Security tools and a data-first approach a must for a secured environment
From CIOs to boardrooms, the only major concern that enterprises have today is how to secure its data. It has become a topic of discussion among the decision makers as data is the new oil in this digital era.
Earlier, data used to be in a protected network environment so that chances of breaches were also low. But with the pandemic and increased adoption of digitalization, people are accessing critical data outside the protected environment and from various devices. Moreover, the pandemic gave birth to a new mode of work culture - hybrid workforce and this has increased the risk of data breaches multifold.
The global Cyber Security Market Size is projected to reach USD 376.32 Billion by 2029, from 139.77 Billion in 2021, at a Compound Annual Growth Rate (CAGR) of 13.4% during the forecast period. Emerging online e-commerce platforms and the introduction of essential technologies such as the internet of things (IoT), cloud security, artificial intelligence (AI), and others are driving the market. As a result, business and IT leaders are left wondering what cybersecurity solutions they truly need, which ones are redundant, and which ones are complementary.
Talking about the India market, as per IDC, 74% of large enterprises embed IT security in the planning, initiation, and assessments of all new business initiatives. The security market in India, including hardware, software, and services, is projected to be valued at $2.51 billion in 2022, with the highest market share coming from services, followed by software and hardware, respectively, according to IDC’s Worldwide Security Spending Guide, July 2022. India’s overall security market is expected to reach $4.16 billion by 2026, growing at a CAGR of 13.8% during 2021-26.
Let's take a look at the thoughts of industry experts on the importance of cyber security during this cyber security month.
‘Its time to look inward and identify and close security gaps to build a more resilient future’
Dr. Rishi Bhatnagar
President, Aeris Communications
Over the last few years, the proliferation of smart devices and changing customer preferences have led to the evolution of digital transformation. As a result, businesses are increasingly exploring opportunities and high-end capabilities for competitive advantage and growth. However, with the emergence of new technologies such as cloud, artificial intelligence (AI)/machine learning, internet of things (IoT), big data, and other operational technologies, technology risk is continuously elevating. Apart from emerging technologies, even mobile devices carry significant security risks. Mobile apps are often the cause of unintentional data leakage which can have a catastrophic impact on an organization as today's businesses operate through mobile devices. This makes it mandatory for organizations to train their employees to protect the company’s digital assets, create a cyber-threat response planning that consists of a plan of action for specific attack scenarios. At Aeris Communications, critical assets and data are safeguarded by a secure and protected network. As a leading IoT solutions & services provider, we believe that a strong security policy can help businesses lower their risk of compromise. It essential for organizations to use effective tools that can identify real-time threat intelligence, apply AI to detect threat pattern, data breaches and anomalies, and automatically initiate a coordinated response across different networks. This holistic approach to a cybersecurity architecture propels a well-knitted integration and increased automation, making it easier for security and IT teams to coordinate and respond quickly to threats in real-time”.
‘Organizations should carry out a thorough risk assessment and ensure that all risks are documented’
VP, Information Security, Whatfix
“With accelerated adoption of the cloud-first model, there has been an exponential rise in cybercrimes. India has seen a major spike in cybersecurity-related threats, with over 6.7 lakh cases recorded so far in 2022. Cybercriminals have now realized that instead of targeting company networks, they are better off targeting users by leveraging the information available on public forums and social media. Phishing and social engineering attacks have increased more than ever before. CISOs need to invest in solutions that help users identify phishing emails and also be cautious about their social media footprint.
Organizations now need to focus on specific training such as secure coding and security hackathons for developers. IT leaders should understand that the targeted attacks will continue to rise and ensure that they invest heavily in user education and enablement towards Cybersecurity.
It is also imperative that before the adoption of any cloud technology, organizations should carry out a thorough risk assessment and ensure that all risks are documented and reviewed adequately. Security teams should augment their existing security controls portfolio with new-age technologies such as Zero Trust, data leakage detection technologies that are more focused towards end-user computing devices, regulate and monitor access to cloud infrastructure and solutions.”
Data is the fuel to run businesses in the digital transformation era
Director and General Manager, Data Protection Solutions, Dell Technologies India
“Dell Technologies’ Global Data Protection Index report found that 74% Indian businesses saw loss of mission critical data due to a cybersecurity incident as the biggest challenge to digital transformation and 42% of Indian businesses lack the confidence that data can be recovered after a cybersecurity incident.
