Today, cybersecurity has the attention of senior board members of the organizations as they continue to face a very lethal and ever-increasing threat landscape. They very well realize the impact security breaches can have on the business. As technologies continue to evolve, CISOs have a tough task cut out for them. It is in this context Muqbil Ahmar, Executive Editor, DynamicCISO.com caught up with Satish Warrier, CISO, Stock Holding Corporation of India Ltd. Below are the excerpts of the conversation:
Muqbil Ahmar (MA): How do you mitigate advanced threats such as zero-day exploits and ransomware?
Satish Warrier (SW): Among the various approaches to mitigate these threats, some of the most basic and important ones are:
MA: How do think cyber security impacts business in the context of today’s threat landscape?
SW: Irrespective of the changing threat landscape, the impact of cybersecurity on business will never change. Every successful cyber attack has the potential to cause serious damage to the company’s bottom line, as well as its business reputation and the customer’s trust.
According to me, what is changing is the greater impact due to ever-tightening compliance requirements and various regulatory changes such as the Data Protection Act. The ‘The Personal Data Protection Bill’ was introduced in 2013 to provide protection to the personal information of a person. This requires organizations to manage the security of the personal data that they hold, and in the event of the same being accidentally or deliberately compromised, they may incur fines and regulatory sanctions; especially if it is proved that they had failed to put appropriate security measures in place. The emerging threats comprising zero-day attacks, Ransomware, etc. has put data at greater risk; forcing businesses to prioritize their efforts on data protection measures. This has made cyber security the subject matter of discussion in most board meetings.
MA: Does outsourcing information security make sense from a financial and resource perspective?
SW: Every outsourcing model starts off as a better financial option. However, according to me, in most cases, the financial benefits are either non-existent or minimal. Over a period of time, one tends to feel that the spending on security was much lower when the same was being managed in-house.
As regards the resource perspective, outsourcing makes a lot of sense. It provides assurance of the availability of competent and skilled manpower resources at all times. There is a severe shortage of skilled cyber security professionals. It becomes quite a challenge for most organizations to ensure that (a) their employees are constantly trained with respect to the frequently changing threat and solution landscape and that (b) their trained and skillful resources do not leave the organization.
Disclaimer: Views expressed here are of the author and do not necessarily reflect that of the organization he represents.
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions