INDIA EDITION
www.digitalfirstmagazine.com
First Stop for Digital, Technology and Business Insights
INCREASING SECOPS AND INCIDENT MANAGEMENT EFFICIENCY WITH SOAR
HOW EMERGING TECHNOLOGIES ARE ENABLING HI-TECH CYBER SECURITY
THE COMING OF AGE OF CYBER SECURITIES & WHAT DOES THE FUTURE HAVE IN STORE
Akshat Jain, CTO & Co-founder, Cyware
Kunal Bajaj, Chief Business Officer, eSec Forte Technologies
Navdeep Gill, Founder, XenonStack
OCT-NOV 2021
1
2
Digital First Magazine October - November 2021
Digital First Magazine October - November 2021
3
www.digitalfirstmagazine.com
Oct-Nov 2021
Vol - 2 Issue - 7
Cybersecurity Special Editor in Chief
Dr. Varughese K.John, PhD
Managing Editor Sarath Shyam
Consultant Editors
Dr. Johny Andrews Navya Venkatesh Shyam K
Anna Elza Roshni Rajagopal Nikita Thakur
Editorial Enquiry: admin@digitalfirstmagazine.com
Art and Design
Ajay K Das Manjunath R Rohith Poojary
Sales & Marketing
Suchithra S Reshma Ashokan
Arati Waghmare Rupali Mohankar
Sales Enquiry: admin@digitalfirstmagazine.com
Subscription
www.digitalfirstmagazine.com
International Representation
London Connecta Global Ltd. 27, Old Gloucester Street, London, WC1N 3AX, United Kingdom
GET THE MOBILE ISSUE
Dubai Focus Innovation Technologies FZE P.O. Box 48299, Dubai Silicon Oasis Dubai, UAE Bangalore Connecta Innovation Pvt. Ltd. Carlton Towers, Old Airport Road, Bangalore - 560008 India
4
Digital First Magazine October - November 2021
Digital First Magazine is a digital magazine published by Connecta Innovation Private Limited. All rights reserved. The opinions expressed in the content are those of the authors. They do not purport to reflect the opinions or views of the Connecta Innovation Private Limited or any of its members or associates. The publisher does not assume any responsibility for the advertisements and all representation of warranties made in such advertisements are those of the advertisers and not of the publisher. Digital First trademark is owned by DFG Digital First Infotech Pvt Ltd. and Connecta Innovation Pvt Ltd. has permission to use Digital First brand name. Digital First Magazine is a Free Subscription digital magazine strictly not for sale and has to be strictly for internal private use only. Publisher does not assume any responsibility arising out of anyone printing copy of this digital magazine in any format and in any country and all matters related to that.
MANAGING EDITOR’S NOTE
Protect or Perish: The Era of Digital Chaos
“I
f it were measured as a country, then cybercrime — which is predicted to inflict damages totalling USD 6 trillion globally in 2021 — would be the world’s third-largest economy after the U.S. and China,” says Steve Morgan, Editor-in-Chief of Cybercrime Magazine. In a special report titled, Cyberwarfare in the C-Suite, Morgan states that the global cybercrime costs to grow by 15 per cent per year over the next five years, reaching USD 10.5 trillion annually by 2025, up from USD 3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year and will be more profitable than the global trade of all major illegal drugs combined. Cyber threats are everywhere, and it is increasing at an alarming pace. The Indian Computer Emergency
Response Team (CERT-In) observed over 6.07 lakh cyber security incidents in the first six months of 2021. This number stood at 2,08,456 in the year 2018; 3,94,499 in 2019; and 11,58,208 in 2020. Be it banks, tech companies, hospitals or government agencies; today, just about every other sector invests in cybersecurity infrastructure to protect their business practices and the millions of customers who trust them with their data. No wonder the cybersecurity market that was valued at USD 156.24 billion in 2020 is expected to reach USD 352.25 billion by 2026, registering a CAGR of 14.5% during 2021-2026. So, what’s the best cybersecurity strategy? To answer this very important question, we have come with a special issue that focuses on the future of cybersecurity. In the issue, we have collated insights, opinions and ideas of experts in the cybersecurity domain to give our readers a comprehensive view of what’s happening in this sector. Enjoy Reading.
Sarath Shyam
Digital First Magazine October - November 2021
5
ADVISORY BOARD
Dr. Kuldeep Nagi, Ph.D, MBA, BSc.
Program Director of Ph.D, Recipient of Fulbright Fellowship Award & Dan Evans Award for Excellence and Writer columnist.
Mr. Amulya Sah, PGD PM & IR, PG Diploma in PM&IR (XISS Ranchi)
Senior Director HR. Former Head HR group Samsung R&D Institute India,Transformative HR Leader, Change agent, Digitization facilitator, Engagement architect, Trainer and Diversity champion.
6
Digital First Magazine October - November 2021
Dr. Varughese K.John, PhD, MBA, MPhil, MCom, LLB. Former Program Director, MS in Management Program, GSATM - AU
Dr. Ajay Shukla, Ph.D, MBA, BE. Co-founder and Chief Strategy Officer at Higher Education UAE
Mamta Thakur Former CEO (ASEAN), Arc Skills
Mr. Sreedhar Bevara, MBA, B.Com Former Senior General Manager: Panasonic Middle East & Africa, Thought Leader, Speaker & Author of ‘Moment of Signal’ (Amazon’s International Bestseller)
47
Digital First Magazine Higher Education Digest October -November November2020 2021
7
CONTENTS
IN MY VIEW
12
48
24
60
36
72
12
24
36
CYBERSECURITY EDUCATION: THE GAPS IN THEORY AND PRACTICES
LEVERAGING AI TO MITIGATE CYBERSECURITY RISKS AND ENSURE BUSINESS CONTINUITY POST-PANDEMIC
HOW EMERGING TECHNOLOGIES ARE ENABLING HI-TECH CYBER SECURITY
ROY ZUR, CEO, THRIVEDX SAAS
ARAVIND VARADHRAJAN, SR VICE PRESIDENT & MD, METRICSTREAM INDIA AND APAC
KUNAL BAJAJ, CHIEF BUSINESS OFFICER, ESEC FORTE TECHNOLOGIES
48
60
72
THE COMING OF AGE OF CYBER SECURITIES & WHAT DOES THE FUTURE HAVE IN STORE
NEED FOR DIGITAL PAYMENTS PLAYERS TO UPGRADE THEIR SYSTEMS
CYBERSECURITY IS CRITICAL FOR SUSTAINABLE BUSINESS GROWTH
NAVDEEP GILL, FOUNDER, XENONSTACK
NIRANJAN UPADHYE, GENERAL MANAGER, FRAUD RISK MANAGEMENT DIVISION, WORLDLINE INDIA
PV VAIDYANATHAN, CO-FOUNDER & CEO, PROCESSIT GLOBAL
8
Digital First Magazine October - November 2021
16
28
40
INCREASING SECOPS AND INCIDENT MANAGEMENT EFFICIENCY WITH SOAR
DATA HYGIENE: THE SUREST FORM OF SECURITY AGAINST CYBERSECURITY ISSUES
UNDERSTANDING THE CYBER RISKS FOR MSMES AND HOW TO CURB THEM?
EXPERT OPINION
AKSHAT JAIN, CTO & CO-FOUNDER, CYWARE
RAJESH SUBRAMANIAN, FOUNDER, GHOSHAK
KUNAL KISLAY, CO-FOUNDER & CEO, INTEGRATION WIZARDS SOLUTIONS
52
64
76
84
HOW TO INSULATE SMALL BUSINESSES FROM CYBER THREATS
HYBRID TECHNOLOGY AND THE INCLINATION TOWARDS CYBER SECURITY
RETHINKING CYBER SECURITY WITH DEVSECOPS
HOW PREPARED ARE YOU FOR A RANSOMWARE ATTACK?
SANDEEP RAWAT, CO-FOUNDER & CTO, OPSTREE SOLUTIONS & BUILDPIPER
SATYAMOHAN YANAMBAKA, CEO, WRITER INFORMATION
RAM BANDREDDI, VICE PRESIDENT GLOBAL PRE-SALES LEAD & PRODUCTS (CYBERSECURITY), COTELLIGENT
16
52
RUSHIKESH JADHAV, CTO, ESDS SOFTWARE SOLUTION LIMITED
28
64
40
76
84 Digital First Magazine October - November 2021
9
CONTENTS
LEADERS’S INSIGHTS
20
32
56
44
68
20
32
44
ZERO TRUST AND COVID-19: SUPERCHARGING CYBERSECURITY IN THE TIME OF CRISIS
COMPANIES NEED TO DEVELOP AN INVISIBLE SENSE OF UNKNOWN CYBER THREATS
WHY CFOS NEED NEXTGEN INTELLIGENT PLATFORMS TO MANAGE RISK
JAYDEEP RUPARELIA, CO-FOUNDER, INFOPERCEPT CONSULTING PVT. LTD.
MOHAN RAMASWAMY, FOUNDER & CEO, RUBIX DATA SCIENCES PVT. LTD.
FLOYD DCOSTA, CO-FOUNDER, BLOCK ARMOUR
56
68
IMPORTANCE OF CYBERSECURITY IN THE HEALTH-TECH SECTOR
CYBER SECURITY: THE NEED OF REVAMPING THE CURRENT CYBERSECURITY POLICIES AND NORMS IN INDIA
PANKIT DESAI, CO-FOUNDER AND CEO, SEQURETEK
First Magazine 10 Digital October - November 2021
PIYUSH SOMANI, FOUNDER, CMD & CEO, ESDS SOFTWARE SOLUTION PVT. LTD.
80
88
92
96
80
88
INDIA, THE NEW CYBERSECURITY HUB?
READY AND STEADY: HOW CRUCIAL IT IS FOR ORGANIZATIONS TO WORK TOWARDS RE-ASSESSING AND RESTRATEGIZING THEIR IT ASSETS
RAVI PUROHIT, VP & HEAD, INDIA OPERATIONS, COLORTOKENS
SANDEEP SEKHAR, CHAIRMAN & GLOBAL CEO, C AHEAD DIGITAL
92
96
BUILDING CYBER RESILIENCE IN THE NEW NORMAL – NEED OF THE HOUR
TRENDS IN CYBERSECURITY IN 2022
VIJAY SIVARAM, CEO, QUESS IT STAFFING AND ARUNAGIRI RAJASEKARAN, DEPUTY GENERAL MANAGER, QUESS IT STAFFING
VINIT KHANDARE, CEO & FOUNDER, MYFUNDBAZAAR INDIA PRIVATE LIMITED
Digital First Magazine October - November 2021
11
IN MY
VIEW
Cybersecurity Education: The Gaps in Theory and Practices Roy Zur, CEO, ThriveDX SaaS
T
he pandemic has been a turning point for everyone and it encouraged digitalization, remote work, and online education. Internet is used everywhere around the world in business, schools, shopping, and communication. Today the web is in every aspect of our lives. India too is adopting digital solutions at a very rapid speed. However, as every coin has two sides, so does the internet has. One has to be aware of the risks it involves. A plethora of information on the web has increased the risk of its stealing and misuse. There are scams and cyber crimes on the internet that affects private data and information. Cybersecurity deals with preventing the network and data that is available on the web from cyber attacks by hackers. Hence, it is crucial to have a cybersecurity professional in the organization who can deal with cyber crimes like hacking, phishing, spoofing, and DDOS attacks. Today, becoming a cybersecurity professional is the most in-demand and promising career path.
First Magazine 12 Digital October - November 2021
Digitalization is creating a demand for cybersecurity professionals
ROY ZUR
Roy Zur is a cyber intelligence expert, the founder and CEO of several cyber companies, including Cybint, a cyber education company. Roy has more than 15 years of experience in cybersecurity and intelligence operations from the Israeli Defense Forces, Unit 8200 (RetiredMajor) and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.
Digital First Magazine October - November 2021
13
Cybersecurity education in India Today, in India, cybersecurity is offered as one of the subjects in the broad discipline of Computer Science. Universities and technical institutions in India offer courses at graduation and post-graduation levels like B.Tech, M.Tech, BCA and MCA focusing on Computer Science which includes a specific subject on cybersecurity. However, barring a select few institutions, the importance of cybersecurity is limited to a topic in the study of computer science. Moreover, such courses in India to learn and understand cybersecurity are only limited to higher-level education.
and is evolving rapidly. This results into techniques getting outdated quickly. A career-accelerated bootcamp is a solution that upskills an individual on a regular basis based on the latest development in the industry. India is ranked 3rd in terms of the number of cyberattacks, which increases the need for cyber professionals. The professionals are dealing with simple issues and lack the practical experience to deal with these high-end attacks. Threat analysis, audit analysis, cyber forensics, etc. should be part of courses. Governance, control management, ethical hacking, and security programs are necessary for the curriculum. To reduce the risk of data breach we need to train our workers with proper technical knowledge and every department must have cybersecurity professionals as a part of their team.
Curriculum for cybersecurity The course curriculum in the colleges and institutes that offer courses on cybersecurity includes cyber law, Bootcamps cyber-crime investigation, ethical Bootcamps are very useful exercises hacking, and information security. in preparing the students and working The curriculum also includes android professionals for real-life situations. penetration programming, python, They are as practical in the laboratory, digital forensics, the dark and deep Cybersecurity where the participants are required web, risk management, cyber law, and to deal with the given situation. It malware analysis. deals with teaches the participant to be engaging, This curriculum presently focused preventing the futuristic, and ingenious. Bootcamps more on theoretical knowledge or deal with live training and insight presentation-based teaching. However, network and data into current cybersecurity problems. more emphasis is needed on hands-on that is available They successfully teach students to experience and practical knowledge. learn and practice the issues and how Cyber-attack simulation techniques on the web from to handle them. India has very few and live workshops can be included to cyber attacks by bootcamps focusing on cybersecurity enrich students’ understanding. and there is a lack of awareness about To be a good cybersecurity hackers such programs. professional some additional basic While these bootcamps can prove skills are required which supplement to be skill enhancement platforms, the core cybersecurity learning. These they also provide essential skills that are required to be skills include problem-solving techniques, IT skills, and employable. Our Cybint Cybersecurity bootcamp has communication skills. a placement rate of 95% with all our attendees have Further, the curriculum needs to be dynamic with 100% satisfaction. evolving trends and hence, they are to be in line with international standards with case studies from across Final thoughts the globe should be included in the curriculum. It is Digitalization is creating a demand for cybersecurity necessary to have an overall exposure to every kind of professionals. But the lack of dynamic practical scenario that may arise. knowledge is creating a gap between the workforce and the unemployed professionals. It is time to take action to bridge Why there is a gap between skills required and this gap. Hackathons and bootcamps must be organized in skills acquired? large numbers. Participation in such competitions should Today, India has thousands of cybersecurity job positions be promoted. unfilled and the reason is the gap between the skills that The career path of a cybersecurity professional is a company needs and the skill set that a professional has. bright and India must act now to make the best use of it. Further, the cybersecurity, as a domain, is highly dynamic
First Magazine 14 Digital October - November 2021
Digital First Magazine October - November 2021
15
EXPERT OPINION
Increasing SecOps and Incident Management Efficiency with SOAR Aman AkshatGupta, Jain, Co-founder, CTO & Co-founder, D Yellow Cyware Elephant
C
ybersecurity is an ever-evolving domain with new challenges every day as both the attackers and defenders continue to improve their capabilities. For cyber defenders, it is paramount that they have an edge over their adversaries at all times. Even when the attackers manage to sneak past existing defenses, the security teams must have the ability to respond swiftly and decisively to prevent them from achieving their malicious objectives. However, many organizations face operational hurdles and limitations in SecOps that can only be overcome with collaboration between the people, processes, and technologies involved in it. The uneasy status quo Security analysts have a lot on their plate. On a daily basis, they have to review, prioritize, and triage hundreds or even thousands of alerts generated through various sources. While organizations have finite human resources for security operations, the volume of threats is only growing every day. This unending stream of alerts can hamper their
First Magazine 16 Digital October - November 2021
Akshat is the Chief Technology Officer and Co-founder at Cyware. A thought leader and a creative thinker, Akshat has immense expertise in bringing innovative technology solutions for tackling societal and enterprise problems. Akshat holds a Management degree from the most prestigious business school in India, IIM Lucknow, and a Master’s degree in Computer Science from the Central University of Hyderabad. Before Cyware, Akshat served as the Director of Programs at Oracle and was key to facilitating cloud ventures for Oracle Enterprise Manager. His earlier role at Adobe Systems also shaped the company’s core products to grow to a substantial scale and helped secure several patents in core technology domains.