Threats continue to become increasingly sophisticated and more difficult to detect. Data is the fuel which will run businesses in the era of digital transformation and hence remains a critical asset that must be protected, kept confidential and accessible for deriving insights whenever required. In the coming times, organizations will seek ways to extend data security to remote workers which will lead to the need for strengthening the IT infrastructure. The deployment of next-gen technologies to manage future workloads will become a necessity to ensure data management with industry-leading cyber resiliency.
Password phishing is one of the most common techniques adopted by cyber criminals to infiltrate an enterprise’s computer network. Regular password audits and checks are important. Businesses must stress on leveraging a password manager to create strong passwords and store them in a secure location. Multi-Factor authentication, as well as digital certificates for identity verification and secure communication are excellent ways to keep critical business and personal data protected. Technology is only going to become even more integrated into our daily lives which are a gold mine for bad actors. But, we must not forget that there are simple ways to “Be Cyber Smart” and keep our data safe with passwords. That is until biometric technology becomes more sophisticated and more widely adopted.”
‘Its time to look inward and identify and close security gaps to build a more resilient future’
Security Software Technical Sales Leader, IBM Technology Sales, India/South Asia
“In 2022, India's data breach costs increased to 176 million, nearly 25% over the past 2 years, as per the latest Cost of Data Breach report. With organizations becoming increasingly vulnerable to sophisticated cyberattacks, responding fast is vital - whether it's detecting and stopping potential attacks, limiting the window of access to your environment, stemming reputational damage, or restoring critical technology. Businesses have begun to realize that it’s time to look inward and identify and close security gaps to build a more resilient future. In today's security environment, a successful program requires the right mix of ingredients due to the constant deluge of attacks and complex enterprise infrastructures. Most security teams today are unknowingly building "less trust" networks -- not zero trust networks. The solution is to turn the tables and look at networks from an attacker's perspective, by treating our network as if it had been compromised and attacked. It is imperative that companies detect, hunt for threats, scrutinize connections and relationships, and rely on AI and analytics. In order to monitor, detect and contextualize dynamic behaviors across hybrid cloud environments, organizations should adopt a zero-trust approach to their security strategy. Leadership in security is important, but a culture of security is what ensures that cybersecurity is embedded in every aspect of your business. In order to ensure the success of any security program, organizations need to educate and test the workforce – from continuous threat monitoring to vulnerability testing, to enhanced cybersecurity capabilities based on AI and Machine Learning. As one of the leading providers of enterprise security solutions, IBM has been helping companies improve their cybersecurity response on a number of fronts. We ALIGN the security strategy to the business, PROTECT identities, data, apps, endpoints, and cloud, MANAGE defenses against growing threats and MODERNIZE. By drawing on IBM's wide array of security expertise and capabilities, we are ready to assist the nation in building a more secure future.”
Security teams need tools that will enable them to quantify cyber risk
Country Manager, Tenable India
“The advancements of cloud, mobility, continuous software delivery, IoT and other modern technologies have resulted in IT environments becoming more complex, distributed, hybrid and difficult to secure. In this new world, cybersecurity organizations continue to struggle with security programs that are reactive and siloed, and with a sprawl of point tools generating mounds of fragmented data that are often impossible to easily correlate and difficult to draw meaningful insights from.
Security teams need to present to the leadership concise, meaningful insights on whether their security solutions are in fact reducing overall cyber risk. For this, they need the ability to continuously assess their vulnerabilities, misconfigurations and user privileges in the context with one another across the entire attack surface. They need tools that will enable them to quantify cyber risk and identify how well their security programs work and how they compare with their peers in terms of cyber exposure. Our Tenable One Exposure Management Platform operationalizes cybersecurity by transcending the limitations of siloed security programs, enabling organizations to understand and assess all assets and associated weaknesses. The data and analytics provided by the platform take the unified view a step further, providing key asset insights – such as how an asset is configured, what’s installed, and who is using it – that enable organizations to predict potential breaches and prioritize vulnerability remediation.
Mobile devices are now an essential part of the corporate network and also an attack vector. Therefore, organizations have the onus to have mechanisms in place to secure the information that can be accessed on mobile devices. An exposure management platform that integrates various domains of security can help organizations construct effective cybersecurity strategies, create awareness about maintaining cyber hygiene among employees and also reduce overall risk.”
