Why enterprises should strengthen their security posture
Rapid adoption of digital technologies like cloud-based applications and the shift towards remote and hybrid work during the pandemic left enterprises vulnerable to cyberattacks. According to Accenture’s State of Cyber Security Resilience 2021 study, over 55 per cent of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches. This brings us to the question – How can enterprises build effective cyber resilience and prevent critical data breach? While adopting a robust cybersecurity infrastructure is crucial, it is equally important for companies to build their cybersecurity talent base.
Binu Chacko, Senior Director – Information Security, Walmart Global Tech
“At Walmart, maintaining the trust of our customers, associates and members is an absolute priority. Our Information Security team at Walmart Global Tech is committed to securing our digital ecosystem, minimizing risk across the enterprise and defending against cyberthreats to protect our customers, members, associates and systems.
A hybrid workplace brings with it different cybersecurity risks than the traditional office environment. Weak Wi-Fi security at home, shared laptops, unsecure mobile devices and low security hygiene are some of the main reasons why individuals may fall prey to cyberattacks at home. That said, there are many steps that users can take to help protect themselves — we highlighted a few tips anyone can implement to stay safer online on our webpage Walmart.com/cybersecurity.”
Vishal Gupta, Founder and CEO, Seclore
“The pandemic has forced enterprises to accelerate their digital transformation journey. This has made cybersecurity, done right, as an enabler but otherwise the biggest impediment. Enterprises often mistake cybersecurity as infrastructure security i.e. to protect networks, devices and applications. However, infrastructure security is just a surrogate method to protect the real asset i.e. data. Data has become one of the most valuable currencies in the world and this increase in digital investments has created even more nodes for security professionals to manage and secure.
As cybercriminals become more sophisticated, comes the corresponding the need for a robust, zero-trust security framework and a larger cybersecurity workforce. Data security, without a doubt, should be at the centre of this strategy to avoid increasingly high-profile and complex cyberattacks and data breaches. The cybersecurity efforts should focus on security which focusses on data to ensure an airtight system that protects the company’s assets.
CISOs should ensure that enterprise data is tracked as it moves around within the enterprise and to external agencies. Data that is covered by privacy or export control regulations, should be separately tagged. Security policies travel with the data, wherever it goes, instead of being tied to specific applications, networks and devices. A constant Plan-Do-Check-Act cycle framework is set for managing data security. Simplify security initiatives and infrastructure to focus on the true asset i.e. data. Early alignment of the CISO’s agenda with the overall corporate goals helps to make cybersecurity a part of every enterprise function rather than a bolt on.”
Nandish Madhu, Director – Product Development, Cloud Engineering & Operations, Intuit
“The number of cyber threats and attacks has only increased since the pandemic began, particularly ransomware and phishing attacks, and organizations need a holistic approach to cybersecurity to ensure cyber resilience. As a result, it’s important for us to consistently review our security strategy and ensure that we’re responding to the latest trends.
We at Intuit are committed to protecting the privacy of our employees and customers. Security, fraud prevention and data protection are fundamental to that goal. These attributes are a fundamental part of anything we produce.
Our effort on security ranges from artificial intelligence-based security, fraud and risk management to educating our employees on the best practices. Our shift-left approach is helping us move from reactively managing runtime security threats to preventing them at build-time and in real-time. This also drives behavioural changes across the organization , resulting in process improvements and tooling enhancements.
With ever-evolving advancements in technology and business infrastructures, there’s been an exponential surge in the use of tools, techniques, and resources for attacks. Therefore, there will always be a need for heightened cybersecurity skills and training.”
Srikanth Doranadula, Vice President – Hybrid Cloud Systems, Oracle India
“As technological advancements are propelled in the country, there is an unspoken need of building trust on these innovations. Businesses no longer want to be bogged down by dated technology however at the same time, the risk of losing their most critical data to a cyber attack is holding them back and keeping their business centered around traditional way of doing business. Threats of cyber theft are especially amplified in our digital economy with an enormous data explosion.
Organizations must focus on a security-first culture and only rely on technology providers that lead with the same thought. To future-proof and attack-proof their data, businesses must also invest in threat intelligence programs that can help gauge the intensity of any hazard. At Oracle too, we have the privilege and a huge responsibility of managing customers’ databases so we prioritize security over any other pillar and therefore we have successfully managed world’s most critical and sensitive data with over four decades of experience. Our customers have been able to strengthen their security posture by reducing risk with security-first design principles. We also automate security to reduce complexity, human error and also lower cost with automated patching for Autonomous Database and threat mitigation for OCI by Access Management.”
Giridhar Yasa, Chief Technology Officer, Lendingkart
The pandemic led employees across organizations to get accustomed to working from home and with this a new working trend – hybrid working. This meant that data, software, and APIs needed to be available anywhere, anytime. In Hybrid working, employees choose to work from home, cafes, and even mountains which results in accessing unsecured WIFI and even systems – which means malicious actors get newer opportunities to access data servers that otherwise lay in secure infrastructure within the organization. It allowed organizations the opportunity to build new infosec policies for all employees. The absence of this would lead to threats to data privacy and the company’s reputation. Organizations have over time evolved their cybersecurity policies to stay up to date with the changing working trends. Robust cyber security infrastructure includes strengthening workplace and outside workplace security to prevent phishing or malware attacks by continuously scanning for threats, advanced measures like secure VPN connections, strong and complex passwords, authentication, secure gateways, installation of approved software, patching of OS, and much more.
