Sujoy Brahmachari, CIO & CISO, Rosmerta Technologies, in interaction with CIOTechOutlook, shares his views on what are the key threats enterprises across the globe are currently facing in terms of cyber security, what the cyber security landscapes to evolve future, and more. Having completed his Executive MBA program at The Wharton School, Sujoy is a passionate technology professional with over three decades of experience across Data Centre Operations, Project Management, Infrastructure, Security, Networks, Applications, and Automation areas. Before joining Rosmerta in 2023, he had successful stints with USE Group, Hero MotoCorp, Ranbaxy Laboratory, and PC Solutions.

What are your thoughts on the cybersecurity landscape in 2024?

2024 will be the year of tech advancements, and I expect to see transformative shifts in user experiences and organizational tech trajectories. The primary trend focuses on elevating user & customer experiences using technologies such as AI/ML and interactive engagements. However, since these technologies are also increasingly used by malicious entities, leading to the second major trend, we will witness a heightened emphasis on cybersecurity, with swift anomaly detection and immediate remediation efforts becoming crucial to counter emerging threats. While these trends enhance user experiences, effectively addressing cybersecurity challenges remains imperative to safeguard innovation. Some of the major tech advancements that will play a crucial role in helping enterprises recognize third-party and insider risks are blockchain, zero trust framework, cloud security, behavior analytics, OT/IoT security, and many others.

Throw some light on the key threats enterprises across the globe are currently facing in terms of cybersecurity.

While the attack techniques have evolved significantly and risen in terms of the number of cases, phishing and ransomware were the two major concerns that IT teams across most organizations had to face in recent times. These kinds of attacks have also gained the ill-reputation of even bringing the business to a stand-still in many cases. Thus, I strongly expect them to become further sharper in the coming days to dodge the defenses of enterprises. Additionally, remote work culture becoming the new normal has now enhanced the need for solid technology access and processes to connect externally, further emphasizing on the need for enterprises to have very stringent policies and frameworks around cybersecurity, especially for the employees working remotely.

Furthermore, organizations must be vigilant about unpatched & unsupported systems, loose configurations, and insider threats. They must make sure to always keep track of all employees and anyone (third party) who uses their systems. Also, every organization must take proactive measures to address the evolving threat landscape, especially in the technology and security services verticals. To do so, companies must create organization-wide risk mitigation frameworks which should broadly include implement strong access controls, regularly updating software & systems, conducting periodic employee training sessions, implementing a robust incident response plan, using encryption and conducting regular security assessments & audits through both internal experts as well as third-party.

How do you expect the cybersecurity landscape to evolve in the near future?

Driven majorly by the dual nature of emerging technologies that bring both opportunities and challenges, the cybersecurity landscape is poised to undergo a thorough metamorphosis in 2024. Firstly, the adoption of Attack Surface Monitoring solutions will be imperative for swift identification and resolution of cybersecurity issues, along with providing robust data protection. Secondly, as secure log management becomes critical for regulatory compliance and penalty prevention, Security Operation Centers (SOCs) will gain widespread prominence. This will further accentuate the need for vigilant in-house or outsourced log monitoring. Also, it will no doubt become a norm for security service providers upgrade the technical skills of their resources and stay abreast with the latest threat vectors. Also sign up realistic SLA’s which they can deliver.

What is your advice to upcoming professionals who are entering the global technology and security services industry?

My advice to them is the same which I practice – be adaptive, collaborate with both your organization and industry peers. Also, be a curious and a continuous learner, as there is no limit to learning. Lastly, keep it simple, create a realistic solution on any problem statement, and do not come under pressure when faced with any challenging situations.