Perimeter security discovers the most important kind of vulnerabilities beyond company’s owned equipment and resources. As employees routinely access highly sensitive information from their devices through WIFI networks, to identify where this new perimeter is weakest and where it is relatively strong is important. The scenario focused on extending security to Wifi networks as WFH picked up during the pandemic.
Avinash Dharmadhikari, CISO, Persistent Systems understood this and in 2021 he and his team embarked the Cyber Security enhancement journey focusing on four key factors, real-time visibility, secure internet, data protection & control effectiveness assessment.
Avinash’s vision is a “Persistent world where people unequivocally trust their information is safe.”
The focus was to extend security to all WFH/Work from anywhere to the user community without compromising the Data and endpoint security for roaming/WFH users.
Investments were made in Secure Web gateway, DLP, CASB to provide secure & clean internet to users irrespective of the location. This was done to ensure that we have real-time visibility on the data movement especially code repository such as GitHub, personal one drive, public emails etc. Further the team invested in dark web, deep web monitoring to ensure that we get the feeds on various upcoming threat vectors in advance so that we can take preventive measures.
Impact of Implementation
The investments started paying back; our external security posture has gone up in A grade on various tools such as BitSight, RiskRecon, Security Score Card.
We noticed the Data theft incident have reduced by 57% and unintentional data leakage on GitHub reduced to 0%, also Identity theft is reduced by 93%
Employee awareness has gone up by 79% and our ability to detect any cyber threat beforehand has gone up by 100% and we could prevent multiple incidents by taking pro-active steps.
Technical Challenge
Ability to detect the incident and having real time visibility was a major technical challenge that led to the project says Avinash. Cyber security teams can effectively detect a cyber incident, understanding the full scope, scale and impact of an attack real time visibility is must.
Our job was to make sure that we implement a cyber security program that addresses the ability to identify the environment being protected. The seniors and Persistent Board acknowledged these efforts and understand cybersecurity as a strategic, enterprise risk.
NOTE: This story is based on the nomination submitted by Avinash Dharmadhikari, CISO, Persistent Systems for 8th Annual Dynamic CISO Excellence Awards 2022.. Avinash is the winner for Dynamic CISO Visionary CISO Award 2022