Mumbai, March 10 : Cyber security is a major concern for businesses and individuals who use the internet for their daily operations. In today’s world, where almost anything can be done online, it is essential that organizations have measures in place to keep their data secure from malicious attacks. Additionally, companies should ensure they update software regularly in order to patch any newly discovered vulnerabilities that could leave them open to attack. Mr. Sandeep Pandita, CIO, Head IT & Systems at Hero Steels Limited, talks with Mr. Marquis Fernandes of Quantic India about his thoughts.
How far can companies actually comply with the new cyber security directive? Considering its complexity?
By 2025, cybercrime may cost up to $10.5 trillion annually, as indicated by the Cybersecurity Ventures Report. Cyber-attacks are an important issue in India s economy due to digitization; the expansion of geopolitical warfare and cyberwar fare also makes the country an increasingly attractive target for cybercriminals. Given India’s information technology industry, the growth of online banking and e-commerce has likely contributed to an increase in e-commerce targets. The threats related to cyber security are still greater than most companies are aware of. The greatest danger is that attention is not given to cyber security sufficiently, creating companies unable to prepare properly for threats such as ransom ware attacks. It is often the case that organizations, government offices, and the general public spend heavily on financial audits, IT security General Controls, risk management, compliance, governance, cyber security policy procedure development, upgrade, and basic vulnerability analysis, which is not substantial enough to handle the events triggered by cybersecurity incidents. So everything related to our digital transformation must be assessed in the context of cyber threats and cyber-risk issues to provide business leaders with the appropriate risk management decisions.
Are rapidly evolving cyber-attacks keeping the leaders on their toes? What can be a proper plan of approach to safeguard with backup?
The severity of cyber-attacks continues to increase, and it is now not just an IT issue anymore. Corporate executives and risk managers across various industries have consequently become more knowledgeable of the danger and importance of investing in cybersecurity. Unfortunately, a lot of business leaders think cybersecurity is a technological issue and don’t understand the reach of cybersecurity incidents to business operations. For this reason, a New Age CIO is likely to have solutions capable of translating technical knowledge of cybersecurity into financial risk which businesses may face due to those risks. For example, rather than explaining why a particular cybersecurity policy helps improve the cyber risk posture, a CIO should explain the reduction in the financial impact of implementing the policy to the board.
How far can companies actually comply with the new cyber security directive considering its complexity?
Here are some suggestions for how executives can improve with respect to security from their corporate perspective:
- Identifying the critical Business Process and Data: It is essential for each CIO to identify and address business-critical processes and the importance of data corresponding to those processes. Most businesses do not successfully complete or fail to identify critical business processes and data, and listing down all identified critical business processes helps identify a handful of essential business processes for leaders to consider. Once you have identified the critical business processes and the data, you can focus on expanding the cybersecurity options.
- Keep Learning and collaborating with business leaders: It’s imperative that management and his team be aware of cyber-risk and offer input into security proposals. An organization’s security is the result of both the IT network and its reputation. Cyber security and technology should each be viewed as an important aspect of the digital transformation and addressed from a cyber-risk standpoint. IT professionals need to keep their eyes on the ball and be able to manage the balance between value creation and exposure to cyber risk.
- Focus on people, process, and technology: Many CIOs tend to lean more toward technological advances as a way to take the lead in cybersecurity responses. Improvements in technology and tools are important, but responding to people and organizations is more challenging. The impact of technology on the wearer plays a far greater role in management than tools. It is crucial to understand technology’s impact on people in order to successfully manage risk balancing and keep employees engaged in the workplace.
How can the enterprises map a better way to detect, dodge and defend?
Update Software regularly: Develop Patch Distribution Procedure management for internal enterprise EPS and servers also check whether unused dependencies are vulnerable to damage or unmanaged settings and resources.
Using Cyber Threat Intelligence (CTI) Tools: Threat intelligence (Cyber Threat Intelligence (CTI) can affect an organization’s early detection of ransom ware attacks by providing businesses with real-time visibility into the threat landscape and enabling them to identify and respond to emerging threats quickly.
Execution Prevention: The script execution of a system can be blocked or controlled using a blocking application or code.
Backup & Encryption of Sensitive Information: Deploy encryption at all times for privileged data at rest in cloud-based environments for flows of information in all emails containing sensitive information. Have a 3-2-1-1 backup strategy. Keep three copies of your data—one primary and two backups—with two copies stored locally on two formats (network-attached storage, tape, or local drive) and one copy stored offsite in the cloud or secure storage.
Extending the horizon for increasing user awareness of sensitive data protection.
- Multifactor Authentication: Even when a token is used with other pieces of evidence for authentication, the USER ID/PASSWORD option is quite handy.
- Privilege Account Management: Create, manage, and modify Accounts privilege privileges including system and root.
- Activation Network IPS: Use Network IPS to prevent attacks for conducting scans for remote systems.
- Protect Public Facing Application: Use web-application controls to limit the exposure of apps for preventing reprehensible traffic from accessing these.