Adaptation of threat hunting for unknown threats and attack behaviours proactively is needed
Managing Director, India & SAARC, CrowdStrike India
“It’s that time of the year when we discuss cybersecurity awareness including fundamentals of data sharing and protection because cyberattacks affect our day-to-day lives, our economy and national security by destroying, corrupting, or stealing information from our computer systems and networks. Today, digitization of infrastructure in critical infrastructure sectors allows hackers to exploit unpatched vulnerabilities. Some of the actions that critical infrastructure organizations should take for threat prevention include mapping IT-OT interdependencies, conducting simulations in which organizations rehearse and refine cyber crisis response scenarios, and implementing the required changes to achieve cyber resilience.They need to accelerate the IT/OT convergence with a centralized and up-to-date inventory of all IT, OT and IoT assets, combined with advanced behavioral analytics that helps identify and mitigate potential risks associated with connected devices and networks. Organizations should adopt threat hunting to look for unknown threats and attack behaviours proactively. It allows a more comprehensive view of the threat landscape, enabling them to stay ahead of any attacks. Other points to consider include protecting all workloads, setting unique passwords, adopting zero trust, using anti-virus software and keeping it updated, monitoring the criminal underground, using VPN with multi factor authentication, eliminating misconfigurations, investing in elite threat hunting and building a cybersecurity culture with user awareness programs to combat the continued threat of phishing and related social engineering techniques.``
A data-first approach model to security required by organizations
Country Manager - India, Varonis
“Organisations are becoming more data-driven, and the security perimeter is much less defined. Organisations have understood that the attackers are going for the data and hence they are slowly changing their security strategy to an inside-out approach rather than an outside-in - a core USP of Varonis. With the new work lifestyle where people can work from anywhere and anytime, access to data through the cloud has become very common and the traditional security approach won’t fit the bill anymore.
Organisations need to keep themselves better prepared and have a predictive ML-back view of the slightest anomalies found in their systems. Organisations need to take a data-first approach model to security and always be on the lookout in this ever-evolving threat landscape.
These days mobile phones are the first thing we look for instead of glasses or a bottle of water in the morning. Our smartphones are an arm’s length away. But have we ever wondered if our phones are safe or if our data on the phone is secured or not? From ordering groceries to paying bills to any kind of bank transaction, everything is done via mobile. All our data is out in the open and this makes security more essential and crucial. While we cannot stop using our phones, we can surely use them wisely and securely by staying informed and taking precautions.”
“The safest approach is to connect only to WiFi access points that you know and trust”
Director Sales ( India & SAARC), Securonix
“We are moving towards a digitally advanced economy, which is giving rise to these cyberattacks and affecting every industry, of every size, be it - healthcare, manufacturing, finance, enterprises, or government authorities. It is true that security breaches can devastate even the most resilient businesses, and it is critical to manage risks appropriately in order to secure your infrastructure.
Today, our entire lives revolve around our mobile phones, putting our privacy at risk because the majority of our confidential data is now stored on our phones. However, by staying informed and taking precautions, one can still use their phones safely.Always adjust your device's security settings to limit the amount of data collected by each app, and think twice before installing any new app that requests a lot of permissions. The safest approach is to connect only to WiFi access points that you know and trust, avoiding open or public wifi networks. To avoid falling victim to a phishing scam, always double-check who is contacting you for personal information. Avoid apps that ask for a lot of permissions or any permission related to accessibility. Avoid apps that promise free access to premium content, aren't listed in well-known app stores, and lack a review history. Be more cautious when granting an application access to your contacts or storing sensitive information such as your Social Security Number, date of birth, and so on. Configure multi-factor authentication on your smartphone and use a password manager app to generate and store unique passwords for each account. It is always recommended to download anti-virus programs on your smartphone that can help in detecting malicious apps. Also, keep your smartphone's operating system (Android or iOS) up to date at all times to ensure the best possible protection of your device.”
Trend Micro simplifying security and helping to detect and stop breaches faster
Country Manager India & SAARC, Trend Micro
“Data breaches and cyber-attacks have increasingly become a major concern for organisations accommodating digitization. Cyber-attackers are smarter than ever now, frequently morphing their attack methods to stay under the radar of existing cyber defences deployed by organisations. The increase in cyber-attacks against critical infrastructures is usually the result of unguarded assets & a lack of robust detection & response measures across the digital attack surface of an organization - which makes it easier for threat actors to infiltrate an enterprise’s network.
Trend Micro’s platform-based approach to security, combined with industry-leading XDR capabilities, helps organizations to secure their critical infrastructure. Our unified cybersecurity platform enables vendor consolidation and deep integration with an organization's IT environment, simplifying security and helping them detect and stop breaches faster. Our platform also enables organizations to see the full security picture with native sensors across endpoint, email, cloud, network, and IoT environments across their technology landscape. We combine this comprehensive visibility with capabilities to empower security teams with better response time, contextual alerts, zero trust implementation, and much more. Backed by Trend Micro Zero Day Initiative (ZDI), the world’s largest bug bounty program, we help organizations defend against undisclosed threats as well, much before a vendor patch is released. We also provide expert services like managed XDR and incident response to help maximize the effectiveness of our customer's security teams.”
