Cybersecurity is no longer a realm of erstwhile information technology (IT), finance or even a chief information officer (CIO) function. Today, it has the attention from senior board members. Organizations have realized the enormous amount of impact that security breach can have on their reputation and their ability to continue in the business.
This is coupled with the fact that there is a fast changing business and customer experience landscape due to the advent of emerging digital transformation technologies such as artificial intelligence (AI), Big Data, and Machine Learning.
According to a study that analyzed 12 developed economies, AI has the potential to double their annual economic growth by 2035. Another report estimated that the Industrial Internet of Things (IIoT) could add $14.2 trillion to the global economy by 2030. With such an explosion of technologies as well as the rapidly evolving technology landscape, we will see targeted efforts to compromise organization data, governments, utilities, health devices, etc. in the times to come. No wonder, CISOs are up against an ever growing threat landscape. There is a shortage of skilled cyber security professionals. Moreover, non-technical employees lack the awareness of cyber security best practices. All of this combined makes a CISOs life tough. It is in this context thatMuqbil Ahmar, Executive Editor, Grey Head Media spoke with Kalpesh Doshi, Chief Information Security Officer, APAC, Group IT, Capgemini Technology Service India Limited.
Muqbil Ahmar (MA): How do think cybersecurity will impact business in the context of today’s threat landscape?
Kalpesh Doshi (KD): The threat vector has never been so vast. With all devices being connected to the Internet, it also implies that a single weak or unpatched system in your environment can create a huge risk for the organization. We will also realize that conventional methods to secure organization data may not stand good with rapid changes to underlying infrastructure and data flow within the organization.
MA: Do you think the use of Artificial Intelligence (AI) and Machine Learning (ML) can enhance security defense efforts?
KD: It will, eventually, but today we are unable to make use of data available through conventional norms. There is a data overload, there is a need to orchestrate all different elements of security to play harmoniously to make the music pleasant to business and leaders. Today, it is not synchronized; hence, creating a huge gap between business expectation and security solutions. Also, for AI to be successful, we will need to standardize processes to gather and analyze data across all devices/applications.
Voice and visual search-based queries will continue to grow and innovation is expected in this space, for example, Google Home. The IT security roles will have to evolve to manage AI and ML technologies. Deeper analysis of Big Data will also be necessary.
MA: What is your recipe to mitigate advanced threats such as zero-day exploits, ransomware, and others?
KD: It requires common sense and simplification of your IT set-up. While it is absolutely impossible to live without having to deal with such a scare, the following hygiene steps will prepare companies and organizations to face it with confidence:
- Standardization of software and technology used in an organization to limit exposure
- Inventory of all devices and applications that host sensitive data
- Strong rules on Firewalls / IPS that is monitored regularly to detect anomaly
- Combination of signature and anomaly-based perimeter security solutions to proactively identify risks
- Harmonized SIEM and log analysis to help understand the sequence of events. SIEM can throw a lot of interesting facts about unusual activities in your environment. Strong details on Indicatory of Compromise (IoC) will help organizations mitigate the risk more proactively
- Endpoint protection, malware protection on email gateway
- DLP and Internet Access restriction
- Restrict Admin access to end users systems that way we know it would be difficult for a hacker to run their executables
- Robust patch management system and software update: most of the risk can be mitigated by applying vendor suggested security patches on time. Patch management policy is necessary and teams should focus on closure of identified gaps
- Document, test, re-test security Incident and crisis manage plan as it is not a question of whether your organization will be hit, it is merely a question of when it will be hit. Organization response during an event will determine whether they come out successfully from any security event.
(Disclaimer: Views expressed here are of the author and do not necessarily reflect that of the organization he represents.)