Like organisations in other parts of the world, organisations across India have been grappling with cyber threats brought about by the growing adoption of the internet of things (IoT), cloud applications, digital supply chains and remote work.
With remote work and the use of cloud, for example, organisations will need to have complete visibility into a decentralised IT infrastructure, manage access to corporate networks through personal devices, and alleviate the risks of employee negligence.
Neelesh Kripalani, chief technology officer of Clover Infotech, an IT services and consulting company, said these magnify the threat landscape, warning that the “frantic move to cloud without paying enough consideration to security can be hazardous for enterprises”.
“Chief information security officers [CISOs] need to take equal part in maintaining the security of cloud internally,” he said, noting that security cannot be the sole responsibility of cloud service providers.
Jitendra Mohan Bhardwaj, CIO and CISO of Coforge, a global IT service provider, said the rising sophistication of cyber attacks is also posing a challenge for organisations in India.
“Hackers are becoming more skilled at finding holes and cracks in corporate security systems to gain access to protected files and data. Further, with the advent of emerging technologies like 5G and artificial intelligence, hackers are carrying out most sophisticated attacks using advanced techniques,” he said.
These attacks have intensified amid geo-political disruptions, such as the Russian invasion of Ukraine.
Dilip Panjwani, principal director and CISO of Larsen & Toubro Infotech, said enterprises have become “more wary of state- and nation-sponsored attacks and are preparing response mechanisms in case the attacks transpire into reality, more so, after the Russian-Ukraine crisis”.
Aleksandr Valentij, CIO of Surfshark, a VPN service company, noted that since Russia invaded Ukraine, the scale of global cyber warfare has increased.
“It’s challenging to contain cyber attacks in exact regions, and there’s always a significant chance of collateral damage to almost any country,” he said, pointing to the Petya malware attack in 2016 as an example,” he said.
“Though it was primarily designed against Ukraine, it wreaked havoc across the globe. Keeping in mind the sheer magnitude of the recent events in Ukraine, the damage of forthcoming cyber warfare may also be proportionally higher this time.”
With employees often the weakest links in cyber security, whether it is falling for a phishing email that employs social engineering techniques or configuring a system wrongly, Bhardwaj said there is rising obligation to educate employees about technology developments and the latest software.
“Proper training needs to be provided so that the company’s workforce understands cyber security threats and ways to mitigate them,” he said.
Besides technical readiness, Larsen & Toubro Infotech’s Panjwani said organisations also have to focus on management readiness: “Leaders on the top, including the board, need to know their response strategies in case of an actual cyber breach.”
Incidentally, Gartner has predicted that by 2024, 60% of CISOs will establish critical partnerships with key market-facing executives in sales, finance and marketing, up from less than 20% today.
Such partnerships can go a long way in arming security and risk leadership to systematise approaches to enterprise security across functions. Gartner also noted that by 2025, a single, centralised cyber security function will not be agile enough to meet the needs of digital organisations. There would be an emphasis on CISOs reconceptualising their responsibility matrix to empower board of directors and CEOs.
Kripalani agreed, noting that for organisations to overcome cyber security vulnerabilities, it is important that security concerns are “well understood across the organisation by all stakeholders – management, vendor partners, and employees”.
When it comes to cyber security investments, Panjwani said organisations are investing more in automation, security intelligence and capabilities to respond faster to cyber threats: “The idea is to bolster our strengths and assure management about our preparedness for cyber threats and compliance in a confident way.”
Srinivas Mukkamala, senior vice-president of security products at Ivanti, said with technologies changing rapidly, it is imperative for CISOs to be up to date with the latest threats, which vulnerabilities can be weaponised, and the solutions that can strengthen their security posture.
He noted that it will take significant investment and planning to fully realise the extent of those issues and, while having a zero-trust security strategy can help, it is not something that can be done overnight and requires processes and procedures in place across the organisation.
Clover Infotech’s Kripalani called for organisations to invest in cloud management platforms, identity and access management, as well as vulnerability management tools, which are necessary to improve visibility into their systems so that they can detect threats and mitigate risks.
“These new-age tools and platforms allow internal security teams to assess, track and manage vulnerabilities in their network on a single dashboard. This enables enterprises to analyse their overall network and cloud security posture in greater depth and generate actionable insights in just a few clicks.”