Digital First Magazine October - November 2021
17
ability to react quickly and effectively to a critical incident. Security analysts need to follow set procedures, often involving many manual, repetitive tasks while responding to alerts or incidents. A lot of time and effort gets spent on tasks that do not really require their expertise and which can be automated away. While organizations employ many different security tools and processes to cover all bases, security teams still have a mountain to climb to ensure that the resources at their disposal are used efficiently to counter the most critical threats. It is a major challenge for security managers and other senior executives to get up to speed with the complexity and scale of security operations for an organization with thousands of different assets, numerous data stores, applications, users, and associated third parties. Additionally, these assets may be spread across multiple environments, including on-premise, hybrid, or cloud platforms, thereby adding to the security risks and the variety of threats they face. The lack of quick decisionmaking and effective incident management can result in disastrous effects on the organization’s data security, business processes, operational reliability, customers, and brand reputation. What’s the solution? The cure to these pertinent issues in SecOps and incident management lies in building bridges across different areas of the security organization through security orchestration and reducing human effort through automation to drastically improve the performance and response capabilities of security teams. Security Orchestration, Automation, and Response (SOAR) refers to three key capabilities — threat and vulnerability management, security incident response, and security operations automation — that every organization needs to operate securely in today’s threat environment. Security orchestration relates to the combining of different technologies and connecting security tools to enable them to work together in incident response to exchange security information and execute actions across the stack. When security automation is added to the mix, security teams can use the power and agility of a machine to analyze and respond to alerts, implement mitigation measures, facilitate reporting of key metrics, and much more. Let us dive deeper into the role of SOAR solutions in improving efficiency and performance and extending the reach of SecOps. How SOAR helps transform SecOps? • Extensive Integration - The true advantage of SOAR solutions is to allow the seamless flow of information
First Magazine 18 Digital October - November 2021
While organizations have finite human resources for security operations, the volume of threats is only growing every day
and actions between existing security tools. Security teams usually employ a variety of tools such as SIEMs, firewalls, intrusion detection systems, and threat intelligence platforms, many of which are not built from the ground up with interoperability in mind. This forces analysts to do a lot of legwork while analyzing an alert or responding to an incident. Security orchestration and automation, as an integral element of cyber fusion, can help piece together the different parts of the puzzle, saving a lot of time and allowing the analysts to focus on other tasks. All in all, every security function benefits from the acceleration of internal processes through such integration. • Faster Threat Response - SOAR solutions provide the ability to respond to threats automatically in a number of scenarios that occur on a frequent basis. Threats such as malware intrusion on systems, suspicious network connections, phishing emails, and many others require quick reaction on the part of security teams to prevent further spreading of the threat. This is where SOARdriven automated Playbooks come into play to provide a quick and effective response to contain incidents through machine capabilities while leaving room for deeper investigation by analysts where needed. • SecOps Consistency - The automation of incident response comes with the added advantage of consistency in various security workflows. This reduces the chances of human error and makes the job of analysts easier through well-defined and structured processes. Additionally, it helps organizations meet security compliance requirements and avoid any surprise outcomes. • Connecting the Dots - For an effective response against sophisticated threat campaigns, analysts need to understand the threat by collating information from different perspectives, including all incidents, vulnerabilities, malware, assets, and threat actors linked to it. Cyber fusion-powered SOAR platforms enable security teams to connect the dots between these diverse parts of the threat environment to identify appropriate response measures. • Threat Intelligence Operationalization - While many organizations today ingest threat intelligence from different sources, the threat intel does not provide real value until it is put into use in their existing security processes and to shape their security strategies. Within a cyber fusion-powered SecOps environment, threat intelligence operationalization becomes straightforward through the infusion of actionable threat intel into threat response workflows and through automated dissemination to key stakeholders.
• Cross-Functional and Cross-Environment Workflows - Each security tool is designed to address specific use cases for a security function within a certain environment. This makes it challenging to exchange information across different security functions and environments. An advanced SOAR solution with cyber fusion capabilities can facilitate complex orchestration workflows across different environments, including on-premise and cloud, without adding any security risks to the organization’s network. With this, different SecOps teams can collaborate more easily and leverage the information and capabilities of each other’s tools. Reach SOARing heights with Cyber Fusion While implementing SOAR provides many benefits, organizations can further upgrade their SecOps by enhancing it with the Cyber Fusion model. Different security functions within an organization operate in a siloed manner that leaves little room for communication and knowledge sharing with other stakeholders within and outside the organization. Oftentimes, there is a lack of any cross-pollination of ideas and learnings from one team to another within SecOps. For security decision-makers, the governance of security operations is also a major challenge without adequate visibility and control over their threat environment. These issues push organizations into making the same security mistakes over and over again without iterative improvement and the streamlining of their security operations. Organizations can truly step into the future of SecOps and incident management by combining SOAR, threat intelligence, and extensive threat management capabilities using cyber fusion. This provides a new outlook to the way security teams function, by bringing them together under one umbrella and streamlining their activities with smart orchestration, automation, and the infusion of threat intelligence to proactively identify and mitigate all kinds of threats. The key takeaway Considering the always-on arms race between cybercriminals and security teams, there is a dire need for reliable solutions to improve SecOps efficiency and to manage a growing number of security incidents. The advent of security orchestration and automation technologies has been a boon for security teams in their quest to stay ahead of the shape-shifting cyber threats. Through the integration and automation of their SecOps, organizations can dramatically reduce their cyber risks and maintain cyber resilience in the long term.
Digital First Magazine October - November 2021
19
LEADERS’S INSIGHTS
Zero Trust and COVID-19: Supercharging Cybersecurity in the Time of Crisis Floyd DCosta, Co-founder, Block Armour
Floyd DCosta is Co-founder of Block Armour, a Mumbai- and Singapore-based startup focused on harnessing the potential of blockchain technology to counter growing cybersecurity challenges in a bold new way. Its flagship IoT Armour solution is designed explicitly to provide military-grade security for connected devices and critical infrastructure in the Internet of Things (IoT).
First Magazine 20 Digital October - November 2021
Many organizations may still rely on a VPN to provide remote users and external third parties access to IT systems
T
he outbreak of the novel coronavirus, from December 2019, has rapidly gone global with cases being reported from almost every country in the world. The WHO has since officially designated COVID-19 and governments have launched unprecedented responses, with many nations ordering lockdowns to control the transmission of the virus. With employees forced to work from home, the pandemic has put most businesses in an exceptionally challenging situation and largely uncharted waters, InfoSec-wise. To quickly facilitate remote access to IT systems, many IT departments are using VPNs. While this speedily allowed for business continuity, the large numbers of remote workers and increasing workloads has resulted in unanticipated stress on the
enterprise VPN, causing chokepoints, adding latency and heightening cybersecurity risks. Enterprise VPN technology has been unquestioningly relied upon to provide employees, clients and third parties with secure remote access to internal IT systems. However, modern technologies, including the rapid migration of applications to the cloud, have resulted in largely hybrid and distributed IT environments. And, what was once an effective remote access tool, has become increasingly insufficient to address the needs of today’s modern digital enterprise. The vanishing enterprise perimeter and the risks it has brought In the past, there was a well-defined enterprise IT perimeter. All users, devices and systems sat within
Digital First Magazine October - November 2021
21
this high-walled network. With contractors, suppliers and clients now requiring anytime, anywhere, instant access to applications, the migrations of infrastructure and systems to the cloud and themes like BYOD and IoT becoming the norm, the previously closed IT environment has quickly transformed into a hybrid, highly networked and widely distributed ecosystem. This growing ‘mobility’ of users and swelling enterprise perimeter has resulted in greater exposure to cyberattacks. The COVID-19 crisis and the ensuing lockdowns have exponentially compounded that. It has put an exceptional strain on InfoSec teams that struggle to secure this new digital ecosystem with yesterday’s tools which simply lack the ability to enforce the granular access control and network privileges. A smarter way forward With the enterprise IT no longer centred around its own offices and internal data centres, and digital transformation becoming a norm, security teams would need to look at new approaches and technologies to secure the modern digital enterprise ecosystem. One emerging approach that is swiftly becoming the preferred option among progressive InfoSec teams is Zero Trust. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect distributed digital environments by leveraging network segmentation, preventing lateral movement, providing a Layer 7 threat prevention, and simplifying granular user-access control. It provides for comprehensive secure access to applications and environments, independent of user, device, and location. When combined with sophisticated architectures like Software-Defined Perimeter (SDP) and emerging technologies like Blockchain, Zero Trust is able to address many of the shortcomings of the traditional castle-and-moat approach with its legacy VPNs. Having evolved from the work done at the Defense Information Systems Agency (DISA), SDP renders application infrastructure effectively ‘invisible’. The SDP toolkit includes a controller with a policy engine which authenticates and authorizes all endpoints trying to access a particular infrastructure before fine-grained access to that application infrastructure is granted. Blockchain technology is an immutable time-stamped series of records that is cryptographically secure, distributed and managed by a cluster of nodes. The three pillars of Blockchain technology – Decentralization, Transparency and Immutability – deliver a scalable, resilient and robust backend system along with a new breed of tools for digital identity, authentication and authorization of users as well as connected devices in today’s digital world.
First Magazine 22 Digital October - November 2021
A Zero Trust system, when stitched together using SDP architecture and Blockchain technology, is able to deliver fine-grained micro-segmented network access to business applications, irrespective of whether they are hosted onpremises or across one or multiple Clouds.
Enterprise VPN technology has been unquestioningly relied upon
So where does enterprise cybersecurity head from here? Many organizations may still rely on a VPN to provide remote users and external third parties access to IT systems. However, in the new reality of the novel coronavirus pandemic and workforces being mandated to work from home, the traditional security approaches will fall short. Crises, like Covid-19, will only act as a catalyst for change. The generally dissipating enterprise perimeter along with the modern workforce preferences will anyways necessitate IT teams to leverage approaches like Zero Trust along with emerging technologies to secure the ever-expanding, hybrid and distributed IT environments.
Digital First Magazine October - November 2021
23
IN MY
VIEW
Leveraging AI to mitigate Cybersecurity Risks and ensure Business Continuity Post-Pandemic Aravind Varadhrajan, Sr Vice President & Managing Director, Metricstream India and APAC
T
he pace of digital transformation in India has accelerated rapidly since the COVID-19 pandemic. Our dependency on technology has gone up with more businesses now taking a digital-first approach. While this may bode well for India’s digital transformation mission, on the flip side, it has opened doors to new risks that can have damaging consequences on business continuity. Given this situation, business leaders need to have a clear understanding of the exposure, vulnerabilities, and potential losses on emerging cyber threats to their companies. In fact, the need to implement a concrete risk-based approach to cybersecurity is more now than ever before. And here’s why businesses should consider automated IT-based governance, risk, compliance (GRC) approach to effectively counter cyber threats. An increasing digital footprint has made businesses more vulnerable to cybersecurity risks As companies expand their digital footprint, they become more prone to cyber-attacks. The increasing amount of data from IT security monitoring and performance tools makes them more vulnerable to potential cyber threats. A recent survey by a prominent firm showed
First Magazine 24 Digital October - November 2021
AI can help organizations to keep sight of their cyberattack risks
ARAVIND VARADHRAJAN
Aravind’s passion for inspiring others and leadership style have been at the forefront of his professional success. In addition to empowering his team, Aravind is a champion of diversity and inclusivity. In founding the APAC region at MetricStream, he has demonstrated a willingness to think outside the box solving customers’ most difficult challenges and delivering long-term value. His focus on high-performing teams is evidenced by his years of experience across a range of roles including pitching elaborate sales and marketing concepts, leading product development, and developing new markets.
Digital First Magazine October - November 2021
25
that Indian companies experienced a 25% jump in cyber threats during the pandemic. It brought to light the cybersecurity challenges companies had to deal with as people started working remotely. Another study showed that the most common cybersecurity issues that Indian companies encountered were related to insider threats and data breaches. Leveraging AI to thwart cybersecurity incidents Business leaders, therefore, need faster and better risk visibility to make quick decisions. This can be achieved by adopting an advanced integrated, and automated IT-based GRC approach to business. Businesses have started augmenting threat-monitoring tools with Artificial Intelligence (AI). The potential for finding patterns of security vulnerabilities and IT asset performance can be significantly enhanced by the incorporation of this technology. However, AI still requires human analysis of the reports from those assets. Applying machine learning, GRC solutions can learn from human analysis and then continuously monitor for the emergence of high-risk vulnerabilities, thus catching them and, through cognitive computing, orchestrate corrective action that can prevent a major incident or failure. How it works Globally, AI is already improving the discovery of data relationships in governance, risk, and compliance (GRC). So now, if a risk assessor creates a link of a risk to a business objective, an auditor identifies a relation of a risk to control, and an IT security manager identifies a link between a control and an IT asset, an analyst now can evaluate the relationships between IT assets, risks and controls, and business objectives. Given enough time, through machine learning, a GRC system leveraging AI could begin to distinguish these relationships on its own. The system can then augment the discovery of linkages between data objects and make suggestions to human end users of the system. Additionally, rather than waiting for a human analyst to evaluate the relationships and trends, AI-backed GRC solutions could utilize cognitive computing to continuously analyze the data objects for any changes that could lead to greater risks or control failures. Any detected threats to the ability to achieve business objectives would automatically alert human analysts for investigation. Ultimately, AI allows for saved time and a much more efficient process. When issues are identified earlier, it
First Magazine 26 Digital October - November 2021
scraps the need for the manual sorting of excess amounts of data. In turn, the accuracy that AI provides in weaving through the complexities of cybersecurity issues is more than any trained professional could provide. Enhancing risk management through AI-powered recommendation engines An AI-powered observation recommendation engine uses historical data available in the system to intelligently identify and classify the observations into areas such as cases, incidents, issues, and loss events. The use of artificial intelligence helps risk managers to improve the speed and accuracy of triaging these observations. The ability of artificial intelligence and machine learning models to analyze large amounts of observations improves analytical capabilities in risk management and compliance, allowing risk managers to identify risks in an effective and timely manner, make more informed decisions, and make operations less risky. AI is a game-changer for managing cyber risk One of the biggest concerns for organizations is that they might not even be aware of the breach in progress. Cybercriminals target the weakest link which can’t be patched – people – who are working remotely, and this makes it even more challenging for organizations to manage their cybersecurity. As complex cyber-attacks are performed in stages over a period, organizations can perhaps reduce the damage caused by the attack if they were somehow better informed about the attack in its initial stage. AI can help organizations to keep sight of their cyberattack risks by evaluating the risks associated with their people (employees, partners, vendors, stakeholders, etc.), processes, and technologies. Artificial Intelligence, therefore, is a game-changer for risk management and is one of the key drivers for transforming any industry. It saves time, boosts revenue, identifies risks and fraud, and adds value to the organization while ensuring business continuity. As it turns out, the pandemic has triggered a surge in IT and cyber risk investments where key focus areas include IT security solutions and regulatory compliance. Overall, one can hope that the more organizations prioritize and invest in IT and cyber risk management systems like AI, the better prepared they will be to deal with both the opportunities and threats of operating in an increasingly digital world.
