Defining the Approach towards Cyber Security By Sudhakar Singh, Editor, CIOReviewIndia

Defining the Approach towards Cyber Security

Sudhakar Singh, Editor, CIOReviewIndia | Monday, 13 July 2020, 10:54 IST

  •  No Image

Defining the Approach towards Cyber Security

It was not a long time ago when CIOs addressing the board members on cyber security had to justify the investment as the board members used to be sceptical about its business value. However, today, the situation has changed completely and the board members are wary of the repercussions of lax cyber security, which is why they are asking CIOs whether or not necessary measures are being taken to ensure that the cyber security risks are minimized. According to a study by IBM Security/Ponemon Institute in 2019, data breach now costs businesses an average of $3.92 million.  

To help CIOs and technology decision makers safeguard their enterprises from cyber threats and shape up the right cyber security posture, CIOReviewIndia brought together experts from different industries through Tech Panel Webinar wherein they explained how businesses need to define their approach towards cyber security. Experts on the panel were: 

  • Vinayak Godse, Vice President, Data Security Council of India
  • Debasish Mukherjee, VP- Regional Sales, APAC, SonicWall
  • Rajesh Kumar, Head of Systems Engineering, India, Juniper Networks
  • Prashant Mehendru, Executive Director, Cyber Security, PwC 
  • Akshay Aggarwal, Director - Cloud Platform, Oracle India 

Role of Policy Making in Cyber Security

Vinayak Godse, Vice President, Data Security Council of India elaborated on the role of policy making in cyber security. “Public policies drive the larger good as well as shape up the way security posture must evolve. Traditionally, we have been taking care of the issues and problems of cyber security under the umbrella of information security. It was largely focused on deterrence, prevention and defence, focusing mainly on process oriented documentation and compliance. However, over the last few years, we have been increasingly using the term – cyber security."

Defining the Approach towards Cyber Security

"Almost 20 percent of our 5 trillion dollar economy is going to be digital and we definitely are worried about securing the digitization of economy."

"The drivers have evolved in addition to the intrinsic ones. Now, you need to be looking at health of global cyberspace, national security, consumer expectations, state and non-state actors, regulators, and international affairs of internet. It is evolving in terms of the stakeholders that are getting engaged and the risk which it poses to new areas. The actions now need to be more proactive which includes threat intelligence, detection, investigation and response. The purview of the information architecture is expanding, bringing in commercial, personal information, financial information, government information and more under it.”

“Trustworthiness of digital space is very important. Almost 20 percent of our 5 trillion dollar economy is going to be digital and we definitely are worried about securing the digitization of economy. Also, safeguarding health data and services is becoming important, as the pandemic is compelling governments to digitalize healthcare services.”

Boundless Cyber Security for Hyper Distributed Era

Debasish Mukherjee, VP, Regional Sales -APAC, SonicWall, expounded on the threat vectors that are emerging and the risk they are posing in a boundless digital era. “We are creating boundless territory. Everyone is working remotely and the digital footprints are not limited to one place. There is a discrete architecture to be managed. While doing so, we are creating complexities and a lot of attacks are happening. More concerning is the fact that new attacks are emerging. Although ransomware and malware attacks have decreased, intrusion attacks have increased, IoT attacks have multiplied, encrypted threats are growing in number, and web app attacks have increased."

Defining the Approach towards Cyber Security

"Although ransomware and malware attacks have decreased, intrusion attacks have increased, IoT attacks have multiplied, encrypted threats are growing in number, and web app attacks have increased"

"The attacks are more sophisticated these days and they are no more just a malware or ransomware attack. Industry is witnessing some never seen attacks. Similar to the advancement of security industry, the criminals are also getting advanced. The ransomware attacks have become more targeted. They are targeting local governments. There is a spike in file-less malware. The encrypted threats are increasing at the same time and IoT attacks are surging while web app attacks are getting doubled."  

How to Protect the Integrity of Network and Ensure Network Resilience

Throwing light on the ways to secure the network infrastructure, Rajesh Kumar, Head of Systems Engineering, India, Juniper Networks, delved deep into the intricacies of networking infrastructure and its security. “There is diversity in network infrastructure. If you look at the network as a fabric of any kind application used by the users, it is completely diversified and it is important to make sure that any attack does not affect the entire organization."

