DMI Finance is an NBFC, with pan-India operations into core businesses like consumer loans, corporate lending, housing finance, MSME Finance and asset management serving B2B and B2C clients. The company is into long term credit business in New India – using technology, creativity and innovative partnerships to bridge the credit gap.
Manikant R Singh, Chief Information Security Officer spoke to Dynamic CISO, where he shared his views on the latest Covid-19 crisis and how CISOs can use this opportunity for implementing best practices, promoting training, and, motivating the teams to chalk out strategies for future.
Further, he explained how constant communication with employees and management through various media plays key role for the whole system to function expeditiously.
As a CISO, if you can tell about your journey in DMI finance and what are the steps you have taken to ensure data protection in your organization.
We are Cloud geared organisation having security framework on every level be it endpoint, TPA, Mission Critical applications, emails, and many more.
As a part of strategy, continuous Risk Assessments, training the users, ransomware protection are few initial steps taken in protecting our organisation besides perimeter security, logical security and endpoint security. These steps have helped to constantly remain secure and continue with our business.
As banks are putting a lot of controls in their operations, DMI finance being a finance based organization also have any such measures for e.g. collection of payments from defaulters who have taken loans using digital technologies?
We have internally instilled several checks and controls as per international standards which recommends role-based access, maker-checker-approver, AI-based approval mechanisms which has given simpler and effective controls in our loans business. This has improved collection and overall financial position of the company.
What technology you are using to procure the same. Some of the use cases if you can mention.
Besides using traditional decision systems based on cost benefits comparison sheets, we are upgrading to decision systems empowered by digital dashboards generated from our previous years spends vs ROI. Automation of technology procurement processes, and preferred vendor listing has improved our decision-making easier and efficient. The entire life cycle from initiation to approvals has got transparency. The stage of the request and approval is visible to all stake holders including finance department to manage cash flow and provisioning.
Being a financial company there is a lot of risk in maintaining visibility across the ecosystem considering lot of frauds happening. What kind of metrics you are using to measure the effectiveness of any infosec program being implemented.
All entire InfoSec program implemented in the organization is measured in terms of organizational risk appetite. Periodic Training Awareness to all users in addition to various desktop and simulation exercises aids us to be secure from cybercrime. Cybersecurity plays a major role in addressing frauds. We use various metrics like time to detect and time to respond, open source tools and OSINT, which helps in understanding our gaps and guarding our business against frauds.
There is a rapid pace of change in the digital space. What are the most challenging tasks for you as a CISO in digital space as new technologies are being adopted?
Emerging technologies, Security Hygiene, Data Privacy are few challenging tasks, besides integration of the diversified and complicated technologies. Keeping the BAU of the organisation as per the regulatory requirements without significant cyber incidents. Data privacy is one area where we have to remain focused being a finance based organization.
CISOs expect that their network security teams will be enabled with tools to make real-time changes to applications based on observable network flow. They want to see that security policies are being enforced properly and, most importantly, prove that their security strategy is actually effective.
Globally cybercrime is increasing .What kind of compliance you are following in this regard and if you can mention that. What kind of benefits you are getting out of the same?
Being a NBFC we are following RBI as our regulator and all compliances must be met under their master direction. We have instilled their 7 laid down principles which includes Policy, BCP, Service Outsourcing, Continuous Audit, IT Operations, and IT Governance. Compliance ensures in having higher security hygiene and improving the security posture of our organisation.
Training, Awareness for internal employees acts as first shield, while threat intelligence feeds help us to get prepared for the difficult situation. Continuous monitoring of deep web and vulnerability assessments both internal and external ensures keeping the bad guys and cyber-crimes at bay.
Lot of research shows that there are skill shortages in cyber security and the skill gap is widening. What steps you have taken as a CISO in this regard in your organization regarding training of infosec professionals.
Besides technology, process integrations is the biggest challenge. Likewise, skill gaps in cyber security and the widening gap is a real nightmare. We are creating KRA for employees to upskill and upgrade their capabilities. We have given access to many online training platforms for the same. Also, we are initiating Rewards & Recognition for employees who showcase outstanding performance in infosec.
Lastly as COVID19 is spreading as an epidemic and corporates are forced to work from home and remote locations.
What steps can CISO’s and infosec professionals take create more awareness regarding cyber hygiene in this period of trying times as hackers and cyber criminals are on toes to throw challenges and harm any organization?
The total scenario of BCP/DR which was built for mission critical systems is turning 360 degree and going Work from home as new Business as Usual under BCP/DR. The last mile infrastructure is still a big challenge. The collaboration tools are undergoing testing times with high utilisation and impacting businesses. Entire CISOs community is doing their best and ensuring no stone is left unturned. We are releasing constant communication to all employees keeping them informed on security awareness, raising the security hygiene bar of organisation.
In my view “Every Crisis situation gives a great opportunity to learn and improve in life, Cyber Security is no exception. It’s like conquering the unknown. COVID19 has given us lots of lessons and encouraged everyone to be human and move on. For Security leaders this is the golden time to introspect, review and improve their Security Posture and Business Continuity”.