123
Higher Education Digest October 2020
Digital First Magazine October - November 2021
27
EXPERT OPINION
Data Hygiene: The Surest Form of Security Against Cybersecurity Issues Kunal Kislay, Kunal Kislay, Co-founder and CEO of Co-founder & CEO, Integration Wizards Solutions Integration Wizards Solutions
C
yber data hygiene is a mechanism to maintain the health and security of our systems to avoid any digital mishap. Threats like malware, phishing attacks, password theft, frauds, and cloud security breaches are on an all-time high. Our lives have shifted to virtual spaces across devices. Passwords help us enter the world of entertainment, online shopping, social media, and banking, to name a few. A unique digital identity is constantly being created, ever-enriched with various personal credentials. An active digital footprint is generated by logging into multiple channels, posting on social media, and sharing data access with third parties. A passive digital footprint is unintentionally generated when the touchpoint utilizes device location and other information sans access permit. The digital trail built is shaping our lives in numerous ways. Companies often seek social activities for character analysis of prospective employees. It even acts as evidence for relevant authorities in some instances. On the other hand, it also attracts hackers, who seek data for nefarious purposes. Once the data is leaked, it is not easy to protect one’s personal information from going public.
First Magazine 28 Digital October - November 2021
Kunal Kislay is a B.Tech IIT Bombay alumnus with 10-plus years of experience in enterprise mobility, Internet of Things, AI, Neural networks and Machine learning. Creating solutions for a vast array of verticals made him understand the pulse of technology and its changing paradigms. He used to work at Antenna Software as lead architect where he developed enterprise mobility platforms and solutions for some of the largest organizations in the world. After Pegasystems took over Antenna Software, Kunal, alongside his two Colleagues, Saquib Khan and Kumar Raman, bootstrapped Integration Wizards in 2014.
Digital First Magazine October - November 2021
29
According to Cybersecurity Ventures, cybercrime losses are expected to exceed $6 trillion in 2021. A moment of weakness can threaten and compromise sensitive data. However, certain practices may reduce, if not remove, the chances of such threats entering our devices. A sustainable, easy-to-follow cyber hygiene ritual done at regular intervals, coupled with the following, can be helpful. Check your Digital Footprint: Some websites inform whether one’s data may have been exposed to unknown parties. The compromised data is not retrievable, but one will remain cautious in the future. Document your Equipment: Know both the hardware and software of your devices. Reset the old ones that are no longer in use. Update the software on active devices. Track the recent update when provided by the authentic developer. Run software updates timely: Out-of-date software contains a plethora of digital activity. Cybercriminals can easily mine this information if the software is not up-to-date. The updates shared by software providers close these vulnerabilities reported or identified in regular check-ups. Device Protection: A password or a lock pattern is a must on all devices. If accidentally misplaced, this secures unwarranted access. Avoid opening suspicious emails. Keep track of applications downloaded. Remove the ones not in use anymore. While choosing to download an app, the developers disclose what kind of information will be collected. Make conscious choices when it comes to sharing the access. Choose Passwords wisely: A general rule of thumb is to create strong and memorable passwords. Upper/lower case letters, symbols, and numerals, uniquely mixed, can be decoded only by the maker. Passwords like birthdates, anniversaries, and the names of close ones should be avoided as they might be easily detectable. Remembering unique passwords for multiple channels can be difficult. A password manager is an excellent tool to be deployed. Use Password Managers: These are automatic management tools that prioritize security and time. The password managers, in-built within web browsers, do not guarantee comprehensive security. Password managers help store, manage and protect all passwords in one place. It can generate unique and complicated passwords that shall be only accessible to its rightful owner. It can also suggest a time to create a new one and comply with crucial cybersecurity practices.
First Magazine 30 Digital October - November 2021
Multi-Factor Authentications: The most commonly known is two-factor authentication. Another method of login is generating a One-Time-Password. It creates additional steps to get access to a particular channel. This may be a question that only one person may know an answer to. In some cases, one may be able to set the question as well as the answer. Virtual Private Network (VPN): VPN protects our data by creating a private network, providing anonymity to the home/public network. The digital footprint is protected as the external website cookies installed are unable to decipher the original address of the user. Internet browsing and activity are, hence, harbored with a strong barrier. Back-Up Data: All data should be backed up regularly to a secondary source. Hard Drives for offline backup or cloud storage for online backup should be used as dependable storage units. This also assures fewer chances of personal/business data tampering if an offline backup version exists elsewhere. Don’t Accept All Cookies: We have come across a notification box asking us to accept website cookies. Various misleading consent notices are put with such notifications. The option to decline access is usually not given directly. Otherwise, selective freedom is given to people when choosing what the channel can access. By deploying such ‘dark patterns,’ websites mislead visitors to create a pool of information to run their business decisions. Select the options opposite to ‘accept all.’ Mostly, nothing has to be changed; only the ‘save as preference’ option has to be clicked. The user usually procrastinates this extra step. The Future Virtual Disposable Machines: If your laptop/ computer is affected by malware, it is difficult to remove the same from the device. VDMs act like mini PCs in the original PC. If malware affects the VDM, it can be reset and ready to use again. No other data outside the VDM is lost. These systems might be revolutionary for sectors like e-commerce and banking, which generate and maintain large amounts of sensitive data. Conclusion Cyber data hygiene is nothing less than an exercise that provides immunity to battle threats. The fragility of all systems is such that if any barrier is broken, there is no way back to security. The more obstacles we create, the better. Moreover, prevention is in our hands, and the consequences might be nearly unbearable if one loses control of their data. It is, hence, imperative to mindfully build our online practices, monitor and protects the same.
!ncredible
No matter where you decide to go in India, you’ll find something incredible. And right next to that, you’ll find us. Safe and sanitised stays, waiting to host you. So pack up your bags, dust those boots, come to an OYO near you.
Digital First Magazine October - November 2021
31
LEADERS’S INSIGHTS
Companies Need to Develop an Invisible Sense of Unknown Cyber Threats Jaydeep Ruparelia, Co-founder, Infopercept Consulting Pvt. Ltd.
Jaydeep Ruparelia is the Co-founder and Director of Security Strategy at India/Ahmedabad-based Infopercept Consulting Pvt. Ltd., a leading Managed Security Services provider with footprints across India, Middle East, Africa, and the US. Jaydeep has an experience of more than 15 years in the cybersecurity and strategy domain. As the Co-founder of Infopercept, he is involved in driving the firm’s operational strategy, and developing and nurturing business relationships across the globe.
First Magazine 32 Digital October - November 2021
Many organizations are starting to realize that a proactive cybersecurity strategy is one of the best defences
I
t has been nearly nine months since the Coronavirus pandemic struck out of the blue. Remote working or work from home as it is commonly described has become the new normal. Since we are still months away from a vaccine, work from home will continue to be the case for the foreseeable future. A lot has been said and written about how this has given rise to new challenges for companies. Cybersecurity is one of the very major challenges the Covid-19 pandemic has given birth to, and ensuring the safety and security of digital assets has emerged as one of the biggest, if not the biggest, priorities of companies in the last few months. With digitization on the rise and work from home expected to continue for a large majority of
the companies, they need to prepare checklists about the routine tasks assigned to respective departments as well as functions within companies. Prioritizing security strategy depends on how well the leaders can define the criticality of the cybersecurity signals and threat intelligence and collate it into a business context that can be customized to enterprises. Moreover, there is also a strong scientific logic behind having checklists and prioritizing, as it helps us concentrate on the core tasks that require our attention to achieve the daily plans. When it comes to cybersecurity, the most important checklist is to be in a position to be able to foresee any existing or looming threat. Cyber-attacks are growing steadily in number, strength, and variety. In parallel, even the most sophisticated adversaries
Digital First Magazine October - November 2021
33
Cyber-attacks are growing steadily in number, strength, and variety
First Magazine 34 Digital October - November 2021
are using surprisingly unsophisticated means to wreak damage. In many of the cyber-attacks, cybercriminals have been successfully able to mimic legitimate user actions and avoid being spotted on the radar of protective measures. Many organizations are starting to realize that a proactive cybersecurity strategy is one of the best defences. Organizations should see where the threats are coming from, how they can move within their network, find out where the vulnerabilities in their defences are, and close them before cyber attackers can take advantage. To give a corollary, in a Formula 1 car race, each participant is trying to zip through the race track in his bid for the checkered flag. A winning game plan or strategy is a must to perform well on the race track, and car companies spend heavily to chart these plans. When it comes to the actual race, failure to keep a close eye on the racer trailing him can lead to the leader being left behind or worse going out of the race. The trailing racer also has the advantage in the sense that he can easily observe how the leader is manoeuvring his car, and look for any weaknesses or misstep that he can exploit to get ahead. In the same way, companies need to be prepared with their cybersecurity strategies and always be on the lookout for cyber adversaries. During a cybersecurity incident, acting quickly is critical. It can be the difference between surviving and perishing. Also bear in mind that unlike Formula 1 car race, where the drivers and teams are bound by the same set of rules, no such regulations apply to cyber adversaries. Their sole aim is to inflict the maximum damage possible on the target company. Having a shield to protect the business from the growing number of cyber adversaries is not just recommended, but is a must. Our Observe, Orient, Decide & Act loop is designed to help people make decisions and take action rather than freezing up and doing nothing. This process can be invaluable to an information security practitioner and has numerous applications, both offensive and defensive. As a cybersecurity company, we are seeing highly potent and multiple attacks being launched against target companies. We believe in not just negating the attacks, but counter-attacking the cyber adversaries with a unique combination of services, solutions and strategies wrapped in a perfect sense of cybersecurity. With our new product Invinsense, we have taken cybersecurity to the next leg of the warfare where we create traps, and once the cyber adversaries have walked into it, we strike them.
34
Higher Education Digest July 2020
Digital First Magazine October - November 2021
35
IN MY
VIEW
How Emerging Technologies are Enabling Hi-Tech Cyber Security Kunal Bajaj, Chief Business Officer, eSec Forte Technologies
A
survey commissioned by Infosys found that 70 percent in the hi-tech industry have a well defined strategy implemented. They are anxious about hackers, low security awareness among employees and insider threats. While digital technologies are making us susceptible to cyber-crime we do have a host of options before us that enable us to fight the menace of the future. Artificial Intelligence is the future As we progress towards artificial intelligence, one can leverage AI technologies to protect against sophisticated malware, ransomware and social engineering attacks. Machine learning which forms the backbone of AI might prove beneficial to identify new cyber-attacks, draw statistical inferences and help security platforms by providing reliable information. Automation also allows horizon scanning and monitoring of networks that can report on deviations and anomalies in real time. Privacy is the key Privacy enhancing computation enables protection of data while it is being used. It came into being as organizations collaborate on research
First Magazine 36 Digital October - November 2021
A cybersecurity mesh allows for the security perimeter to be defined
KUNAL BAJAJ
Kunal, an ever-enthusiastic visionary, has been heading the Global Business operations and Strategy at eSec Forte Technologies since past 8 years. eSec Forte is a leading Multinational with services spanning across Information Security and Cyber Forensics serving Fortune 500, Defence and several Govt Organizations. Before beginning his stint with eSec Forte, Kunal was associated with Wipro Technologies as lead Consultant for Emerging Technologies. Kunal is a Business professional with over years of experience and a demonstrated history. Further, Kunal is skilled in strategizing, steering and expanding businesses, driving growth for technology-led products, and marketing.
Digital First Magazine October - November 2021
37
securely across regions without sacrificing confidentiality. It provides a secure environment where sensitive data can be processed, can be done in a decentralized manner and can also encrypt data and algorithms before processing or analytics. Supercomputing is the next alternative Humans are prone to errors. This might cost organizations if something gets unnoticed. In this respect, supercomputing can be a gamechanger in the field of cyber security. According to MIT Lincoln Labs Fellow Jeremy Kepner, detecting cyber threats can be enhanced if we have an accurate model of normal background network traffic. Analysts could easily compare the internet traffic data they are investigating with these models to detect anomalous behaviour and raise an alarm. Let clouds be distributed The pandemic has taught us that operations should be conducted seamlessly from anywhere. Distributed cloud helps cloud services to be distributed to different geographic locations but the operations remain the responsibility of the public cloud provider. It also helps companies to be compliant to country specific law that dictates data to be located within the national boundaries. It also helps organizations to deal with low latency scenarios and also helps in reducing data costs. Studying behaviour While behavioral analytics has so far helped in delivering social media and online advertisements to the right set of audience it is being explored in the field of cyber security. It helps detect potential and real-time cyber threats. For example, if there’s a sudden spike in data transmission from your device it might ring an alarm. So far behavioural analytics has been used for networks but now it is increasingly used in systems and user devices. Using hardware for authentication Gone are the days when we used to rely on PIN and password to verify a user’s identity. Intel has achieved a breakthrough in this field. It has come up with Sixthgeneration vPro Chips which are embedded in the hardware itself. Embedded Hardware Authentication would make use of multiple levels and methods of authentication that would work in tandem. Leverage blockchain as well While blockchain works on the principle of identification between two parties in a transaction, the same process can be used in ensuring a secure cyberspace wherein the
First Magazine 38 Digital October - November 2021
members involved in a transaction would be responsible for authenticating the data that has been added. Thus blockchain paired with Artificial Intelligence can be used effectively to protect against cyber threats.
Automation also allows horizon scanning and monitoring of networks that can report on deviations and anomalies in real time
Be on alert all the time The Zero-trust model works on the principle that the network is always prone to be compromised and hence one must always be on their toes and identify data critical to business, map the flow of data, logical and physical segmentation and enforcement through automation. Reimagining cybersecurity in today’s world In today’s world when ‘work from home’ is the norm, a cybersecurity mesh allows for the security perimeter to be defined around the identity of a person or thing which enables a more modular, responsive security approach by centralizing policy orchestration and distributing policy enforcement. The Internet of things, artificial intelligence, 5G network and a host of other technologies are going to make cyber security a huge deal. Though we are more vulnerable to cyber threats in today’s context we must also look at the new-age technologies that are booming which would help us in fighting cyber crime. Let us embrace technology and be on alert as well.
Want to find Investor for your Startup?
Digital First Magazine October - November 2021
39
EXPERT OPINION
Understanding the Cyber Risks for MSMEs and How to Curb Them? Kunal Kislay, Rajesh Co-founder Subramanian, and CEO of Integration Founder, Wizards Ghoshak Solutions
W
ith the dominance of technology and everything social media, there is no option but to adapt to this new world. The pandemic amplified the need for the adoption of technology by 10X. The giant industries and companies had the resources readily available to transform digitally with security measures at a place. But there have always been underlined security threats. The phishing attacks and the threat to customer data is the prime source of concern for any organisation. Over the period of time, the matter has shifted to bring in more secure reasons to curb these rising threats. Technology has disrupted almost every industry including MSMEs. While other sectors had the tech resources available at their disposal, only a few companies supported small and medium-sized businesses. When the disruption was happening, most of the corner shops that have been fulfilling our daily needs were ignored. There was a gap that needed to be bridged to smoothly and efficiently equip these businesses to cut down their overhead expenses at a minimal cost while keeping the business afloat. Few companies are now focussed on solving this
First Magazine 40 Digital October - November 2021
Rajesh Kumar Subramanium is an ex-Amazon and ex-SAP product and software developer with a rich experience of 15 years in the industry. He leads the product development of Ghoshak.