Defining the Approach towards Cyber Security

"If you look at the network as a fabric of any kind application used by the users, it is completely diversified and it is important to make sure that any attack does not affect the entire organization"

"Usually, every device works in a silo and it operates for what it has to. So, you may have multiple layers of security but that does not mean that you are completely protected. So, it is important to reduce the blast radius. The key to detect, block and remediate is time. If you are faster than the hacker, then you can bring down the threat vector to a very low level. So, the security infrastructure needs to be defined end to end."

Ensuring Security in Cloud Environment 

Prashant Mehendru, Executive Director, Cybersecurity, PwC India, elucidated the strategy for ideal cloud adoption and usage. “Cloud providers started with providing a certain level of automation on top of infrastructure components of compute, memory or storage. What they intended to do was to focus on efficiency. While you may have some control in on-premise, it becomes a little abstract in cloud. So, the question which arises is that as my data is hosted somewhere else, what protection do I have. All the cloud providers are looking at some patterns."

Defining the Approach towards Cyber Security

"All the cloud providers are looking at some patterns. First is data, second is identity, third element is the system that processes the data, and fourth is the network"

"First one is data, second is identity, third element is the system that processes the data, and fourth is the network. How do you monitor the events happening on these? With the security restrictions, there is going to be an impact on how organizations want to upgrade. There is going to be huge shift in terms of implementing security solutions and the related concerns will drive organizations increasingly to move to cloud.”

“When it comes to the ideal approach to ensuring security in cloud, it is best to buy and create different accounts for different functions. Decentralization is the key to abstraction of layers, and then having DevOps process running for each to go from development to testing to production.”

How to Secure the Cloud Infrastructure

Sharing his views from the perspective of a cloud service provider, Akshay Aggarwal, Director - Cloud Platform, Oracle India, talked about the intrinsic element of security in the cloud infrastructure. “When people are moving from on-premise to cloud, how they secure their data is the first thing on their mind. Cloud is definitely easing the security challenges. When we talk about cloud infrastructure security, we talk about security ‘of’ the cloud and ‘on’ the cloud. 66 percent of CXOs feel that the biggest benefit of cloud is security and this is ahead of cost reduction, ease of use, scalability and speed. So, security although is a concern, it is also a driver for cloud adoption.

Defining the Approach towards Cyber Security

"66 percent of CXOs feel that the biggest benefit of cloud is security and this is ahead of cost reduction, ease of use, scalability and speed."

"We call the security on the cloud part as a shared responsibility. In our study with KPMG, we have realized that not many CXOs are clear about their responsibility to secure their data, and their usage of the cloud when they are moving to public cloud. So, even though the platform provider can secure the platform, there is a shared responsibility to be taken by the users as well. Another fact that makes a case for cloud adoption is that 72 percent of CXOs believe that public cloud is more secure than their own data center.”  

With such pertinent insights, the experts debunked many myths surrounding cyber security and flagged several new emerging threats. They also laid out the way forward for businesses to address those concerns. Enlightened by the inferences, the audience geared up to strengthen their cyber security posture.

CIO Viewpoint

The Cyber Security Spar in Integrating IT and...

By Vimal Goel, CIO, HPCL-Mittal Energy

Towards Cyber Resilience: A Data-Centric...

By Puneet Gupta, Vice President & Managing Director, NetApp India/SAARC

Why DDoS Attacks Are on the Rise and How Can...

By Shibu Paul, Vice President – International Sales at Array Networks

CXO Insights

Emerging Trends, Challenges & Future Prospects...

By Sujoy Brahmachari, CIO & CISO, Rosmerta Technologies

Exploring Data-First Security and Automation in...

By Maheswaran S, Country Manager - S.Asia, Varonis Systems

Securing IT-OT Converged Infrastructure

By Saurabh Sharma, SMIEEE, FIE, CEH, Chief Manager (BIS) & CISO, Petronet LNG Ltd.

Facebook