In an exclusive interaction with CISOConnect, Kalpesh Doshi, CISO, India at FIS, highlights the cyber security challenges of CISOs and offers suggestions to resolve the security issues.
1) In the context of uncertainty due to the COVID-19 pandemic, what are the key cybersecurity challenges that InfoSec leaders are experiencing?
Many unfamiliar processes and technologies are paving way for digitally exchanging unprecedented amounts of sensitive data by a distributed workforce, using personal devices and home networks. Allowing access from unfamiliar terrains, along with ease of availability of shadow IT, is an additional security risk to organizations.
The COVID-19 situation has become a fertile ground for cybercriminals and scammers. Many users and administrators seem to be undertrained for the situation, particularly with the possibility of connecting from poor networks and systems. Organizations have to reassess their risk, identify new exposures, and review compliance with regulatory requirements, etc.
Clearly, the Chief Information Security Officers (CISOs) and the IT / Cyber security team can expect a gruelling year ahead.
2) Businesses have been exposed to greater cybersecurity risks due to Work From Home (WFH) — how does your team counter security risks that threaten your organization’s cybersecurity posture?
While the Internet has been a game-changer, the various IT systems has limitations when you operate outside the physical boundaries of your organization, or in a borderless network. Hence, the data security and privacy of employees, their organization, and clients is a major concern.
Some of the basic security initiatives which can be undertaken by organizations are creating a awareness about basic cyber security sense and use of multi-factor authentication. It is recommended to always use a VPN to establish a secure connection to your organization application’s data.
3) What is the major shift in your cybersecurity strategy that aligns with your organisation’s business goals?
The recommended strategy is to keep an eye on global events through Threat Intel and deftly take requisite actions. Make the required changes in user awareness and training, and predicting user behaviours, including the possibility of individuals connecting from unsecured networks and poorly configured routers and devices.
Some cybersecurity strategy involves that you have an updated inventory of your digital assets which includes shadow IT. Also ensure the access is restricted using the principle of least privilege. A strong process should be put in place for access revocation. Patching your systems and keep them up to date with the latest patchesis is also a key process. Lastly, reassesses your security risks and exposures to ensure that any risks are identified and fixed before being exploited by adversaries.
4) How do you see the future of the IT Security Industry in terms of innovation and sales when there is a slowdown due to the global financial crisis?
Cyber security today is an key component of global business and the future lies in cyber security. Hence we can see continued support for security initiatives, including the allocated budgets.
In future, more and more organizations will embrace cloud computing, open their networks to enable borderless collaboration, expand their customer base, and enter new markets. Hence the demand for the cyber security technology and solutions will also continue to grow.
5) Based on your experience, give us an insight into the hardship and challenges for the budding InfoSec leaders in the coming years.
Some of the challenges faced almost by every CISO are:
1. Aligning security with business goals. A successful CISO will ensure that an organization’s security strategy is built to help the business to achieve its goals.
2. If the organization is planning to embark on a new digital platform, it is critical to ensure that the CISO has an understanding of the platform and that they have sufficient time to build skills required to protect information assets. This can be addressed through design authority where the CISO is an integral part of the technology decision-making process. Securing disruptive technologies is always a huge challenge, whether it is IoT, Cloud, or Mobile Computing.
3. All CISOs along with the team need to undergo rigorous training to keep themselves abreast of the evolving threat landscape. CISOs should ensure sufficient budget and ensure that each team member undergoes mandatory hours of training every year.
4. Eventually, CISOs will have to demonstrate skills to motivate and lead their teams to achieve business goals. Every organisation needs leaders who can guide the teams through unseen obstacles and challenges that await for them as they voyage into the digital ocean.
We love to hear from our readers. Send us an email at email@example.com / firstname.lastname@example.org