Digital First Magazine October - November 2021
41
issue and are providing a 360-degree solution to small businesses. From online customer booking, taking appointments, online billing, and inventory management to the daily sales report, MSMEs can now conduct their day-to-day business operations efficiently at a lower cost than a monthly tea. The trend that started which big businesses has now trickled to small companies as well. With many security measures in place, one must always be alert and know how to protect their business, no matter the scale of the operation. Lately, small and medium-sized businesses have also started to realise the severe exposure to cyberattacks and threats. The challenge with MSMEs is the need to understand the amount of damage from such attacks and the available resources to mitigate the loss. Many of them don’t have IT support or a team due to the scale of operation and the cost. Even if these business owners hire IT support, the problem lies with understanding the complexities of the cyber threat landscape. Such issues can be handled by taking the correct measures and learning about the cyber world and its threats. It’s all about Awareness To get to the crux of anything, one must have a knowledge base, especially something like cyber security. For any small business owner who is embarking on his digital journey can be a little challenging to understand the whole tech world. But a plug-and-play technology provider like Ghoshak can help them get up and running with things. When it comes to cyber security and possible threats that can cause harm to their business can be a little tricky. A piece of basic knowledge about the market and its latest happenings can help them be alert. Cyber Immunity: The new buzzword Why awareness is essential for any business is that it subsequently builds cyber immunity. Gathering the knowledge and upskilling yourself will not work alone. It is vital to pass down similar expertise and share the effects of cyber attacks with your support staff or partner(s). Small and medium sized businesses have been shying away from technology for a long time. Still, with the pandemic looming its tentacles upon everyone and sparing no one, technology has emerged as a boon in disguise. All these business owners must take technology as a tool that can be leveraged for their own good. From running their day-to-day business operations smoothly to combatting cybercrimes, a combined awareness can help build cyber immunity. Technology can easily erase
First Magazine 42 Digital October - November 2021
the possibility of manufactured errors and can fasten the overall business process. Tier-2 and Tier-3 cities on the rise India is essentially a hub for MSMEs. There is no denying the fact that the pandemic has only amplified the number. In the last year, businesses like home chefs, bakers, thrift shops, homegrown fashion brands, environment-friendly products, and wholesale suppliers have risen. And most of them are from Tier-2 and Tier-3 cities. While people are taking charge of their businesses by adopting various digital means, it is also essential for them to be aware of the possible threats that may occur. Therefore, it is crucial to form allies with the local service provider and be assured of the network’s security. Most of the small businesses must take care of this. At the same time, medium sized businesses that operate on a slightly larger scale can hire a professional IT person or a consultant to keep their online business operations secure. Some key measures that small businesses can take to protect themselves against a possible cyberattack: 1. If you wish to download an app on your shared device or a platform, do it from a trusted source. 2. Always use multi-factor authentication whenever possible for more security. 3. Use complex passwords, a combination of upper case, lower case, numbers, and special characters. Avoid keeping easily predictable passwords, like a birthday or anniversary date. 4. Don’t share passwords with anyone. If you have a shared device, then keep a separate log-in. 5. Use a pin or password to lock your phone from which you usually conduct your business or keep a separate device/phone for business purposes. 6. Lastly, keep your OTP safe and don’t share it with anyone. When we talk about cyber security, there can be many threats and several solutions for each one of them. For any small or medium sized business it is vital to identify the core of their business and where the most threat can be. The business owner can then focus on the solution specific to that feature rather than spending on everything. But it is equally important to possess the knowledge of how the overall cyber tech world operates. With the correct information and solution at their disposal, MSME business owners can continue running their business operations without any cyber threats.
Digital First Magazine October - November 2021
43
LEADERS’S INSIGHTS
Why CFOs Need NextGen Intelligent Platforms to Manage Risk Mohan Ramaswamy, Founder & CEO, Rubix Data Sciences Pvt. Ltd.
Founder and CEO of Rubix, Mohan Ramaswamy has an overall experience of 22+ years, working with leading MNCs. Prior to setting up Rubix, Mohan headed the LexisNexis business for India and South Asia, transforming the company into one of the most respected brands in the Indian Legal Information world. He drove organic and inorganic growth at LexisNexis and also executed several prestigious projects, including with the Prime Minister’s Office (PMO).
First Magazine 44 Digital October - November 2021
An organisation’s sustainability, strength, and growth are heavily dependent on its CFO’s vision and direction
C
hange is the only constant, but in the era of technology, its pace is exponential. Finance teams in most companies realise that they need to keep up with the technology and tools driving change in modern businesses; Chief Financial Officers (CFOs) need to personify this agility. Now, more than ever, in post-pandemic times, businesses need finance leaders who can leverage technology to manage emerging risks. Modern-day CFOs are required to plan for and forecast future financial performance in a rapidly changing environment. These forecasts can no longer be based on traditional tools that primarily relied on past performance as indicators of future growth. Future projections of company
performance require a dynamic assessment of the risk environment, such as those associated with geopolitics, global supply chains, climate change, compliance, and technological disruption. Operational risks emanating from processes, personnel, logistics, IT and cybersecurity, and unforeseen disasters also need to be managed on a day-to-day basis. Therefore, simply relying on spreadsheets and email chains no longer works. Fortunately, CFOs have an arsenal of technological tools to handle the increasing demands that the business places on them. Next-gen intelligent platforms leverage Data, Artificial Intelligence, Machine Learning, Cloud Computing, and Analytics to help CFOs identify, model, simulate, report, mitigate risks, and prevent fraud. These tools enable companies
Digital First Magazine October - November 2021
45
to avoid financial losses and grow in a sustainable and compliant manner. Let us take a look at how these technology platforms can help mitigate risks that companies and financial institutions face: Dynamic, Data-driven Risk Identification and Reporting Though it has become cliché to say that data is the new oil, it is an absolute reality of modern business. It is not enough to manually process data through static excel sheets and prepare fortnightly or monthly risk reports. Risk Reporting is now a near real-time function, requiring on-the-fly data gathering and analysis from line functions, staff functions, contractors, and departments on-premise as well as remote sites. Work-flow tools embedded in next-gen risk platforms allow teams to collaborate in real-time, break silos, and share data instantly. These, in turn, help identify and monitor nascent or emerging risks and facilitates early action by CFOs to minimise such risks. Risk Modelling and Simulation: Banks and financial institutions model risk at scale on huge volumes of data through Risk simulations. They analyse portfolios by simulating a variety of risks and forecast the projected losses that would occur in different scenarios. The risks they cover include Credit Risk, Market Risk, Liquidity Risk, and Operational Risk, amongst others. Such Risk Modelling helps CFOs of banks to determine capital requirements under different risk scenarios. In fact, banks and financial institutions are required to undertake Risk Modelling as per Basel II regulations to meet formal capital adequacy guidelines. In the past, a large portion of the risk analysis was done qualitatively, but with the availability of powerful computing platforms, quantitative risk analysis can be carried out easily and accurately. Compliance Risk Assessment Today’s Risk Platforms use robotic process automation to trawl through large amounts of structured and unstructured data (including social media) and global statutory databases to find red flags about counterparties (customers, distributors, suppliers, etc.) and key individuals. Some significant elements about which these platforms gather data include Anti-Money Laundering (AML), Politically Exposed Persons (PEP), and International Sanctions Lists, such as OFAC and International Police (Interpol)
First Magazine 46 Digital October - November 2021
notices. If a positive match is found in such databases, the transaction is held in abeyance and the counterparty is flagged for further due diligence by the compliance team of the company, bank, or financial institution. Fraud and Identity Checks Identity theft is a serious problem. Risk Platforms incorporate Fraud and Identity Solutions, which carry out accurate Know-Your-Customer (KYC) checks on counterparties. These platforms verify identity using Application Programming Interfaces (APIs) that instantly run checks on national identity, taxation, and company registration databases. If there is no accurate match with the individual identity or company registration data, the counterpart could be fraudulent and is therefore red-flagged. Risk Scoring and Automated Credit Limit Setting Risk Platforms have scoring models that attach a Risk score to individual counterparties based on several financial and non-financial factors (identity, statutory compliance, litigation, management, age of the company, financial performance, employee and customer scores, etc.). Credit Limit setting is often a contentious exercise in companies. Sales teams want higher credit to be provided to customers whereas financial controllers tend to be cautious in terms of deciding credit limits and terms. Credit limits depend on the overall risk score of a counterparty and also on its payment track record as captured on the platform. Once the Credit Limit Setting model is agreed upon by the finance and sales teams, it is deployed on the risk management platform. These models can be customised for industry type, geography, the legal constitution of counterparties, or other variables. There is now an objective, automated model for credit-limit setting and approval; if a salesperson wants a higher limit for a customer, an exceptional approval needs to be obtained from the finance team, which can do so after evaluating the risks involved. The customer’s credit limit is also automatically monitored on the platform and based on their payment behaviour and changes in the external risk environment, the credit limit can be enhanced or reduced. In conclusion, an organisation’s sustainability, strength, and growth are heavily dependent on its CFO’s vision and direction. CFOs need the help of Next-Gen Risk Management platforms not only to help them identify, mitigate, and monitor risks but also to provide data-driven insights for growing the business.
91
Higher Education Digest Digital First Magazine October 2020 October - November 2021
47
IN MY
VIEW
The Coming of Age of Cyber Securities & What does the Future have in Store Navdeep Gill, Founder, XenonStack
The Age of Cyber Security Serious Threats posed to businesses around the world have started to be taken up seriously by executives. However, a holistic strategy that would help them understand and address threats posed by the new age is missing. We will talk about an approach to protect companies from growing threats in the Age of Cyber Security. New Posture For Cyber Security For Global Companies that are deeply connected to internal and external systems, Establishing the security posture is a step-by-step process. It starts with Prioritising assets and risks by criticality. Needless implementation of controls across all assets is the reason for cybersecurity waste and productivity loss. Different assets need different controls. The more critical the asset, the stronger the control should be. Examples of strong controls include two-factor authentication and background checks of employees who have access to critical assets. To be effective, though, the firm needs a company-wide governance structure built on a strong cyber risk culture. Governance of IT, OT, the IoT, and products should be consolidated into one
First Magazine 48 Digital October - November 2021
Anticipating attacks before they occur is part of this strategy
NAVDEEP GILL
Navdeep Gill, Founder & CEO - XenonStack. XenonStack one of the fastest-growing technology consulting and services companies that futurify businesses leveraging cloud-native and AI to deliver data-centric experiences. It started from April 2012 with a vision towards Cloud and Real time Analytics. Initially , Brand Name with Arcadian technocrats and Started giving awareness around Cloud , Big Data and AI.
Digital First Magazine October - November 2021
49
operating model. The entire business system should be covered, including the third party. Active Defense Strategy “Attackers have to be right only once and defense has to be right all the time.” The active defense strategy is derived from the military defense strategy of combating attacks from a fluid ecosystem where an attack can come from anywhere in any form. It is a very heavy data-centric intelligence intensive strategy of having threat intelligence and analytics functions in the security team. This monitoring-intensive system is often costly to build and operate. However, the costs can be significantly reduced by applying the data-sharing model and getting threat sources from common and shared feeds across enterprises. Anticipating attacks before they occur is part of this strategy. Its the core pillar of this strategy where Cyber Experts work in sync with Threat Intelligence and Analytics functions. Active Defense strategy also involves methods to invite attackers to attack their servers, intentionally created as decoy servers to gain further intelligence about the attacker’s approach and learn from it. Starting an Active Defense Strategy in your organization involves heavy investment and willingness to rethink traditional working practices and adapt. Developing your Security Strategy towards Cloud-Centric Depending on the usage of Public Cloud(s) in your enterprise, the security posture changes significantly. Cloud Service Providers (CSPs) have their security posture for the core services they provide, and your Security Strategy must work in tandem with theirs. It may require redesigning your Security Posture completely. The changes in security posture involve changes not only in processes but also in introducing new roles for specific functions needed in maintaining Cloud Security Posture. Rather than having a piecemeal approach for Cloud in your organization’s security posture, It’s important to create a Cloud Security Policies according to Technology architecture your teams to define Security Parameters, Application’s Architecture for Cloud to have DevSecOps and Continuous everything DevSecOps and Continuous everything is like two sides of a coin. To bring continuity to security software
First Magazine 50 Digital October - November 2021
deliverables, DevsecOps and Continuous everything works hand in hand. Security vulnerabilities can exist in OSS (open source software) libraries that we import just as much as in the code we write. Manual code reviews don’t scale as Tons of developers are programming every day; the real power of DevSecOps lies. Continuous delivery pipelines are implementations of the continuous everything paradigm and help validate every commit our teams make. Integrate automated security checks with the pipeline to give you early warnings and monitor escaped security vulnerabilities relentlessly. As you scale, Integrated continuous security approaches also scale. The role of DevOps in your Cloud Security has a vital role. The application delivery pipelines must enforce the standardized way of deploying and managing applications on the Cloud. Adopting DevSecOps enables organizations to have a culture in which security is a key element of every software project and a feature of every developer’s work. IAM for MultiCloud Each CSP has its own IAM framework. Suppose your enterprise’s strategy is to have MultiCloud or Hybrid Cloud during the transition period. In that case, Choosing the IAM framework has a crucial role. Enterprises that use their Identity Management system on-premises need to work with CSPs to integrate them properly. This enables them to integrate their framework and CSP’s IAM in multiple public-cloud environments scenarios. Platform Convergence (SIEM/SOAR/UEBA)Accelerating Detection, Investigation and Response Most of the enterprises going on Cloud rely on their existing SIEM tools for monitoring cloud apps. It enables them to have a single tool for monitoring. However, traditional SIEMs do not offer capabilities to monitor Public Clouds effectively. It’s essential to work with your CSP to define a solution that can integrate with your SIEM and provide the feed of events and monitoring to the existing SIEM, or it’s recommended to choose a new Cloud-centric SIEM and integrate your existing On-Premise feeds with it. SOAR is the next-gen SIEM With Features • Advanced Analytics and Forensic Analysis — Threat identification with behavioral analysis based on machine learning, dynamically grouping peers and
entities to identify suspicious individuals, and lateral movement detection. • Data Exploration, Reporting, and Retention — Unlimited log data retention with flat pricing, leveraging modern data lake technology, with contextaware log parsing helps security analysts quickly find what they need. • Threat Hunting — Empowering analysts to dynamically seek out threats using a point-and-click threat hunting interface, making it possible to build rules and requests using natural language with no SQL or NLP processing. • Incident Response and SOC Automation — A unified approach to incident response, gathering data from various devices, and coordinating a response to diverse types of incidents via security playbooks.
Needless implementation of controls across all assets is the reason for cybersecurity waste and productivity loss
Continuous Security - Automating Security Operations In real time, configuring, enforcing, and monitoring security posture and compliance controls. Proactively identifying and resolving issues is Continuous Security. It promotes visibility and accountability of the network activities, especially suspicious network activities, that may mean a security breach and reducing the risk of cyber-attacks with early warning systems (EWS). Cultivate a Security mindset across the organization and Innovating With Open and Interoperable Cybersecurity Cultivating the mindset to learn from security lapses worldwide and being prepared for it starts with a strategy and ends with its successful implementation. However, the journey involves redefining your processes, hiring and developing new roles, and training your development, infrastructure, and operations team to respond to the threats proactively. Two important areas that will become more common in the next generation of SIEM are the continuing use of behavioral-based analytics across users, devices, networks, apps, and cloud environments, as well as the need for more cohesive workflows enabled by more seamless integrations. The evolution of SIEM and Threat Management as a scalable, open security platform that allows security orchestration and automation across people and devices while utilizing sophisticated analytics and AI to offer prioritized, contextual results will fuel the future.
