftly identify and handle any security breaches, our Security Operations Center (SOC) continuously monitors security operations. We regularly conduct vulnerability assessments and penetration tests to identify any gaps in our network and IT frameworks. As part of our cloud security, we use Web Application Firewall (WAF) and Cloud Security Posture Management (CSPM) technologies. We have deployed Privileged Access Management (PAM), a combination of tools and technologies to safeguard, regulate, and keep an eye on who has access to vital data and resources. We regularly assess our security posture with the help of unbiased security rating organisations like Bit Sight and Security Scorecard.
In addition to Implementing policies and having technical controls, it is also crucial to have a workforce that is cyber-aware and vigilant. Employees with little knowledge of cybersecurity, or a lax approach, can pose a threat since they can easily fall prey to phishing schemes and social engineering attacks. To educate staff members of their responsibilities in the battle against data security breaches and make them cyber resilient, we have created a variety of Information security awareness campaigns including mandatory bi-annual security trainings followed by security quizpop up quiz during our intranet portal access, monthly phishing simulations to detect and train vulnerable employees amongst several other initiatives.
Venkat Krishnapur, Vice-President of Engineering and Managing Director, Trellix India
“Cybercrime has become increasingly sophisticated, oftentimes infiltrating our workplaces and personal lives alike with relative ease. With a cyber-attack being reported every 40 seconds, it is critical to educate people on how they can be potential targets and ways they can safeguard themselves. From an India context, with an exponential increase in the use of digital applications for a variety of purposes and taking into account a fairly large section of Indian society that is not computer literate, the risks are compounded.
The same is also applicable to organisations. The large volumes of business-critical data that they possess makes them a lucrative target for cyber offenders. It is therefore important that organisations are also well educated on how to protect themselves against such threats.
It is important to understand that the threats are no longer within the scope of being managed manually. It is critical businesses adopt the right Cybersecurity strategies and technologies to protect themselves, in a rapidly changing security environment.
Adaptive technologies such as Trellix’s XDR platform that combine artificial intelligence, machine learning, automation, device monitoring, and database security in one place, give you the best chance of protecting your data in all its forms.
Living security that smartly adapts to the rapidly changing threat environment is the way to go. It helps businesses stay one step ahead of their attackers, adapt to emerging threats, and accelerate detection and correction across the entire defense lifecycle.
Trellix XDR, for example, assists businesses in increasing analyst and security operations productivity by combining events from various security technologies and using co-relation logic, utilising many years of experience in the cybersecurity industry to provide the best, most optimum and manageable security outcomes.
As an organisation, we also educate Enterprises on various topics such as internet security, Health Insurance Portability Act, Zero Day exploits, and Information Rights Management among other topics to help them understand the cybersecurity landscape better and be abreast of the developing threats in the cyber space.”
Jared Danaraj Vice President, Sales and Solutions Engineering, Asia Pacific, and Japan- UiPath
India has seen a surge in cyber-attacks and has reported over 670,000 cases until June this year, making it essential for all stakeholders to come together and prioritize cybersecurity. According to a recent World Economic Forum report, 95% of cybersecurity problems result from human error, which is further aggravated due to the global cyber skills shortage. Employees often fail to recognize and report malicious activities such as phishing leading to significant financial losses. Organizations are prioritizing cybersecurity with training initiatives and incentivizing the reporting of phishing attacks as part of the overall company bonus policy. However, automating cybersecurity operations can help detect threats and prevent expensive consequences. Deploying software robots can help eliminate human errors and reduce the time taken to respond to a cyber incident.
Realizing the importance of security, we have entered into strategic partnerships with major security platforms like CyberArk, CrowdStrike, and eSentire. Software robots can ensure all malicious emails are automatically quarantined and trigger remediation actions when necessary. Robots can quickly action deletion or quarantining of suspicious malware-infected files, perform a geolocation lookup on a given IP address, quarantine a device from the network, and more. For example, UiPath robots can natively integrate with CrowdStrike to enable endpoint detection and response with Falcon Insight. Our integration with eSentire enables end-to-end security policy automation across multiple Microsoft Security services.
We urge CISOs to implement initiatives and adopt automation tools for cybersecurity operations that can also help them improve the overall cybersecurity posture of the organization and stay ahead of cybercriminals.
Gloss