Cyber security guys should be involved in initial stages of project: RaviKiran S Avvaru, Toyota India Head-IT & CISO

Cyber Security

Cyber security is one of the vital function areas of organizations today. Not just IT department, it involves the entire business directly or indirectly, as organisations are becoming digital and smart, with time.

A Cyber Security report sometime back, showed that 59% of Asian organizations experienced a business- interrupting security breach at least once a month. As we move towards digitization, the number and type of devices requiring enhanced security measures increase too. Also, new technologies such as artificial intelligence and machine learning are providing attackers with enhanced tools for more complex attacks. Needless to say then, cyber security has become important than ever for organisations to run smoothly.

Industry leaders discussed the same as they shared how cyber security can be well implemented in organisations, at the Elets Manufacturing Innovation Summit, in Delhi.

RaviKiran S Avvaru, Head-IT & CISO, Toyota India, shared that the trend of not involving cyber security staff in the new projects taken up by organisations leads to data leakage and security breach. “As per NTT survey also, 18% of the projects involve security guys, remaining 72-80% never involve cyber security people in initial stages. So that is a big point we need to make a note by saying that at least involve security guys at initial stages as they will have their checklist to ensure there is no data leakage,” he said.

Anish Gambhir, AVP, Arihant Electricals echoed similar sentiments. He added that since security guys know the internal stakeholders, like the project team or the commissioning team or the design team, of the project, if he knows external stakeholders also if he is involved at initial stages, the alignment can be much better.

“Involving the CISO in the initial stages helps very much, particularly in organizations which are project based. If CISO knows what is the scope of the project, who are the stake holders, who are vendors, who are the customers, he can have a better control of the whole set up as far as security aspect is concerned,” said Anish.

Srinivas Thimmaiah, Programme Manager-Information Security, Automotive Company, shared that the primary focus should be on what is best for the organisation, from a pool of available solutions. “We being a CISO or IT responsible, we have to understand what is best for the organisation. Until and unless we don’t have clarity on solutions and also requirement, we end up in having ‘n’ number of solutions which are implemented in organizations, because of which those are becoming part and parcel of hackers, where they try to enter.”

“The job of the CIO or CISO is not limited to providing prevention from the threats but in addition he should know the overall business aspect also because once he understands what is the business, how the processes in organizations are and which are the functions that are running the organisation, how they are interlinked with each other. So if the CISO is aware of the whole process of the organisationand the product line, he can implement the solutions in much better way,” added Anish.

Anish also highlighted how budget was a constraint when it came to well-implementation of cyber security laws in organisations. “As far as budget is concerned it is manytimes a challenge for security officer, because to convince the management that this particular amount of budget he needs for implementing these kind of activities he wants to adopt to protect the information. In that regard, first thing should be that in similar industry how much budget is generally allocated. Secondly, he can adapt the way of putting the value addition in the organisation, how the implementation of any new security system will add value to the organisation by protecting the information,” he added.