“CISOs should align their security strategies with the overall goals and mission of the enterprise” By Elets News Network - 22 November 2022

S Srikanth

The field of cybersecurity is continually changing. The nature of cybersecurity has changed as a result of digital business and hybrid workspaces. It is essential to reframe security procedures, reconsider technology, and get ready for new threats. To know about how will cybersecurity programs evolve in the industry in 2023, Nidhi Shail Kujur of Elets News Network (ENN) interacted with S Srikanth – CISO, Tata Electronics Pvt Ltd.

What are the various challenges faced by organisations while operating in a cloud-based security environment?

Today businesses need to secure data and applications accessible anywhere from any device, it’s possible only with cloud technology. With the right cloud strategies and solutions in place, organisations will be able to deliver better customer experiences, build scale, deal with IT infrastructure inconsistencies, increase computing for building data-led capabilities, improve time to market, accelerate innovation cycles, operate more efficiently, and build the resilience to withstand whatever the future brings. But there are inherent cloud computing security challenges to making it a reality.

When businesses are looking to move all or part of their operations to the cloud, there is the inevitable question of security. Will the website be safe in the cloud? Does hosting our application data using cloud services make our business vulnerable to cyber-attacks? Can our cloud servers handle a DDoS attack? Shadow IT, supply chain – API integration attacks? Lack of change management?

Some of the key challenges that may be faced and why you want to prevent unauthorised access at all costs,

  • Data Security Unlike an organisation’s on-prem infrastructure, cloud-based deployments are outside of the physical network perimeter and can be directly accessible via the public internet. Without the right expertise and configuration, hackers can gain unauthorised access to cloud-based business solutions.
  • Lack of Expertise – Challenges in finding employees with the right skill sets to configure and manage their cloud solutions. Cloud misconfiguration is
    the number one reason for cloud data breaches worldwide and is also a major compliance risk.
  • Compliance Issues may raise with compliance governance, data quality, and risk management. Regulations are tightening their grip on cloud services.
  • Cloud Integration and Manageability – Most businesses use a combination of on- prem and multi-cloud environments. This can be difficult to integrate and manage since every environment will have a different way of monitoring performance.

Also Read | “CISOs with technical knowledge and focused security will be playing a more crucial role”

How does Zero Trust help secure the data infrastructure of organisations?

  • Device manufacturers are responsible for ensuring device trustworthiness. Security-at-design is driven by zero-trust manufacturing, an extension to the zero-trust networking model and an approach to building trustworthy electronic, industrial control and IoT devices within a supply chain that cannot be trusted.
  • Zero Trust is designed to protect modern environments and enable digital transformation by using strong authentication methods, leveraging network segmentation, preventing lateral movement, providing Layer seven threat prevention.
  •  Zero Trust is a framework for securing infrastructure and data for today’s modern digital transformation.
  • Applications, users, and devices need fast and secure access to data, so much so that an entire industry of security tools and architectures has been built to protect it. Zero trust addresses the security needs of this data-driven hybrid cloud environment.
  • Zero trust provides organisations with adaptive and continuous protection for users, data and assets, plus the ability to manage threats proactively. Other benefits are:

1. Enhanced network performance due to reduced traffic on subnets
2. Improved ability to address network error
3. More simplified logging and monitoring process due to the granularity
4. Quicker breach detection times

How can the potential of AI and automated architecture be leveraged to ensure agility and intelligence in threat remediation?

Simplifying technology management is one of our customers’ most frequently cited challenges. Businesses mainly spend their revenue on running enterprise operations, but most of these operations are managing innovations of the past. Working towards becoming an autonomous enterprise brings new levels of context, intelligence, and automation to day-to-day processes and decision-making at a much faster pace.

Efficiency and cost savings are the core drivers of automation initiatives in organisations.

Automation, combined with contextual intelligence, can provide a route to greater agility, reduced risk, a better customer experience, and stronger growth.

The primary objective was to reduce risk and allow some of our talented employees to shift to higher-value work, which will lead to better customer service and higher revenue growth.

How do you see the role of CISOs transforming towards business outcomes?

The role of the Chief Information Security Officer (CISO) is growing, and the scope of digital business intensifies. The risk to businesses in cyber security is 88 per cent.

CISOs should align their security strategies with the overall goals and mission of the enterprise. In a digital world, data security not only reduces risk and prevents negative outcomes, but it also contributes to the forward momentum of the business.

CISO effectiveness means delivering five critical outcomes:

  • Understand how the CISO role has evolved – Where a breach or security flaw was detected, their approach was to fiX the system rather than transform the business. Understanding these expectations is vital to CISO’s success.
  • Know your board’s business needsCybersecurity is no longer too technical and abstruse for business execs, and CISOs can’t put themselves above considerations of financial risk, and market opportunity. Not every security expert is good at business- speak and organisational politics — but for the CISO, its soft skills are essential.
  • Embed security into your business strategy Building security into the development process establishes trust with the customer, promotes sales and gets products to market faster, therefore driving revenue.
  • Create a strategic roadmap – High level, verifying the mission, vision and goals of the business. Prepare a framework that develops a roadmap to long-term business goals as the business, the threat landscape and the technology stack evolve.
  • Determine how security solutions can help– Need a scalable, overarching security solution. The role of the CISO is to expand at least as fast as your organisation’s attack surface.

Looking at the trends from 2022, how do you see cybersecurity programs evolving in the industry in 2023?

Cyber security is a constantly evolving sector. Digital business and hybrid workplaces have shifted the cyber security landscape. It is necessary to reframe security practices and rethink technology, as well as prepare for new threats. Few areas we need to focus on in cyber security,

IoT Vulnerabilities Within the next 5 years, there will be 64 billion IoT devices installed around the world. Having more devices which are connected through the internet increases its cyber-attack surface. Most IoT devices have far fewer security measures as compared to computers or phones. As a result, IoT and accelerated digitisation are one of the most important facets of cybersecurity trends to watch out for in 2023.

Also Read | “The demand for seasons CISOs is on the rise and this requirement is going to grow in future”

With the gowing potential of Artificial Intelligence (AI) ML and computer- assisted security measures, cybersecurity becomes more effective, and less expensive simultaneously. ML develops patterns and manipulates them with algorithms, it can anticipate active real-time attacks. AI-enabled threat detection systems can predict new attacks and notify admins of data breaches instantly.

Mobile is a bigger target than ever According to reports, there has been a staggering increase of over 50% more mobile banking malware attacks since 2019. Handheld devices are a giant prospect for hackers to break into since they contain more valuable information than ever before and exploit any loophole in security in any device system.

Cloud-based security infrastructure More and more businesses and organisations are migrating to the cloud. However, many cloud services right now do not offer secure encryption, authentication, and audit logging. Poor configuration of cloud security can lead to cybercriminals bypassing internal policies that protect sensitive information in the cloud database.

Remote workers and distributed teams One of the weakest links in a company’s security protocol is people. This is why target ransomware and phishing attacks make up a large part of every hacker’s arsenal. Chief Information Security Officers are tasked with conducting social engineering drills to ensure that employees do not fall prey to attacks.

Related Interviews