Digital First Magazine October - November 2021
51
EXPERT OPINION
How to Insulate Small Businesses from Cyber Threats Ram Bandreddi, Kunal Kislay, Co-founder and CEO of Vice President Global Pre-Sales Lead & Integration Wizards Solutions Products (Cybersecurity), Cotelligent
I
n the aftermath of the Covid-19 pandemic, small and mediumsized businesses (SMBs) were perhaps, the hardest hit of all businesses. One of the most challenging enterprises in life is starting a small business and seeing it through all its birthing pains to a successful eventuality. Keeping a business on track requires leaders to take on a multitude of roles – from hiring and growth management to IT and compliance administration. For small businesses, the internet is a double-edged sword. On one hand, the internet provides a multitude of avenues for small businesses to carve out a place for themselves in the marketplace. However, this dependency on the internet can also make small businesses vulnerable to threats. I have consulted and advised a multitude of startups and growing SMBs through my career, and have a profound appreciation of how bootstrapped businesses prioritize resources. One of the things that may fall through the cracks is investing in a strong cybersecurity infrastructure. However, SMBs have never been more vulnerable to cyberattacks. How vulnerable are SMBs to cyberattacks? Work from home conditions came with a multitude of security vulnerabilities that were never a concern in the pre-pandemic world.
First Magazine 52 Digital October - November 2021
Ram Bandreddi is a Cybersecurity evangelist with 20+ years in the cybersecurity industry. Ram brings in Entrepreneurial experience with Technical Operations Leadership, Focused on building, managing pre-sales & post-sales engineering teams in Infrastructure & CyberSecurity market. Leadership experience includes responsibility for organizations in EMEA, APJ & the Americas. Ram was the Founder of Gradiant Technology, a successful perimeter security software company. After Gradiant Technology Ram built and spear-headed Technical Operations teams at multiple start-up’s including Verdasys, Terramark where he has worked as a catalyst in bringing the required investments and developments for organizations.
Digital First Magazine October - November 2021
53
Although most of the eye-catching headlines regarding data breaches and cyberattacks usually pertain to big corporations and well-known multinational brands, the reality is that SMBs are more vulnerable to hackers than most large organizations. According to a recent survey, over 40 percent of SMB owners admitted to not providing employees with any cybersecurity awareness training pertaining to handling WFH-related cyberthreats. According to experts, over 50 percent of SMBs do not have any in-house cybersecurity experts. The Ponemon Institute discovered state in their 2019 report that over 60 percent of SMBs experienced had a data breach, while 53 percent of SMBs reported having no oversight into their employees’ password practices. What damages can a cyberattack cause to SMBs? A single data breach or ransomware attack can lead to devastating financial and reputational damage for an SMB. From the loss of business and trust to potential fines and lawsuits – the list of consequences can be exhaustive. A recent report found that 60 percent of SMBs that was hit by a cyberattack were forced to close shop within six months of the attack. Yet another report stated that the average cost of a cyberattack to a small business before the pandemic was around $150,000. However, this cost is only likely to have multiplied as a result of the pandemic. Top 5 Things SMBs Can Do to Keep Safe from Hackers Cybercriminals have grown bolder and more creative over the past few years. From covid-related scams to repeated ransomware attacks – hackers are using every trick in their arsenal to make a quick buck. SMBs can avoid falling victim to cyberattacks by taking a few significant steps. 1. Start with a strong Identity Management and Governance program: It is imperative to start with a solid Identity security foundation to secure the company from the ground-up and the inside-out. Start with ensuring strong password management practices are in place, especially in these remote working times. Employees and their strong password management practices are the first line of defense against hackers. To address the rising mobile workforce and digital customers, look to strengthen and improve user experience with the implementation of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) based solutions. 2. Educate employees: Employees must be regularly educated about how to identify and respond to potential threats. The first nugget of knowledge must pertain to strong password management practices. In the age of remote working, employees and their strong password management
First Magazine 54 Digital October - November 2021
practices are the first line of defense against hackers. However, password management is just the first step. SMBs must also ensure that their employees routinely participate in cybersecurity awareness training programs. These programs educate employees about phishing, malware, ransomware, and other forms of cyberattacks. The training programs also help employees to spot malicious phishing emails, which are one of the most common infiltration methods used by hackers. Additionally, employees are also trained on how to appropriately respond during a security incident. 3. Upgrade legacy systems: All the safe password practices in the world cannot keep your entity safe if your hardware and software systems are vulnerable. It is essential for any business to rigorously update its systems, to stay safe from attacks. In some cases, small businesses run legacy systems as a way to cut costs. However, these legacy systems are prime targets for hackers. Adopting cloud data and security solutions in the age of remote working is essential. Cloud security solutions are designed to ensure that all your data and applications are stored securely and are accessible only to authorized personnel. In addition to working as a backup, this also strengthens your security by leveraging cloudbased data recovery solutions. 4. Zero trust architecture: To further future proof, SMBs can adopt a zero-trust framework to strengthen security. Zero-trust is a strategic framework and one of the most effective ways of ensuring that access to proprietary data and applications is limited to only authorized personnel. It relies on identity verification and ensures that an organization’s information is protected even when users attempt to access it via multiple devices or multiple locations. This helps minimize the possibility of unauthorized infiltration and contains breaches. 5. Incident response plan: A disaster recovery plan can be invaluable to SMBs in the event of an attack – it saves time and resources when dealing with threat actors. An effective incident response plan focuses on incidents. lifecycle management and ensures that the affected business can conduct a structured investigation into a security incident. In Summary Given the magnitude of losses that a cyberattack can cause to an SMB, cybersecurity can no longer be considered an add-on solution nor priority just for the IT department. Instead, SMB operators should incorporate cybersecurity into their everyday business operations and proactively invest in strengthening their cybersecurity infrastructure.
7
Digital First Magazine Higher Education Digest October - November 2021 October 2020
55
LEADERS’S INSIGHTS
Importance of Cybersecurity in the HealthTech Sector Pankit Desai, Co-founder & CEO, Sequretek
Pankit, a veteran of IT industry, brings 20+ years of hardcore technology and leadership experience from the information technology industry to lead Sequretek. Prior to Sequretek, he was with Rolta as the President of Business Operations. He has also served in senior leadership capacity with NTT Data Inc, Intelligroup, Wipro and IBM India. His vast experience has given him the ability to manage and scale global business units and service lines rapidly and efficiently.
First Magazine 56 Digital October - November 2021
Technology consumption in the healthcare segment has been slow
T
he past several months have tested humanity in more ways than one. Citizens, corporations, and governments all have had to re-invent their routines while minimizing disruptions. No other segment, however, has been more impacted than healthcare. From being on the frontlines of this war to adopting technology at an unprecedented speed and level, they have shown exceptional adaptability. There is no doubt that this transformation played an essential role in reducing the health impact of the pandemic. What constitutes healthcare The word “Healthcare” is pretty broad and sometimes gets interchangeably used with
“Health care.” While the first defines the industry that creates an ecosystem that focuses on and facilitates human well-being, the latter is targeted to an individual, like taking care of a patient or offering treatment. The major constituents of the “Healthcare” industry, therefore, will be the triumvirate of “3Ps”: • “Patient,” a consumer of the service offered by the industry • “Provider” includes Caregivers – hospitals, doctors, nurses, support staff; Manufacturers – pharma companies, medical devices; Service providers – pharmacies, laboratories, research, clinical trials • “Payer” comprises of Insurance companies – who become the aggregator of financial risk;
Digital First Magazine October - November 2021
57
Governments – who step in as backstop to the sector; Corporates – who look to offer coverage as part of employee benefits The above is not an exhaustive list but a representative picture of the entire healthcare ecosystem. Healthcare to Healthtech Harold Wolf, President, and CEO of Health Information and Management Systems Society while sharing his thoughts around innovation and technology at the “Future of Med 2020” conference mentioned “Digital health and health tech tools and capabilities have long been recognized as providing credible support for most of these challenges. With the pandemic and the advanced tools today, they’ve really put the spotlight on the capabilities and the opportunities for digital health.” Traditionally, technology consumption in the healthcare segment has been slow, barring a few exceptions. However, in the recent past, each of the “3Ps” has been forced to embrace tech like never before. For “Patients,” it has meant interacting and getting treated using video calls, WhatsApp. The physical touchpoints have been reduced only to extreme cases. While the “Providers” have had to innovate the most with taking in technologies that offered easy access, contact tracking and tracing, logistics of distribution, redefined and distributed supply chain, new vaccines, and drugs to repurposing existing ones for treatment. Technologies like IoT, Industry 4.0, genomics, mRNA found a firmer footing in the ecosystem. The “Payers” on the other hand, as per a recent McKinsey report, were also forced to rethink financial guarantees, streamline their pre authorization processes, and restructure their contracts, including new value-based payment arrangements, all as efforts to help support providers during the challenges of COVID-19 disruptions Can cyber risks be far behind Almost on cue that the COVID-19 virus started impacting the world, another virus, albeit the computer one, began holding the healthcare world hostage. According to Ponemon, Healthcare has the highest cost of a data breach at $7.1 Million per breach (10% increase over 2019), while Tenable suggests healthcare was the most hit segment in 2020.
First Magazine 58 Digital October - November 2021
The reality of “Healthcare” being “HealthTech” is already onto us
Why the attacks? The rapidity and the magnitude of the transformation, enabled by a close alignment between business needs and technology drivers, have resulted in several unintended challenges, the key to the increased cybersecurity risk for all the 3Ps. As per Ponemon 2020 report, 50% of the breaches were linked to malware attacks in the healthcare segment, and the balance split almost evenly between poorly configured systems and human errors. The healthcare industry spends an average 4% of their IT budget on security against 15% in the financial services (2021 Security report by Herjavec Group) results in less than a quarter deploying security automation, making them an easier target. Beyond the specific to the sector issues, other pandemic specific dynamics have crept in for the Providers and the Payers; • Interchangeable use of assets for professional and personal purposes making it easier for attackers • Inadequate testing of newly transformed digital processes for remote access creates loopholes • Difficulty in enforcing corporate security policies around patching, malware detection, and secure networks As far as the challenges for individuals (Patients) are concerned, they stem from the fact that; Most of the individuals consuming the technology online are digital novices like kids, senior citizens, and homemakers. General lack of security awareness in this segment potentially exposes them to social engineering attackers A lot of personal information is now getting shared on public platforms (though encrypted) like WhatsApp. There isn’t much accountability on how and where this data will end up. What are the steps companies and individuals can take? In this always-on world, a permanent vigil is an essential element of staying ahead of cybersecurity threats. It starts with a change in mindset where all the constituents, i.e., users, implementers, and securers of technology, shoulder their responsibility to ensure that there are no loopholes for someone to exploit. Social engineering is the most effective attack vector that targets the users, especially the digital novices. We all have traveled enough time through the
airports. We have heard this constant announcement on PA systems “if you find any unidentified or suspicious object at the airport, it needs to be reported to the security staff.” This one statement has stopped more bomb attacks than all other security measures put together. Much the same way, there is a need to bring awareness and curb our Curiosity, Hubris, Apathy, and Ignorance instincts, which the attackers use to carry out social engineering attacks. Most technology implementers lack an understanding of security best practices and hygiene; this coupled with time pressure results in poorly designed, coded, and tested technology projects. It’s during subsequent audits or a breach that one realizes the loopholes that got left out. Organizations need to incorporate security practices as part of the gating criteria as part of the design and project go-live. Security professionals have an unenviable job of being the last line of defense, with their budgets viewed more as a cost line item than a risk premium. They need to understand and talk business context; this will allow the organization to make decisions that align with the risks they face. As per a recent report by Fire Eye, 35% of the company’s security products have overlapping features, and 80% of the products are misconfigured, leading to gaps in cyber defense. Therefore, it is essential for security professionals not to get caught up in the three-letter acronym products and their feature sets. They need to look at what exists in their environment, ensure it is appropriately implemented, follow it up with a proper monitoring and response mechanism before looking at additional investments. In summary The reality of “Healthcare” being “Health-Tech” is already onto us, and the pace set during the past few months will only accelerate, resulting in an increased security risk. While several countries have woken up to this threat and legislated compliance controls, some laggards still exist in the race. A combination of increased technology consumption, leading to higher security risk and therefore onerous compliance, creates a vicious cycle. For the stakeholders, this means that unless they take proactive steps to build the security framework as part of their dayto-day operations, it may be too high a barrier to overcome.
Digital First Magazine October - November 2021
59
IN MY
VIEW
Need for digital payments players to upgrade their Systems Niranjan Upadhye, General Manager, Fraud Risk Management division, Worldline India
A
s the pace of digital payments is picking up in India, we keep learning about the instances of intrusions, cyber-attacksand other such malicious acts that Merchants & Service Providers are targeted with. Transactional Frauds targeting the cardholding or banking Customers keep happening, either through misuse of their account data or access credentials, wherever the same gets exposed in the clear or gets teased out of the banking customer through different methodologies deployed by Fraudsters (Vishing/Smishing/Phishing, Person-in-The-Middle attacks, Malware implantation on their mobile devices etc) . Corporations and businesses are worried about the so-called ransomware attacks that can bring their operations to a grinding halt. From the Consumer standpoint, the failures and declines of their transactions despite usage of correct authentication credentials at the point of purchase also remains a pain point, when all they are expecting is a smooth & friction-free transactional experience. It is a multi-pronged problem, when on the one hand the digital payment ecosystem players, the regulatory authorities and the government on their part are creating awareness and adopting
First Magazine 60 Digital October - November 2021
A network or an ecosystem that will be able to take the load of the ever-increasing volumes of online payments is the obvious answer
NIRANJAN UPADHYE
Niranjan Upadhye has over two decades of experience in banking and payment companies like NeoCredit, Axis Bank and HSBC and will now take charge to further strengthen the Fraud Risk Management team at Worldline. An expert in the domain of risk and fraud management, Niranjan also liaises with regulatory bodies & industry partners to ensure that the company meets the latest security and compliance standards, risk exposure is minimal and the integrity of the payments ecosystem remains unharmed. Over the years, Niranjan has been an active member of the India Payment Risk Council and has been witness to the Security & Fraud Control challenges that the payment cards industry faces. Niranjan has been involved keenly in acceptance &infrastructure development, merchant &law enforcement training and judiciary training all over India.
Digital First Magazine October - November 2021
61
ways to prevent frauds and are trying to even out the bumps in the transaction process , but on the other hand, the bad actors are targeting any weak link in the entire ecosystem – using methodologies & selecting their toolsets carefully to exploit any weakness. Again, ecosystem players like banks, processors, merchants & businesses do not want to lose out on volumes and have customers abandon their transactions. A network or an ecosystem that will be able to take the load of the ever-increasing volumes of online payments is the obvious answer, but the challenge remains the infrastructural investments to ensure that scalability. Again, the challenge remains that of the socalled pipeline constrictions. It is no use one or some parts of the ecosystem scaling up to meet the increased volume or spurt of transactions (peak demands) , unless the whole ecosystem is expanding to be robust and agile enough to synchronously handle the increased traffic of transactions or the peak volumes that can happen during the week-ends or around festivals and events. Customers hate too many intrusive transactional validations done by the banks & service providers who admittedly do it only when the transactions appear to be out-of-pattern or outright risky. As regards the repeated failures of transactions, one oft-missed point is that of a transaction being tried continuously by the same customer multiple times, because their initial transactions has failed. This burdens the system. A simple way to ensure a customer is not inadvertently entering an incorrect 16-digit card number on the payment gateway page, is to ensure building of a small check called the Luhn Algorithm for that field and warn the customer to check and correct the card number input, if wrong. In these days of Multi-Factor Authentication (MFA), usually, it is the Consumers themselves who input wrong authentication credentials that they need to remember. The classic two-factor authentication approach involves two things: What you have (e.g. Card details), and what you know (e.g. the Authentication Password). This password could be static or dynamic. In case of adynamic password such as an SMS OTP, the dependency is extrinsic—that on the mobile carrier network. These OTPs are typically on the bottom priority in their transmission hierarchy, and often consumers receive these late by which time the transaction times out. Again, if you have no mobile or Wi-Fi network coverage, you will not receive the SMS
First Magazine 62 Digital October - November 2021
OTP or even Email OTP. Thus, typically happens when you are travelling abroad, and may not have access to your Home Country Carrier Network (unless you have opted for the costly International roaming), so the SMSbased incoming OTP sent to your Registered Mobile Number (RMN) is not available to you. There are other ways of authentication such as through hardware keyfob sized tokens or mobile authenticators, but these being somewhat pricier options, most consumers do not opt for the same. Another strategy that can curtail transaction failures and reduce friction in payments is the usage of person-specific authentication as part of the 2FA approach. This takes into account “who you are”, instead of “what you know”. Examples of such authentication is the biometric such as a fingerprint or facial recognition that you use to unlock your mobile device or laptop. The key from a banker’s or a service provider’s perspective to ensure the least friction and the most successful yet safe transactions is to have risk-based authentication. This considers contextual or behavioral analysis of a series of risk indicators including your device attributes, geolocation or user behavior or even the value of the transaction in question. If beyond a permissible or acceptable score that separates the “normal” transaction for a consumer from an “apparently abnormal” one, then “Step-Up Authentication” gets triggered for the said transaction. To prevent their systems getting “frozen” or lockedout by malicious actors through implantation of malware or “ransomware” that can shut-down critical systems or encrypt/wipe out important data unless a huge ransom is paid out to them, systems and security administrators need to define a Standard Operating Procedure about who has access to critical systems, and how these are updated/maintained. Sufficient firewalls, and Network Intrusion Prevention protocols must be built. Alerts and response mechanism should be defined, and adequate back-up and redundancy plans must be in place, so that even if some component of the network is impacted, the same gets isolated and a redundant/back-up system ensures that the transaction success and customer experience do not get impacted. Conditional access and threat-aware authentication should be an integral part of the network & system architecture / infrastructure of any business or organization. This eliminates threats such as data breaches and system infectionsposed by both insiders and external malicious actors.
Powerful protection designed for PC gamers
NORTONLIFELOCK.COM Digital First Magazine October - November 2021
63
EXPERT OPINION
Hybrid Technology and the Inclination Towards Cyber Security Rushikesh Jadhav, Kunal Kislay, Co-founder and CEO of Chief Technology Officer, Integration Wizards Solutions ESDS Software Solution Limited
T
he cloud computing solution helps businesses shift the workload to the cloud which allows them to have a more flexible structure. This helps businesses function smoothly, coordinate better and make tasks manageable. With the growing business and demands cloud adaption has further evolved into 3 different types as Public, Private and Hybrid Cloud. As per a company’s requirement, IT professionals or decisionmakers accordingly select a cloud solution that suits them best for their data environment. The hybrid Cloud solution has become the go-to choice of majority businesses, it offers them the flexibility and security of both the public and private clouds. The hybrid cloud witnessed the majority investment as compared to the public and private cloud model during the pandemic., it is a combination of private and public cloud offerings. As businesses have digitized, the risk of losing important data or funds can become a major concern because of cyber threats. Companies must plan measures and actions to be taken in case of a cyber or malware attack. Developing a solid cybersecurity program with the help of proven tools and applications to ensure the safety of data is also seen as a challenge for IT leaders.
First Magazine 64 Digital October - November 2021
Rushikesh joined ESDS in the year 2009. He holds a master’s degree in Engineering from the University of Pune. He has over 12 years of experience in the field of technology. Rushikesh is passionate about the cloud and automation industry, he loves to stay in the forefront and explore more in the cloud technology.
Digital First Magazine October - November 2021
65
Hybrid Model – Best of both Worlds A hybrid cloud model provides a combination of private and public cloud services. It is a composition of a public cloud and a private environment, such as a private cloud or on-premises resources, that remain distinct entities but are bound together, offering. A hybrid model works in such a way that it can be categorized as neither a private, public nor any community cloud service solution. In order to broaden the capacity and the effectiveness of a cloud service, by integration, customization or quantity with another cloud service provider. Another primary benefit of a hybrid cloud solution is the agility factor it brings with it. Developed and driven particularly for a targeted group or a selected set of audiences, community clouds are a form of private clouds. The Community Cloud Service ensures compatibility among each of its users, allowing them to modify properties according to their individual use cases. Allowing firms to help and interact with remote employees and support them with the use of multiple devices is another feature of the community cloud. This interaction can be done via a smartphone or a tablet as well. Which makes this type of cloud solution more flexible to the users’ demands. To avail the advantages of the hybrid cloud services, Indian firms have started embracing this technology which offers the benefits of both private and public cloud services. The rising use of hybrid clouds is likely to boost the Indian economy as its adoption is benefiting the organizations, becoming more flexible and straightforward with enhanced data security. Challenges and Outcomes While hybrid cloud solution has ample benefits to working with but coherently ensuring its value for the business is a challenge. Hybrid cloud environment structures are complex to be understood and used. When migrating data and applications certain policies and configurations must be standardized correctly to establish security. For organizations that have a larger chunk of data to be managed, a hybrid cloud solution helps them segregate by storing the most crucial data on a private cloud while the non-essential data on a public cloud. This strategy helps in better performance when dealing with massive data. Safety Regulation Compliance The data transports between private and public cloud networks in a hybrid cloud system. In this transaction from a private secure cloud to a less secure public cloud, data safety becomes a threat. Sectors like Banking and Finance, Healthcare or government institutions typically obtain,
First Magazine 66 Digital October - November 2021
maintain and process a large amount of data that may be personal and highly confidential. Organizations have to ensure meeting security norms as per the GDPR regulatory requirements for maximum security of such data. In order to steer clear of interception and alteration in the data motion, encrypting the network session ensures the safety of the data in motion. More Control New Technologies and platforms adopted by companies may give more control of the data and its accessibility for further analytics. Companies can streamline the permissions in place for managing the data securely. Allowing controlled and only necessary access of data and resources to users and applications can prevent cyber threats or unauthorized access. To avoid the lack of data visibility and gain more streamlined control of the data, companies should have a smooth and transparent infrastructure in place with the right tools. Investing and Planning Cyber security incidents can leave a drastic effect on the business and the affected parties. Organizations may be required to invest in tools and anti-virus applications to avoid falling prey to attackers and hackers. Investments in the terms of money as well as human resources to develop a full-proof strategy in case of malware or cyberattack. Having a legitimate plan of action which involves a detailed process and people to be involved in a place to tackle and recover the data during an emergency. Back-up and Recovery of data is a key priority in the event of cyber threats. Having a safe backup and recovery strategy can show the preparedness of a firm and can prove reliability to customers and investors as well. Conclusion A key aspect for any organization is to build a strong foundation for its cyber-security. It begins right from alerting and training employees and leadership teams about such threats to setting a robust plan of action to take care of the aftermath and preventing more damage. While a hybrid cloud provides security and control but to use it at its potential is to enhance it with in-house technologies and infrastructure. Irrespective of the cloud solution technology securing the data is the key goal. Partnering with an experienced and local cloud service provider or data center provider is the key to any business smooth function. Though there are challenges in the hybrid cloud a knowledgeable cloud service provider can create an impact.
Digital First Magazine October - November 2021
67
LEADERS’S INSIGHTS
Cyber Security: The Need of Revamping the Current Cybersecurity Policies and Norms in India Piyush Somani, Founder, CMD & CEO, ESDS Software Solution Pvt. Ltd.
Piyush Somani is the founder and CEO of ESDS software Solution Pvt Ltd. As a first generation entrepreneur, he started ESDS in 2005 and has served various roles at the company. With over 15 years of expertise in the data center & cloud solution industry, Piyush is recognized in the IT industry for his exceptional ability to build and grow business and long-term relationships. He has been instrumental in taking ESDS to new heights and the company already has a robust set of 40,000 customer base, hosting over 3 million digital assets. He is also the chief architect of the patented products such as eNlight Cloud. eMagic Data Center Management Suit and VTMScan. It’s with his vision and expertise that ESDS has transformed into a major Cloud service provider in India and has expanding in 16 countries. Piyush holds an engineering degree from the ‘University of Pune’ in Electronics and is passionate about technology.
First Magazine 68 Digital October - November 2021
Cybersecurity is a global concern, which like any facet of technology needs upgradation
C
yber Security has been at the forefront of deliberations in the digital ecosystem, be it in government circles or IT companies. The older Cybersecurity policies which primarily focused on building secure and resilient cyberspace for citizens, businesses and the government left a lot of grey areas in the making. In essence, it tried to craft a secure cyber ecosystem in the country with an assurance regulatory framework and establish a mechanism that can monitor and respond to threats. It was always playing catch-up with the new threats, data hacks, leaks, phishing attacks etc. While we tinkered and altered the policies with required changes over the past decade, there was a drastic sense of urgency for an overhaul
and re-structuring of the policy which became evident in recent times due to the pandemic and the way the world adopted remote working that exposed them to more vulnerability. The pandemic has been a nightmare for security agencies. With over four lakh pieces of malware found and 375 cyberattacks on daily basis, the pandemic has given birth to a hacker’s paradise. Several Indian companies which claimed to be secure in the past have seen data breaches. One of the highlights of the pandemic has been the compromised data of over 4.75 crore Indians found on dark web who were using the Truecaller app. While the company categorically denied any such breaches, this gives rise to an interesting food for thought -Do foreign IT companies have a huge hold on the Indian economy and its netizens? Are the current policies
Digital First Magazine October - November 2021
69
doing their best to ensure foreign IT companies are not overreaching and are accountable for their actions? The answer is not simple, however to benchmark the current laws and policies, let’s study another digital economy, China, for instance, the comparative study of China and Indian cybersecurity has revealed several gaps in the policymaking and enlightened the protection and imperialism motivations driving the regulatory systems in those economies. In China, the new Cybersecurity law is extremely stringent and places restrictions on foreign companies doing business in China and has the potential to discriminate against foreign technologies in favour of domestic industry. The 2013 National Cyber Security Policy of India has been at its best average to mediocre in 2013-2015. However, by 2015, the policy seemed to have turned into mere compilation of statements and objectives without any strong roadmap for implementation. The policies left a lot of concerns over niche digital players in the IT sector who had no accountability towards the citizens. In a bid to be a $5 trillion economy, India needs to identify and create a ‘cyber-secure nation’ and make the environment fertile for businesses, individuals, and foreign investors. It is ironic that even today government websites get hacked and security compromised. Imperative sectors such as energy and power, manufacturing, telecom and technology, Agri and agri-tech are the most vulnerable. It is commanding that the government encourages PPP (private-public partnership) to map the vulnerabilities and issues to fix them. Private Cybersecurity consultants, techies, Think Tanks, etc. are professionals in this space and can provide a detailed report on various security concerns that need to be fixed. One thing the government did implement was the advancement in The Indian Computer Emergency Response Team (CERT-In), which helped in lowering the rate of cyber-attacks on government networks. Additionally, the implementation of anti-phishing and cybersecurity awareness training across India’s government agencies has assisted government employees in fighting against cybercrimes.
Another concern area where cybercriminals have been capitalising is the MSME sector. MSMEs have been identified as the low hanging fruit to exploit by hackers and can be used to infiltrate larger corporations leveraging their connections. 2019 has seen a rampant attack on our MSMEs and their infrastructure. Every 1 out of 5 MSMEs has fallen victim to a ransomware attack, a phishing attack or a Trojan attack in last 1 year. The updated policy needs to safeguard the most vulnerable reaches of the industry, especially MSME’s and their interests. To incentivise private players to report cyber threats in an agile manner, the government needs to improvise its ability to protect Indian data from thefts and prove to Indian businesses that something meaningful and credible is being formulated and executed to allow their business continuity. Another area where there is an imminent need for a revamp is the new-age digital space such as social media, over-the-top (OTT) platforms and digital news. While a lot of new policies have been structured to safeguard these portals, there is still a lot of grey area on the implementation and functionality of the norms. Currently, India is greatly focused on protecting its critical infrastructure on health, education, end-user station, nuclear sector, etc., however, they too fall prey to numerous phishing attacks and ransomware. The most crucial aspect of drafting a new-age Cybersecurity policy has to be longevity and sustainability. If this pandemic has taught us anything, it’s to anticipate and be prepared for the unimaginable. Similarly, the newage cybersecurity laws need to account for all the aspects and anticipate newer technologies in the future and make provisions for them. To summarize, Cybersecurity is a global concern, which like any facet of technology needs up-gradation, research and constant updates. The need of the hour is a policy that focuses on India’s issue of safeguarding its netizens, safeguarding its essential and core industries, protecting its MSME’s and most importantly keeping an open mind about provisions on newer technologies and disruptions such as Cryptocurrency, AI, Machine Learning, Quantum Computing etc.
The most crucial aspect of drafting a new-age Cybersecurity policy has to be longevity and sustainability
First Magazine 70 Digital October - November 2021
53
Digital First Magazine Higher-Education October NovemberDigest 2021 October 2020
71
IN MY
VIEW
Cybersecurity is Critical for Sustainable Business Growth PV Vaidyanathan, Co-founder & CEO, ProcessIT Global
A
s we see today, large, medium and small businesses are predominantly driven by technology and automation. This phenomenon is observed across industry vertical, much beyond IT/ITeS companies. Digital transformation drives higher quality products, smoother, seamlessly connected supply-chain and enables faster go-to-market strategies and deeper business insights. It also delivers customised, superior quality products and services, higher throughput and improves customer experience significantly. Traditional, assumption-based business models are swiftly giving rise to data-driven ones in the fast growing digital economy. Organisations, today, are relying on new-age technology and tools that are constantly evolving. Remote working or working from home culture is followed for business continuity and sustainable growth. Such dynamic business environments demand the digital assets be secure all the time with authorized access given to relevant employees and partners. Digital assets are complex and evolving with complicated connections between IoT devices, cloud instances, servers and endpoints, making cyber-security a business challenge. Infact, the World Economic Forum’s ‘Global Risks Report 2021’ considers, ‘Cybersecurity failure’ among the top 5 risks, a large threat to business continuity and economic stability. The business sustainability is certainly threatened
First Magazine 72 Digital October - November 2021
Cyber-security is the new KPI for businesses today
PV VAIDYANATHAN
Popularly known as PV in the industry and as the CEO of ProcessIT Global, he is responsible for Business Development and Marketing functions at the orgnanisation. PV brings his vast experience and functional knowledge across various industry verticals to his role. Before this role here, PV was a Professional Consultant and IT Advisor for 7 years where he provided solutions on process and technology to leading business houses of India.
