What is the state of cybersecurity in India?
Employees working at companies are not aware about information security policies and procedures.
Organisations are extracting value from data, but are neglecting risks
Cyber attacks continue to become more and more sophisticated, the guidelines on Information and Cyber Security are falling short in establishing controls for crisis.
Beyond the corporate world, the common man is unaware of various cyber scams
What would the threat landscape look like in the next 12 months?
Threat vector is increasing in next 12 months
• Social engineering online and by phone: Attacks both traditional phishing emails and a growing number of phone-based scams
• All online accounts: any online account you open and store personal data in today will be a target for hackers tomorrow, need to be careful about online banking
• Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017
• Smart homes under siege: Smart gadgets for our families, expect hackers to double down on network attacks. Sneak into your network and rifle through your personal data and online accounts
What would be the biggest drivers for security spending in 2020?
• Privacy Concerns Drive Services Spending
• C-Suite Is Concerned About Compliance, Digital Business Risks
• CISOs Want Visibility, Alignment and Analytics
• Security Spend Can Accelerate Digital Transformation
• Security Culture Is a Chief Objective
• Security Services Are Outpacing Software
Has the recent security breaches made people more aware of the importance of security today? How is TVS Motor Company’s cyber security strategy going forward?
– Yes, breach number is increasing and organizations are incurring higher costs in dealing with these cybersecurity incidents with additional adoption of IoT/AI & ML. Given its importance where we do awareness and take appropriate measures to ensure the safety and security of cyberspace to all our employees.
– For the entire crisis management, we started continuous monitoring of all digital device assets, a well-prepared multifunctional team poised to deal with aspects of incident or crisis.
– Well-structured recovery plan can usually limit the damage of operation
– Address any potential threat of legal or regulatory action to the management and determine what legal resource is available to the organisation
– Engage in proactive messaging to other stakeholders about the TVSM security culture and awareness as per readiness
Where do you see the CISO role heading in the future?
CISO must have knowledge of the critical information assets, or crown jewels: where they are kept, for what purpose, and for how long. The CISO should become as knowledgeable in privacy laws and concepts as much as being knowledgeable of security practices. The CISO must know where the data is, how it flows through the organization, and how it is being secured. In the event of a breach, this information becomes crucial for the incident response teams.
CISO should be articulating risks in a business language which means they should be able to empathize with business requirements.
CISOs continue to serve the vital functions of managing security technologies (technologist) and protecting enterprise assets (guardian). At the same time, they are increasingly expected to focus more on setting security strategy (strategist) and advising business leaders on security’s importance (advisor).
Technologist. CISO as technologist guides the design, development, and deployment of secure technical architectures, instilling security standards and implementing innovative countermeasures.
Guardian. CISO’s charge is to monitor the effectiveness of the security program, processes, and controls in place. The guardian addresses considerations such as whether controls are working as intended, data is secure, and information is properly shared.
Strategist. CISO is the chief value architect for all cyber risk investments. The strategist partners with the business to align business and information security strategies, and capture the value of security investments to safeguard enterprise assets. In this role, the CISO possesses deep business knowledge and acts as a credible partner who provides business-centric advice on how risk management can help the business.
Advisor. CISO as advisor understands the implications of new or emerging threats, and helps identify cyber risks that arise as the business advances new strategies. The advisor drives the enterprise to continuously improve its security decision-making and risk mitigation capabilities.