Why cybersecurity can no longer be just a hygiene factor
Over two billion people worldwide purchased goods or services online last year, according to Statista. In India, the number was 150 million, a rise of over 11% since 2019. With the number of India’s Internet users expected to rise to 974 million in 2025 from 696 million in 2020, we can expect a phenomenal increase in online transactions.
While the pandemic played a major role in pushing the digital agenda across industries, the government’s policy on building a digital India further strengthened the growth in online infrastructure and business. As digitisation becomes all pervasive, cybersecurity will become a major concern. What was earlier considered a mere hygiene factor is now a strategic agenda for every corporate and government entity.
Also read: How to protect your phone from malware and cybercriminals
Incidentally, the impact of cybersecurity is not limited to financial losses alone. A single incident can lead to downtime of IT applications, giving rise to inferior customer experiences. Cyber breach can cause non-compliance with regulatory mandates inviting penalties and legal actions.
Here are some best practices organisations can follow to safeguard themselves and be more cyber-resilient.
Build a strong security culture: A vigorous security strategy begins by inculcating the culture of security in an organisation. This can be managed by placing the chief information security officer (CISO) and his strategies at the centre of the organisation. It explains the importance of the practice and defines roles of every entity within the organisation, highlighting that security is not just the responsibility of the IT team.
Empower the CISO: By empowering the CISO, an organisation ensures that critical security-related changes within the organisation can be driven effectively.
Back strategy with the right investments: Estimating investments into cybersecurity initiatives usually depends on the profile of the company, its customers, the kind of data it handles and its sensitivity. A realistic estimation of the risk profile is essential to ensure that the investments in people, processes and technology stay ahead of the cyber threat landscape.
Stay ahead of the curve: Investing in threat intelligence platforms, threat hunting capabilities and other emerging technologies is a must.
Build a robust governance system: Setting up an information security council that has participation from the leadership and other teams of the company helps build effective initiatives.
Supply chain management: An organization usually doesn’t have total control on its vendor and partner’s systems and if a breach were to take place it could ruin the entire supply chain. Hence, it is important to maintain robust corporate governance of the supply chain.
Vishal Salvi is chief information security officer and head of cyber security practice, Infosys.
Also read: State-sponsored cyber attacks have corporates worried
Gloss