Digital First Magazine October - November 2021
73
by cyber-attackers and this is so evident that some organisations are even including ransom demands in account of ransomware attacks as part of their annual budget! Cybersecurity systems and processes have to be dynamic, proactive and robust to address threats that are more sophisticated, frequent and occur in large numbers, in the current complex technological landscape. ‘Cybersecurity first’ policy is no longer an option The modern work environment is getting more digital and mobile with increasing dependency on the internet and cloud technology, where cyber security is becoming critical. The economic slowdown and pandemic outbreak have further stressed the importance to proactively and quickly address cyber-attacks. For uninterrupted functioning of all business units leading to better outcomes, the IT and Network infrastructures have to be secure and available for easy access by employees. With enterprise networks getting more complex, covering larger area, the threat landscape exposed to cyber-crimes are also expanding. Yes, cybercrime economy is booming today! Malicious attempts are being made to restrict legitimate personnel to access organisation’s networks. Some common types of attacks include, DDoS attacks, rasomware, social engineering, phishing and more. These attacks are slowing down or even freezing business functions. There is an adverse impact on customer confidence and brand reputation, leading to revenue losses. Cybersecurity is not an after-thought anymore, if businesses have to grow then, they have to be resilient. Cyber-security is today earning itself the role of a critical business function, where security, network, infrastructure, application and business managers have to work in tandem for the effective implementation of a relevant security strategy and take “NO MORE SILOED APPROACH”. Gone are the days, when business leaders took cyber-security seriously only after an attack with only the CSO considering it a top priority, every day, 24X7. Today, it is crucial for business heads and digitalsecurity leaders to collaborate to improve the cybersecurity posture at their organisations. A robust cyber-security strategy – an imperative Protecting businesses and sustaining them translates into securing data, applications, operations, customers’ privacy and ensuring regulatory compliance. Based on the business risks and objectives, security teams have to configure and implement a strategy that succeeds in strengthening the cyber security landscape. The cyber-
First Magazine 74 Digital October - November 2021
security measures along with controls, tools, technologies and processes should be in-line with the business risks. Prior to implementing these measures, the existing security posture at the orgnaisation has to be assessed and recommendations on technology controls should be provided while maintaining the regulatory compliance. This should be followed by a cyber-security strategy that has to be designed and deployed across the enterprise. The deployment should aim to cover, Identity & Access Management, Governance Risk & Compliance, Endpoint Security, Data Security, Application Security, Security Incident and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), User and Entity Behaviour Analytics (UEBA). Enterprise Asset Management Solution has to be configured and implemented to deliver auto discovery of hardware and software assets along with license usage compliance as well. For Data Loss Prevention (DLP), a DLP solutions can be designed and deployed delivering visibility and protection across the enterprise. If required, a multi-locational disk-based backup with central monitoring and management platform can be architected and deployed with the implementation of multi-tier replication for Disaster recovery across multiple geographical sites. Policies have to be defined to manage the information lifecycle, from backup to archival, to achieve compliance and data protection. Defined Standard Operating Procedures and Best Practices on Support Management are to be followed for successful deployment of the Cyber-security strategy. Creating, implementing and permanently housing a cyber-security driven culture in the organisation is the responsibility of business and IT Leaders as well as all employees, irrespective of their roles and functions. As it is said, employees can be the weakest link for security, training them with the basic knowledge of cyber-security tools and technologies, is a good investment towards establishing the culture. Cyber-security is the new KPI for businesses today in addition to acting as a key differentiator as well. Understanding new business security gaps, improving security capabilities to effectively respond to online threats is vital to business growth. Cyber-attack mitigation should also be able to address advanced and evolving threats, besides be able to deliver ongoing protection. Enterprises that integrate cyber-security measures with every business function will be able to deliver greater customer experience, attract new customers and enjoy a larger market share, which is a result of having the competitive edge!
C
anberg
A Complete portfolio in Premium, Innovative, Functional and Ethical Range of Workwear, Uniforms, High Performance Clothing and Accessories Certificate of Excellence
Customised 360 degree solutions to meet your exact needs for Designing Development Manufacturing Logistics
10 Most Inspiring CXOS in Beauty and Fashion Industry in India
Sourcing Cost Negotiation Quality control
www.canberg.com
10 Most Promising Sourcing Companies 2021 Textile Manufacturing Business of the Year
info@canberg.com
Digital First Magazine +91 33October 4061 1086 - November 2021
75
EXPERT OPINION
Rethinking Cyber Security With DevSecOps Sandeep Rawat, Kunal Kislay, Co-founder and CEO of Co-Founder & CTO, Integration Wizards Solutions OpsTree Solutions & BuildPiper
A
s enterprises accelerate their migration to the cloud, the need to rethink cybersecurity gains increased importance. As we move forward, the cloud will no longer be just an alternative computing approach, rather it is set to become the de-facto model for organisations, to embrace modernisation and meet the rapidly evolving customer needs. The migration to the cloud with enhanced capabilities helps enterprises to improve their working environment, enhance cost optimization, agility and innovation. Enterprises have a huge responsibility to ensure the security of the software they use and the software they develop and sell. Security should be a ‘first class citizen’ and is expected to be omnipresent across all aspects of an organization’s software supply chain.Developers need to consider themselves as part of the solution and remain vigilant as a single lapse on their part can lead to cascading implications. When you build perimeter security, you are creating a strong defence but not limiting to that, security teams need to go on the offensive by building security into every aspect of application without slowing down innovation. An effective game plan should include all these elements
First Magazine 76 Digital October - November 2021
Sandeep Rawat has 18+ years of rich professional experience across enterprise application development and delivery. For the last 10 years Sandeep has been helping customers transform their technology platform with the Cloud & Devops expertise and has been instrumental in setting up/ streamlining the Cloud & devsecops roadmaps and transformation programs for multiple companies across the Startup & Fortune 500 landscape. Sandeep strongly believes in knowledge sharing and has guided his teams to make 100+ open source contributions that are often recognised and appreciated by industry leaders. He likes to share his knowledge through well read blogs and much sought after training.
Digital First Magazine October - November 2021
77
and should help developers, security teams and testers to collaborate better with each other to achieve the common goalIt is imperative to bake security into the software during the development process to prevent dangerous security vulnerabilities & breaches at a later stage. Developers and security teams need to be completely aligned from the software design stage to ensure that the software they build is secure in all aspects. Sometimes, in
Enterprises have a huge responsibility to ensure the security of the software they use
the rush to reduce the time to market, developers tend to prioritise speed and innovation while the security team is left fixing the vulnerabilities later, thus leading to a huge financial, brand exposure. The premise of DevSecOps is to embed security across every stage of software delivery, right from developer’s
First Magazine 78 Digital October - November 2021
workstation, to sandbox environments, to non production & production environments. Most research reports show that organisations that focus on security as part of the development process usually generate superior business outcomes compared to their peers. The basic problem arises because the mindset is to treat security issues reactively rather than proactively and while everyone understands the importance of security, yet it becomes an afterthought in an effort to meet the business demands of faster timelines. DevSecOps is enabling organisations to derive better value from the Continuous Integration/Continuous Deployment pipelines, based on the premise that security of the application and infrastructure must start at the beginning and many security activities can be automated wherever possible to reduce the risk of slowing down the workflow. It is about building security within the app and not as a peripheral. Earlier, enterprises had to depend on shifting and adopting approaches while reengineering cloud environments. However, today’s fast-paced environment needs organizations to react faster with flexible, resilient and agile solutions that require lower response time. Enterprises can achieve better business outcomes by combining teams of expert cloud and cybersecurity engineers in collaboration with cloud service vendors using a shared responsibility model.The team should ideally contain people with automation & platform engineering along with cybersecurity skills, that are needed to employ the DevSecOps approach. Functional requirements, data flows and work streams have to be considered to create a secure zone before migrating workloads to cloud.They need to secure operating models, network segments and landing zones. With DevSecOps, it becomes extremely easy to bring the security practices and procedures into the implementation mode on an immediate basis. This helps the system to identify security failures early and respond faster to them. The best way to transform your organization’s security posture, is by including security engineers in the development process from the start of the process. When you want to communicate change, it is best to include everyone so that you can have a collaborative team that understands the gravity of the situation and makes security the top priority. A single security breach can cause millions of dollars in damages and the cost by itself should be a sufficient deterrent that will ensure a more proactive approach to security. DevSecOps is the best way to integrate security into the process and ensure that the software is tested for security breaches at every stage which allows vulnerabilities to be fixed before further damage is done.
Want to Sell or find Investor for your Business?
Digital First Magazine October - November 2021
79
LEADERS’S INSIGHTS
India, The New
Cybersecurity Hub? Ravi Purohit, VP & Head, India Operations, ColorTokens
Ravi Purohit plays an integral role in the organization’s operations, delivery services, and GTM strategy. Prior to ColorTokens, Ravi has held multiple leadership roles over more than two decades at Wipro and demonstrated transformative leadership, superior results, and collaboration across global teams. Most recently, as a Global head of Wipro’s Oracle service line, he reoriented the service portfolio around customer needs such as enterprise process transformation, digital transformation, and cloud technology. He has led integrated services, solutions, demand generation, presales, and large multi-services deals and headed industry verticals in Retail, CPG, and Food and Beverage globally.
First Magazine 80 Digital October - November 2021
Cybersecurity demand is only escalating, and we have the potential to cater to the local as well as global market
T
he pandemic marked a watershed period for digitization and cybercriminals alike. Businesses accelerated their shift to digital, pivoted to the cloud, and adopted hybrid work models. On the other hand, cybercriminals rode the COVID-19 wave. They took advantage of every opportunity that came their way – and India became the second most attacked country by cybercriminals in the APAC region. Historically, companies have expected CISOs and security chiefs to focus on technical tasks. Leaders had the monstrous and all-important goal of securing a business, but cybersecurity became an afterthought when companies make big, strategic decisions. That meant companies were
losing out on the value that the cybersecurity function could provide. Today that is changing. The demand for cybersecurity products, professionals, and services is at an all-time high. According to PwC, Indian cybersecurity is expected to grow to one and a half times the global rate by 2022. Multiple factors are contributing to this growth, including: • Digital Transformation As the digital transformation of enterprises picks up pace, vulnerabilities are opening in equal measure. Adopting new technologies is imperative to success in a competitive market. However, this entails a complete overhaul of systems and processes, staff training, and most importantly, a brand-new approach to security.
Digital First Magazine October - November 2021
81
• Talent and Skilling The world is facing a shortage of cybersecurity talent. According to a report by Michael Page, by 2025, India alone is predicted to have more than 1.5 million unfulfilled cybersecurity job vacancies. Therefore, the opportunity for India comes from two sides – the need and the gap – and India’s working-age population is its biggest game-changer. Currently, the youth constitute 22% of the country’s population, a higher number than the total population of many nations. An increasing number of universities and colleges across India are offering specialized cybersecurity degrees at undergraduate and post-graduate levels. The industry is collaborating with educational institutions to develop and impart niche courses and certifications. Specialized training and courses cover areas such as threat intelligence, application security and security operations. • Government Push and Entrepreneurship The government has been ramping up its efforts in fostering cybersecurity. The budget for FY21 was one such example wherein the fund allocation for cybersecurity initiatives rose to INR 170 crore. This enables companies to flourish by testing their solutions in the local market. Additionally, the DSCI is building a world-class infrastructure for creating momentum for cybersecurity technology development at its Noida campus. The program, formally launched in January 2020, includes incubation for start-ups, state-of-the-art technology research lab, a unique infrastructure for elements such as forensics and testing, security training, and R&D. Entrepreneurship is witnessing a steady rise across the country. Nation-wide government campaigns such as ‘Make in India’ and ‘Atmanirbhar Bharat’ have given the necessary impetus to budding entrepreneurs. The availability of new-age technologies and talent has given way to significant growth and created a favorable environment for Indian start-ups to flourish globally. According to the Data and Security Council of India (DSCI), around 20% of cybersecurity start-ups were launched in the last two years across India. Interestingly, for these start-ups, India has accounted for 63% of the revenue, followed by North America. • Stage of Development India is currently in the fairly early stages of development when it comes to cybersecurity. On one hand, we have start-ups offering niche solutions and organizations seeking to deploy them. With competitive pricing and quality improvement, Indian cybersecurity companies
First Magazine 82 Digital October - November 2021
have a tremendous scope to cater to developing as well as developed markets. As cybersecurity consumption increases in the country and across the globe, the opportunity is limitless. • Global-local Opportunity We are also tightly integrated globally. On the one hand, we bring in best practices from the US, UK, and Europe. On the other hand, we are looking to emerge above our Asian peers such as China, Japan, and South Korea. No longer is India seen only as a lucrative market, but more as a creator and an innovator. Even for our start-ups, the growth potential is huge among global markets where the spending capacity of businesses is also higher. The DSCI has also found that 24% of cybersecurity start-ups have expanded their footprint globally, including countries such as the US, Australia, Singapore, and the Netherlands. • Sectoral Demand Some sectors are witnessing a higher demand for cybersecurity than others. In India, as found by PwC, the market has been defined by three industries: Banking and Financial Services (BFS), IT and ITeS, and government services. Demand in BFSI, IT and ITeS is driven by the tightening of regulatory norms. As for the government, with the roll-out of smart cities and other digital initiatives, it has become a necessary measure to implement proactive, advanced security measures. • Regulatory Demands Regulators are continuously taking note of evolving cyberattacks and in turn developing frameworks and stringent guidelines to monitor organizations across industries. Regulations such as GDPR, HIPAA and PCIDSS are creating an increasing impact on the Indian market. Needless to say, enterprises are stepping up their security efforts to avoid hefty penalties and financial losses. In conclusion, we are at a critical juncture. Cybersecurity demand is only escalating, and we have the potential to cater to the local as well as global market. But then again, cybersecurity is no child’s play! It is an uphill climb due to the massive disparity between IT architectures and application technology to secure. Business-wise it is complex since enterprises want technology investments to deliver higher value, and hence any cybersecurity initiative undertaken should not degrade existing capabilities. A cybersecurity company always must do more with less. This challenge beckons best of the minds to India as a cybersecurity hub.
Digital First Magazine Higher Education Digest October - December November 2021 October January 2019 2020
83
EXPERT OPINION
How Prepared are you for a Ransomware Attack? KunalSatyamohan Kislay, Co-founder and CEO of Yanambaka, Integration Wizards Solutions CEO, Writer Information
A
s organizations continue to increase their digital adoption, cyber criminals have increased their efforts to exploit the infrastructure vulnerabilities that accompany this rapidly expanding digital ecosystem. One of the major reasons for acceleration of digital adoption is the rise in number of remote workers and the work from home trend which has suddenly got a boost due to COVID-19 pandemic. The addition of billions of workers who now access organizations’ data from remote places all over the world has increased the number of endpoints which are vulnerable to cyber-attacks. The old infrastructure of the endpoints, older operating systems and just the sheer numbers and physical locations of the endpoints has made the job of the data security experts extremely complex and daunting. In simple words, ransomware is a malicious software that does not allow you to access your own data or could lock your entire system. It may also steal, delete or encrypt your data. In 2021, a ransomware attack happens every 11 seconds across the globe, and in India we see 375 cyber-attacks every day.
First Magazine 84 Digital October - November 2021
Mr. Satyamohan Yanambaka is responsible for executing the business strategy and directing the overall performance and growth of the organization. A proven leader & strategic planner with passion to redefine enterprise standards. Satyamohan has over 25 + years of rich and diversified leadership experience in many large multinational corporations such as HCL Technologies, Oracle, State Bank of India and Mahindra Satyam.
Digital First Magazine October - November 2021
85
As per a Gartner report, by the year 2025, 3 out of every 4 organizations will face one or more cyber-attack. Across the globe, businesses will pay a projected $20 billion in ransom, which is 57 times more than in 2015. The real cost of cybercrime is more than $6 trillion once we include the overall cost of recovery including data restoration as well as infrastructure, applications and business recovery. In addition to that there are hidden costs such as loss of reputation, impact on brand and customer sentiments towards the organisation which could impact its future financial growth. Today’s organizations rely a lot on data, and that is exactly what ransomware attackers are after. The choice of paying a ransom is risky and may not be the best way to recover out of an attack. CyberEdge Group survey reports that less than half of organizations who paid a ransom could recover their files. To avoid situations where organizations need to pay a ransom, decision-makers must focus their attention on evaluation of cyber security solutions including backup and recovery solutions, ransomware detection solutions, endpoint security solutions for protection and accelerated recovery. Organizations must also assess their readiness in terms of recovery planning. It is critical to have well-documented recovery plans with proper workflows and responsibilities assigned to various roles detailing how your organisation will respond once an attack happens. While the reactive or corrective measures are important to ensure that your organisation recovers fast from the ransomware attack when it happens, preventive measures are equally critical to be put in place. Preventive measures are required to close security gaps by creating a current-state and target-state of maturity and initiatives to close the gaps. You can also prioritise the initiatives using factors such as effort, cost, risk, and business impact. Neo ransomware targets to steal valuable data from victim organisation’s systems and sometimes encrypts it thereby preventing the users to access their own data. This gives the attackers an opportunity to demand ransom for returning the data. The attacker threatens to share the data in public domain thereby compromising organisation’s reputation and their competitive strength. The neo attackers are more precise and are fully involved in the attack as they entrench themselves in the organisation’s network through
advanced persistent threat attacks unlike the traditional ransomware attacks. It is important to note that any type of infrastructure can be disrupted by a ransomware attack —whether an organisation uses on-premises or hosted infrastructure on a public/ private cloud. While organizations have gone ahead with accelerating digital adoption, they have created complex networks and systems thereby creating huge challenges in preventing zero-day attacks and file-less attacks. To enable proactive prevention, the key asks from the organizations are - managing effective cyber security, simplifying the technology stack and improving system performance. Cybersecurity requires a new integrated approach with a ‘Prevention First’ philosophy. Without a fundamental change in the cybersecurity strategy, attackers will continue to prevail against security teams who are constantly playing catch up. Neo attackers have a unique strategy of constantly and unpredictably changing their attack methodology to target predictable detection-based security solutions. Organizations must implement purpose-built and proactive preventative techniques to prevent unknown and unpredictable threats at early stages of attacks before they can cause any damage to enterprise systems. These new solutions have the following benefits: • Protect organisation data. • Prevent unauthorized user access. • Reduce complexity of IT systems. • Accelerate recovery time after a breach. • Improve business continuity. • Improve confidence in organisation’s reputation. In the new normal, after COVID-19 pandemic has hit the world, Work From Home (WFH), or even more prevalent - Work From Anywhere (WFA) has brought in new challenges. A data breach through ransomware attack is one of the three most common ways to impact the organisation’s reputation in addition to poor customer service and environmental incidents. CXOs now have very specific needs for Cybersecurity and Privacy Compliance. As well as, proactive approach to address the new challenges and needs is much required to keep the organizations on the forefront of growth and sustainability.
