Technology has undoubtedly made tasks easier for all industries – irrespective of their types or verticals to which they belong. A bank or a hospital needs almost equivalent tech advancements as that needed by any IT company. It has not only automated mundane and repetitive tasks but also increased accuracy and precision. Consequently, it has become an inevitable part of today’s businesses. But as the saying goes, “every coin has two faces”, the advantages of technology cannot be solely considered as everything it is about. The risks that it brings with itself are as big as its benefits. And to combat these risks, industries are coming up with new and more advanced techniques almost every day.
Here’s what industry leaders have to say on the growing threat landscape and changes in cybersecurity
CEO and co-founder of InstaSafe Technologies, Sandip Kumar Panda, highlights that majority of types of cyberattacks are still unknown and “Organizations across the world need resilient prevention against the most advanced cyberattacks which are still possibly known and unknown. Every organization realizes that now is the perfect time to brace up on keeping yourself and your information safe against viruses and malware and phishing and other kinds of known and unknown attacks”.
Bharat Panchal, Chief Risk Officer – India, Middle East & Africa, FIS Global says, “The cybersecurity issues are not limited to hacking or money related frauds, but have become critical from a national security point of view.”, highlighting that cybersecurity is a national concern. Co-founder and CEO of Sequretek, Pankit Desai, calls for “an urgent need for the stakeholders – Government, media, businesses, cybersecurity community and law enforcement to step up the awareness campaign to bring this problem front and centre.”
“The need for cybersecurity has increased manifolds in these times where everyone is working remotely. Companies are at risk from different cyber-related crimes like Impersonation fraud, Misuse of system and data access rights and Phishing attacks. To combat such cyberattacks, we have taken different steps like the implementation of a single sign-on, secure VPN tunnels, strengthening the advance threat protection systems and also keeping employees and customers aware about the latest security threats, measures and best practices.”, said Vishal Shah, Head Data Sciences Digit Insurance, highlighting the changes in cybersecurity policies companies are taking during the current remote working scenario.
Here are a few cybersecurity changes that industries are witnessing –
Redefining security policies
"In the current scenario, it is important for CISOs and CIOs to redefine their security policies and invest in efficient security solution with automated detection and response capabilities, that extends beyond endpoint to email, network, cloud and IoT. This is where the XDR approach can help, as it breaks down the silos and gives complete visibility to protect enterprises from the ever-changing threat landscape.", says Vijendra Katiyar, Director – Enterprise Business (Non-named), India & SAARC, Trend Micro. Organizations are working on bolstering endpoint security terminals alongside introducing privileged access management for systems that are crucial to them. “Businesses must do their part to make the digital world a safer place for customers, employees and partners. This begins with protecting access – especially privileged access - to their critical enterprise assets.”, says Rohan Vaidya, Managing Director, India, Cyber-Ark.
Sethu Seetharaman, Chief Risk Officer, Mphasis, suggests the use of ‘Multi-factor authentication (MFA), fortification of email security and anti-phishing controls, apart from continuous measuring and elevation of security posture.’ “Innovative solutions like Secure physical enclosures and customized proctoring solutions are necessary to prevent data exposures at home,” he further adds.
The advent of Covid-19 has fast-tracked the adoption of Work At Home where "endpoint becomes the new perimeter" of an organization's network. We have incorporated significant enhancements to our endpoint security tools and monitoring process to address this risk. Additional controls have also been implemented to limit and detect Phishing emails," said Satya Machiraju, Vice President, Information Security, Whatfix.
Ranganath Jagannath, Director, Growth, Agora, speaks on the need for securing conversations/content in real-time engagement applications. He suggests “RTE service providers should incorporate a host of security features such as industry-standard encryption algorithms, or, even better, customised encryption algorithms for the security of video and audio data and they should also implement mechanisms to protect customers from DDoS attacks.”
“Organizations should aim to drive a robust, security-first business culture. People access, store, and share data in a variety of ways, across various data environments, through different services and devices. This makes it more necessary for organizations to make security and cyber awareness a non-negotiable priority. If everyone does their part, our world will be safer and resilient for everyone,” said Praveen Kulkarni, Country Manager - Security Risk & Governance at Micro Focus.
Growth in demand for cybersecurity professionals
It can be deduced that the demand for cybersecurity professionals is growing in the industries, just by looking at the massive, yet crucial, data that needs to be secured. Interestingly, while the demand is growing, organizations are still struggling to find skilled professionals that can fill in the gap. Last year, NASSCOM reported that India alone would need 1 million cybersecurity professionals by 2020 – which indeed is true. In January 2020 alone, Indian IT services firms, including Capgemini, Accenture, Infosys, altogether needed around 67,000 cybersecurity professionals.
Commenting on this growth, Nikhil Barshikhar, Managing Partner and Founder, Imarticus Learning, says, “The dire need for Cybersecurity professionals has never been more pressing, with virtually every economic indicator pointing to a substantial increase in demand for skilled Cybersecurity experts over the next 10 years, both in the Private Sector as well as the Public Sector.”
Employee awareness
“While there is a demand on the job front for cybersecurity professionals, there is a need to focus on sensitizing people towards cybersecurity attacks.”, says Rameswar Mandali, CEO and Founder, SkillMonks.