F5 Distributed Cloud Services aiding organizations to secure infrastructures
Managing Director, India and SAARC, F5
“The tremendous shift towards a hybrid work model and adoption of newer technologies by businesses has introduced new cyber threats. Some of these are cloud threats, API threats, ransomware, supply-chain threats, and more.
With the pandemic hitting the world and bringing a major shift in the way of work, cybercriminals have become more active and vicious. Cybercriminals explore the networks to find vulnerabilities in the application and persuade users to give away their personal information. F5 Distributed Cloud Services can help secure infrastructures by providing an advanced web application firewall (WAF), bot detection, API protection as a service, and protection against DDoS attacks. It also equips its customers with end-to-end observability and real-time visibility into the entire deployment while ensuring security and increased digital experiences.
Mobile devices are part and parcel of our everyday lives. With multiple endpoints, mobile devices are breeding grounds for attackers to steal the personal data of users and exploit it. Therefore, it becomes imperative for businesses to secure their networks, applications, and devices through web application firewall (WAF) solutions. It protects the application by filtering, monitoring, and blocking any malicious traffic traveling into the application and prevents any unauthorized data from leaving the app.”
Infogain believes in enforcing zero trust approach to cybersecurity
Ravinder Arora, CISO & DPO, Infogain
“With each passing year, we are witnessing that the cyber threats are becoming more sophisticated and complex, and they are targeting individuals and businesses of all kinds. Some of the most common challenges we will continue to face in 2023 include phishing attacks, remote workers’ endpoint security, cloud jacking, ransomware attacks, IoT devices, deepfakes, and 5G-to-WiFi security vulnerabilities.
These cyber-attacks most often result in a substantial financial loss that arise from the theft of corporate information and financial information (for e.g., bank details or payment card details), disruption to trading (for e.g., inability to carry out transactions online) and thereby, resulting in the loss of business or contracts.
Data protection and privacy laws exist so that you can manage the security of all important and critical data and information you have - whether of your staff or your clients. If this data,by any chance - accidentally or deliberately,is compromised and you have failed to deploy the appropriate security measures, most likely you may have to face fines and regulatory sanctions.
At Infogain, we conduct regular training and awareness programmes on information security for the employees and ensure the protection of customer data and provide cyber security insurance. We believe in staying updated on the latest risks by the IOC, etc. To emphasize on business continuity and create crisis plans by regular vulnerability scanning and patching.There is enforcement of zero trust approach to cybersecurity and external security assessments & certifications are carried out to make sure that there is effective implementation of cyber security controls.
There are many businesses and organizations that believe in securing their computers but do not install security software on the mobile phones of their employees. In most cases, the same devices are often synchronized with the work email and various crucial files. Thiscanlead to the leakage of the company’s valuable files and crucial information and, there is the inevitable threat of the intrusion of malware into computers and important documents.”
Governments and other organisations should safeguard sensitive data gathered from citizens
Prasad Honnavalli, Co-Founder Abhaya Secure and Prof and Director at PES University
“India is at the forefront of technological innovation and the quick adoption of new-age technologies. Cloud-first and mobile-first strategy is driving the digital transformation of businesses in India and across the world, impacting their cyber risk profile and posture.
The growing usage of social media, smartphones, and tablets has made it simple and affordable to have a digital presence without fully understanding the risk of data breaches and hacking. The need for governments and other organisations to safeguard sensitive data gathered from citizens and make sure that it is neither stolen nor altered by malicious attackers is constantly expanding.
Technologies such as cloud, big data, analytics, machine learning, artificial intelligence, and the internet of things, promise to open a world of unparalleled growth opportunities along with rising the risk of confidential data being maliciously collected, stored, and disseminated. Most human resource agencies will confirm the shortage of skilled and qualified cybersecurity professionals, to defend against the ever-morphing security threats.
There is a need to address talent problems at an academic and industry level. The technological curriculum should focus on providing experiential learning, conceptual training, and hands-on skilling for engineers and non-engineers to match the ever-evolving needs of the industry for technical and managerial roles.
Further universities need to encourage and incubate alumni entrepreneurs to address some of the real challenges by developing new products, services, and test strategies in various aspects of Cybersecurity – such as Information security, Mobile, Industry 4.0/OT, Crypto, and Blockchain, Digital Forensics and Cyber law, Cloud Security and automation.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.