Not just the working trends, but cybercriminals also have now discovered newer and sophisticated techniques to cause attacks. With companies that collect and store thousands of data points, robust security infrastructure is the need of the hour. And this is not possible without the support of the employees and proper awareness of cyber crimes.
Cybersecurity is a collaborative effort – right from the senior leadership in the organization to someone new and hasn’t been a part of the organization, perhaps an intern. Every employee, every team head, and every business vertical needs to come together for an organization to build a strong cybersecurity picture. We play a key role in properly safeguarding and using private, sensitive information and state resources. Organizations have responded by dramatically increasing their cybersecurity investments—yet breaches and threats continue to climb.
Here are some must dos and don’ts that organizations need to keep in mind to build an effective cybersecurity infrastructure.
- DO keep Hard-to-guess passwords or passphrases
- Choose different passwords for different accounts. If any password gets compromised, your other accounts remain safe.
- Look with suspicion for any email from an unknown id/or email asking for personal information/emails offering you prizes
- Only use your own system for working
- Secure all servers by setting up two-factor authentication/administration authentication
- Scan for threats regularly
- Provide pre-secured mechanisms to exchange data
- Patch management of the operating system
- Don’t leave your system unattended or printouts of critical information around your desk.
- Don’t install unauthorized programs on your work computer, it may cause a virus attack
- Avoid plugging in external hardware without prior information to the management.
- Avoid using unsecured Wi-Fi for shopping, logging into social media, or banking on the Internet
- Never access bank logins from an email or a text message.
- Don’t select ‘Keep me logged in’ or ‘Remember me’ options on your system, especially a public one.
The working trends are changing. The methods of cyber criminals are changing. Therefore, cybersecurity skills need to change too. In the post-pandemic world, digital and contactless have become imperative. And now, with the advent of 5G, it is only going to sustain itself in the future. Going digital has many opportunities but also some cons. Payments, lending, education, and insurance are all using means and methods to go completely digital, but these industries are at the highest risk and vulnerability to cyber threats. These threats are impacting big corporates and small businesses and even individuals alike. Thus, the need of the hour is to build a team of cybersecurity professionals and experts ready to prepare for any attack to win the cybersecurity battle!
It starts with training and upskilling professionals to build effective protocols to protect their networks.
To begin with, it’s important for companies to partner with industry experts who bring in in-depth knowledge and understanding of the security industry and landscape – its strengths, vulnerabilities, trend predictions, etc. They can help design comprehensive cybersecurity training modules that can help employees become multifaceted security professionals.
To keep the employees up to date with news and knowledge about the cybersecurity landscape, organizations must hold training sessions, webinars, and events. These can be held with in-house technology experts. An organization with standard cybersecurity requirements can upskill employees through any of the cybersecurity certifications that are being offered.
Hiring policies of the organization should also evolve to have cybersecurity skills as a prerequisite. Cybersecurity has quickly become one of the most famous and important skill sets and its demand is only going to grow. Hence, the acute skill gap is expected to become more apparent.
Industries, organizations and even the government must come together to bridge this skill gap by offering avenues for the training of the next generation of IT talent.
The need to ensure comprehensive and robust cybersecurity systems in an organization is an effort every CISO, every CXO should contribute to, especially the CEO. The State of Cybersecurity report ISACA states that the key factors hindering the creation of a strong culture of cybersecurity are lack of employee buy-in (41%), blaming other disparate units (39%), and absence of key indicators or business goals (33%). When it comes to cyber security matters, how leadership provides support will affect how the organization is protected from ever-present cyber threats.
The state of cybersecurity resilience, 2021, Accenture states that – 91% of CEOs/CFOs put the responsibility for cybersecurity squarely with IT. Better alignment between CISOs and CEOs can make an organization-wide imperative to state how the organization engages with customers’ information, including how that information is stored and used.
It helps in aligning the company’s goals to cybersecurity – all hands on deck to prevent any cyber-attacks. Today, CEOs and CISOs, and other CXOs understand the imperative of being cyber-security fluent and are willing to create a culture together, to safeguard the company from malicious elements. Cybersecurity accountability cannot be fragmented but a cohesive one, with clear responsibilities, accountability, communication, and planning – it should not be a reaction to a cyber attack.
The next big revolution in the internet universe is the Metaverse – that is a fact. This almost gets me curious as to the security aspect of Metaverse. Is Metaverse hackable? Well, the answer to this is yes. Metaverse is truly an internet marvel but it doesn’t come without risks. Common threats like phishing attacks, malware attacks, identity theft, and impersonation by fraudsters will require robust security measures. The metaverse has sparked enormous interest recently, along with Web3.0. Metaverse is also built on the pillars of Web 3.0 – Blockchain, blockchain-based cryptocurrencies, and non-fungible tokens (NFTs)– some of which are still not approved legally. This gives the malicious actors the scope of creating platforms that are not authentic and steal customer data.