Cybersecurity is not a one-person process. At an organizational level, it demands co-ordination from every employee and associated stakeholder. Hence, it becomes imperative to ensure that at a basic level, each person knows his/her role in minimizing security risks.
Social engineering is one of the highly exploited ways to attack a company’s data. The recent twitter-bitcoin scam could also be considered as a part of a social engineering-induced cyberattack. The current work-from-home scenario further intensifies the risks as employees are using unsafe networks on office devices or are conversely using unsafe devices to access enterprise networks.
“Organizations, employees, and individuals need to ensure they do not trust without verifying - especially with social engineering attempts being rampant. All we need to accept is difficult-to-guess passwords that should be changed frequently. A threat-aware, the zero-trust approach is, therefore, a must to keep digital life secure, productive, enjoyable and sustainable.”, said Aiyappan Pillai, Senior Member IEEE.
Choosing DevSecOps, not just DevOps
The process of software development involves communications, planning, modelling, construction and finally deployment. All this is not as easy as it sounds. On coupling this with multiple iterations, several terminals are left vulnerable to cyberattacks and these are used efficiently by cybercriminals. This is enough to state that cybersecurity can be best ensured if it is maintained from the beginning of the product development.
“One thing that has worked very well for us is to have data, privacy and security woven in the fabric of the product. These can't be afterthoughts or a layer of security on top of what exists.”, says Mr Nityanand Sharma, Co-founder and CEO, Simpl.
Moving to “Verify and Trust” model from “Trust and Verify”
"With cybersecurity, for both people and businesses alike, the model so far has been 'trust but verify', typically with no emphasis on the verify part. Their mantra should now change to 'verify, then trust'. Before clicking on any link, installing applications, accessing websites, and accepting any connect requests, they should inculcate the habit of verifying the legitimacy of each entity before carrying out transactions. This collective mindset change, driven top-down from the leadership, will ensure strong levels of cybersecurity," suggests Rajesh Ganesan, Vice President, ManageEngine.
Using Cloud, with an in-house security team
Cloud computing allows people access to the same kinds of applications through the internet. This means the device accessing the cloud doesn't need to work as hard. By hosting software, platforms, and databases remotely, the cloud servers free up the memory and computing power of individual computers.
Cloud-based solutions are ideal for businesses with growing or fluctuating bandwidth demands. But, its security is even more important. Ravinder Arora, AVP and Chief Information Security Officer (CISO), Infogain states, "Moving to the cloud has become an imperative for many companies. As organizations adopt cloud, they need to ensure their data is secure. Most companies adopt a combination of traditional and cloud-centric security, enabling them to keep all data secure. Cloud service providers (CSPs) offer a variety of solutions to address the challenges. It is ideal to have solutions that prevent excessive workload for your in-house security team and training time required to support the solution."
He also suggests a few tips to ensure security in cloud environments. They are:
1. Multi-factor authentication
2. Improving cloud computing security with user access
3. Analyzing user activities (monitor & log) detect intruders with automated
4. Provide anti-phishing training for employees on a regular basis and have a comprehensive off-boarding process
5. Cloud-to-cloud backup solutions
Security in the fintech industry and e-commerce
When it comes to cybersecurity in the fintech industry, it cannot be ignored as things become important when there are ‘payments’ involved. Consequences of any security incident here directly and mostly affect the end-user. Secondly, it can tarnish the image of the company as well. Hence, fintech companies’ main goal is to detect fraud, way before it can happen. For this, they’re leveraging the prominent drivers of the tech industry – Artificial Intelligence and Machine Learning. The self-learning capabilities of these technologies have proven to be a boon for the fintech industry.
“AI and ML tools are ‘taught’ to detect anomalies. Feeding relevant and voluminous datasets enable these tools to become ‘intelligent’. In a fintech environment, complex algorithms replicating known financial behaviours are developed which help these AI tools to run pattern-recognition programs. This in turn enables cybersecurity experts to detect issues usually before long-lasting damage has occurred.”, tells Andy Sen, CTO, mPokket.
Sarita Digumarti, COO & Co-founder, Jigsaw Academy, says, “The current pandemic has accelerated the push towards digital interactions including digital payments and transactions facilitated by fintech companies. But with increasing digital transactions there is also the increased risk of managing the security of highly sensitive personal and financial data of customers and companies – many cybercrime incidents in the last couple of years have shown that cyberattacks can impact hundreds of millions of customers at one go.”.
Speaking on cybersecurity in eCommerce, Sumed Marwaha, Regional Services Vice President and Managing Director, Unisys India, highlighted that “With the approaching festival season, it would not be a surprise to witness a boom in online shopping. The recent Unisys Security Index found that the majority (82%) of the Indians are concerned about the security of online shopping. Implementing technologies such as biometrics along with AI/ML helps establish secure identities. Investment in sophisticated security measures such as instant detection of intruders, dynamic isolation, encrypted micro-segmentation and more, built on a foundation of resilience and Zero Trust, creates a secure ecosystem for online transactions.”
The author of the article is Mansi Mishra, Cybermedia.