A ransomware attack happens every 11 seconds across the globe
First Magazine 86 Digital October - November 2021
2
Higher Education Digest September 2020
Digital First Magazine October - November 2021
87
LEADERS’S INSIGHTS
Ready and Steady: How crucial it is for organizations to work towards reassessing and restrategizing their IT assets Sandeep Sekhar, Chairman & Global CEO, C Ahead Digital
Sandeep Shekhar is an entrepreneur with diplomatic orientation. He is the Chairman & Global CEO of C Ahead Digital, a top global IT Consulting Company which was founded in 2004. Sandeep actively contributed towards strengthening India’s ties with other nations like the US, South Africa and Fiji through his ventures. He had also set up Sandeep Sekhar Films in 2008-09, an infotainment company which did business in information and entertainment space using digital technologies, distribution and co-productions of content.
First Magazine 88 Digital October - November 2021
Digital Transformation is an ongoing process
A
s business across the globe picks up speed with the emergence of digital transformation, resulting in increasing the importance of cybersecurity. In addition, it is very crucial for businesses to inculcate cybersecurity into the company’s organizational work model. The emerging new technologies defines an organization’s competitiveness, its efficient operation and its future development according to the today’s market. Therefore this also allows companies to tune up their internal communication, process and larger amount of data storage which out-turn delivering more value to their respective customers.
Over the past few years, many industries have witnessed substantial rise in the security incidents. There is a serious need of having an effective cybersecurity which will benefit a company or organization to grow in parallel along with the increase in digitalization in work process. Management of IT assets is considered to be crucial for each and every organizations to work towards reassessing and re-strategizing of their own IT valuable holdings. Thus, these situations can be resolved when understanding the significance and purpose of the IT assets of a company with the help of various new approaches to security.
Digital First Magazine October - November 2021
89
Securing and Managing IT Assets Any data, system, or tool owned by the company that is used in the development of business activities can be an IT asset to an organization. The management process of IT asset typically includes collecting a detailed record of an organization’s hardware, software and network assets along with using of data to make informed business choices about the IT related acquisitions and redistribution. IT asset management is all about creating an asset inventory and continuous use of captured asset data to increase returns, minimizing risk and make increase business benefits. In Addition, this avoids unprofitable assets possessions by making sole use of currents resources, IT managers therefore can cut software licensing and support cost along with diminished wastes and improved efficiency. Similarly, ITAM (Information Technology Asset Management) also helps in increasing the companies wide understanding of IT’s business value, Improving relations along with understanding difference between IT and other units. This further enforces compliance with cybersecurity policies and administrative requirements, also improves productivity through various technical support along with limited cost of handling fruitful IT environment. IT asset management is thus a combined business practice of finance, inventory, contractual functions to control spending, support lifecycle management, and making strategic decisions within the IT ecosystems. The dynamic business and operations (regulatory enforcements, old infrastructure, and technology up-gradation) further make asset management more complicated and hard. IT ASSETS TCO (Total Cost of Ownership ) is important for checking if any IT assets is becoming more expensive and less useful for business and in a similar breath where any IT assets is becoming expensive and yet relevant. Another question which arises is how can we combine the usefulness and how it is associated with TCO considering it to be an important step in increasing IT assets. Thus a lot of newer digital roadmaps helps organizations to plan this management process out for their future where they can save a lot as well as enjoy the latest technologies. Modification of IT Skills – Ways of execution As the IT landscape is changing rapidly and it is important to be updated to stay integrated into business with the rest of the world. Therefore, skill match is a must along with a plan too, as anything that is old gets expensive with
First Magazine 90 Digital October - November 2021
time and missing skill availability can make it extremely difficult to continue. Planning of IT assets is a must for current and future business, such alignments is much easier nowadays and also created an effective roadmap for better digital transformation. This further helps in outlining changes that the organization will get to make to its information and communication infrastructure. Creating a strategic plan for execution requires top to down critical brooding about what’s appropriate for the setting and what is important to the organization or company along with its strategic vision, goals, objective to watch out for. Once a creative plan is made, maintaining and upgrading the assets is an important and crucial part of the IT asset lifecycle. This helps in maximizing the value of the asset and extending its life as well as minimizing risks along with reducing maintenance and repaid cost by using assets management software, particularly those assets are important to the regular operations of any business. Hence, asset management system achieve this by supervising users to keep track of their assets along with analyzing maintenance expenses and increase in assets overall beneficial lifespan. Therefore, the management system of IT assets records every aspect of an asset and are highly advantageous to any organization. Evaluating Workflow and Implementation It is crucial to have a complete understanding of workflow is needed to evaluate the impact of system changes on the current process. Thus when you change any process it often changes the way of work is completed and that’s why it’s an honest idea to spot areas that will be suffering from system implementation along with the document workflow. Additionally this will not only reduce risk but also increase team acceptance and successful implementation. Similarly, keep in mind that the implementation of a software system does not end when that system goes live. Technology implementation must become an integral part of the organization’s total infrastructure and will be incorporated into operations and future strategic plans. All in all, digital transformation is an ongoing process. Therefore it is challenging but manageable task. Businesses should consider it to be important to work as a team and participate with rapid change in business model and technologies. Therefore, addressing all these elements in a functional way thus prioritize cybersecurity that facilitate to securing digital transformation and ensure a company’s overall stable development for its bright future.
Website Design & Development
(W)E ARE PRESENT
LOCALLY (W)E ARE PRESENT
Digital Marketing
GLOBALLY (W)E ARE JUST AROUND
Mobile Application Development
THE CORNER!
3D Animation & Stopmotion Graphics
Online Software Development
Search Engine Optimisation
Online Strategy Consulting
Digital First Magazine October - November 2021
91
LEADERS’ INSIGHTS
Vijay Sivaram
Arunagiri Rajasekaran
Building Cyber Resilience in the New Normal – Need of the Hour Vijay Sivaram, CEO, Quess IT Staffing and Arunagiri Rajasekaran, Deputy General Manager, Quess IT Staffing
First Magazine 92 Digital October - November 2021
A change from traditional recovery to advanced technology for combating cyber attacks is the need of the hour
D
ue to covid-19, majority of people have now transited more in to digital world and they spend most of their time in cyber world. World is turning to be digital through virtual collaboration, meeting platforms, internet of things (IoT), machine learning (ML) and artificial intelligence(AI). One of the main challenge for this information sector is cyber security which is a major challenge for businesses. Most of top executives face a common question from their board directors about how confident and prepared they are to face a cyber attack event. Hence organization have turned towards achieving a strong cyber resilience strategy. It is a unified approach where the disaster recovery methods and the data protection are combined to achieve total cyber security.
Cyber resilient programs aim to develop the ability to adapt, recover, withstand the adverse conditions that occur due to cyber threats or attacks. Though the systems and networks appear to be fully protected and patched, malware could affect the system which leads to huge financial losses. Survey conducted by IDC states that downtime cost per hour exceeds USD 200,000. Moreover, this survey states, that nearly 73% of respondents indicate that during past two years, they had to spend a major portion of their resources to tackle the major security breaches in their IT environment. Though organization have recovery plans to combat this issue, their existing configurations do not allow them to recover easily as they are not designed to be resilient against these cyberattacks. The hackers use more advanced techniques in their actions hence
Digital First Magazine October - November 2021
93
About Vijay Sivaram
About Arunagiri Rajasekaran
Vijay Sivaram is the CEO of IT
Arunagiri Rajasekaran, a
Staffing and Search & Recruitment,
versatile leader with 22+ years
overseeing both India and Asia
of experience in multiple facets
Pacific operations at Quess Corp.
of business and technology,
He is responsible for setting the
presently serves as Deputy
strategic vision and direction for his
General Manager at Quess IT
focus areas while supporting and
Staffing, the largest IT staffing
nurturing the leadership under his
organization in India. In his
mandate towards success. A young
current role, he leads the Managed
and energetic leader, Vijay is part
Solutions vertical, enabling clients
of the founding team of Quess Corp
with smart technology solutions
since its inception in 2007. He has
to help businesses become
worked across services within the
future-ready. Arunagiri enjoys
organization, including Workforce
learning about new processes
Management, Operating Asset
and technologies, and is a firm
Management, and Tech Services.
believer in continuous learning.
organization also need advanced technology in order to adapt to this problem. A change from traditional recovery to advanced technology for combating cyber attacks is the need of the hour. It is imperative that the organization considers holistic view of the risks and try to adapt to a robust cyber resilience programs so that their operations are not paralyzed after these cyber attacks. With a very strong cyber resilient programs, information technology ought to establish a good relationship with the management and enable them
First Magazine 94 Digital October - November 2021
to continue their digital transformation journey with confidence. Hence IT organization ought to take a more comprehensive approach to cyber resilience and do an indepth study on the available solution for solving this issue. As indicated by Stan Wisseman “The primary goals of resiliency are anticipating, withstand, and adapt. You need to anticipate that you’re going to be attacked. You need to withstand that attack and continue to operate your critical business functions. And you need to adapt to an evolving threat landscape.”
Digital First Magazine October - November 2021
95
LEADERS’S INSIGHTS
Trends in Cybersecurity in 2022 Vinit Khandare, CEO & Founder, MyFundBazaar India Private Limited
Having done his BCA from the University of Pune & PGDM in Banking & Finance from NMIMS, Mumbai, Mr Khandare has financial experience of over 12 years, having received investment advisor license from AMFI, SEBI, BSE etc. Having founded multiple companies in the media & defence sectors along with MyFundBazaar India Private Limited, he previously worked with HDFC AMC & solely managed 10,000 crores.
First Magazine 96 Digital October - November 2021
Data breaches present a continuing threat to health organisations
A
s cybersecurity leaders, we have to create our message of influence because security is a culture & you need the business to take place & be part of that security culture.” With the evolution of modern technologies & the world transforming digitally, cyber attacks are now the fastest growing crime on a global scale. Moreover, with companies shifting to remote working since the unprecedented pandemic, they have become more vulnerable to malicious attacks. Financial service providers are entrusted with personally identifiable information which automatically becomes an attractive target for cybercriminals. Holistic User Awareness : As cyber threats become more aggressive each day, businesses & organisations
take major steps to strengthen their security measures - apart from implementing firewalls & sophisticated IT protocols, companies now deem it important to augment the capabilities of their IT personnel via seminars & webinars ; with cybercriminals resorting to more advanced & high-tech forms of malware infections, organisations have begun implementing the combined use of web & classroom-based methods & visual aids for cybersecurity awareness training & promotions. Geo-Targeted Phishing : Since cybercriminals use more advanced methods to create well-executed business email compromise attacks, phishing emails & malicious URLs, businesses are starting to adopt & invest in comprehensive security awareness programs. Attacks On The Healthcare Sector : Failing to
Digital First Magazine October - November 2021
97
combat cyber threats in the healthcare sector, hospitals & healthcare organisations are investing more in cybersecurity. However, amid the COVID outbreak, some healthcare organisations temporarily relaxed their firewall rules to make it easier for their staff to work from home. Data breaches present a continuing threat to health organisations as sensitive information about businesses, employees, and patients remains the top target of cybercriminals. Machine Learning : In cybersecurity, the role of machine learning is growing & has become more proactive - making it simple, effective & cost effective. Manipulating data patterns & algorithms, Machine Learning can anticipate & respond to active attacks in real time. Data must come from everywhere & represent as many potential scenarios as possible considering this technology heavily relies on rich & sophisticated data to produce credible algorithms. These would certainly help eradicate similar attacks in the future to a great extent. Cloud Security : Cloud Management Software Solutions have more & more businesses & organisations migrating to the cloud offering - encryption, authentication & secure audit logging. However, IT security professionals are needed to tighten cloud security. Poor configuration of cloud security can lead to cybercriminals bypassing internal policies that protect sensitive information in the cloud database which is why predictive security is becoming useful in identifying threats with some sectors having resorted to leveraging multi-factor authentication to reinforce security. GDPR Compliance : GDPR or the General Data Protection Regulation is one of the most significant developments in the data privacy regulations on a global scale. GDPR is known to provide a more consistent protection of consumer & personal data & according to a survey about 50% of businesses believe they were already GDPR-compliant by the end of 2018. Threats to Higher Education : With the rise of online learning & remote work during the pandemic times, cybersecurity is now among the top priorities of those in the higher education sector which primarily involve compromised student data. As the number of cyberattacks targeting higher education grows, institutions are now moving towards a new security architecture that includes post-perimeter security on endpoint protection, access to the cloud & identity information. Vulnerability of IoT : Computing devices today embedded in IoT products allow for sending & receiving data over the Internet which poses significant security threats to users, exposing them to cyberattacks. Digital transformation is about becoming ‘digital first’ & ‘data
First Magazine 98 Digital October - November 2021
driven.’ While IoT is ultimately the provider of that data, any breach of an IoT device may even result in an unauthorised access to legacy systems. From weak passwords to insufficient data protection could compromise customer data & safety, loss of information, financial losses & overall reputational damage.
Cyber Attacks are now the fastest growing crime on a global scale
Mobile Device as Attack Vectors : We have 66% of the world population as of 2021 using smart mobile devices. Most leading e-commerce software & platforms are accessible on mobile platforms. Cybercriminals see this as an opportunity to target mobile users as attack vectors. According to sources, about 70% of fraudulent transactions originated from mobile platforms with popular mobile attack vectors including malware, data tampering & data loss. Financial Services Cyberattacks : The financial services sector is another industry facing cyber threats daily. It also doesn’t help that some financial organisations are still struggling to keep pace with cloud migration and the increasing number of regulations. Phishing attacks remain prevalent in the financial services sector, but it’s no longer just via emails. Phishing through social media and other messaging platforms is now among the cybersecurity trends in financial services. Aside from phishing attacks, the most common threats faced by insurance companies, banks, and asset managers include malware attacks and data breaches. With most businesses establishing their operations in cyberspace, a tight security system is not just an option—it is a must-have if you want to ensure fool-proof protection for your company and your consumers. Identifying critical attack areas and anticipating possible attack scenarios can help you avoid becoming a victim of such attacks.
Digital First Magazine October - November 2021
99
68
Digital Education First Magazine Digest 100Higher October -2020 November 2021 October