CEOS MUST VIEW CYBERSECURITY HOLIS­TI­CALLY

Mint ST - - TECHNOLOGY - EX­PERT VIEW AKHILESH TUTEJA

As tech­nol­ogy ad­vances and busi­nesses be­come more tech­nol­ogy-driven, the rate of cy­ber­crimes is likely to in­crease ex­po­nen­tially. Ac­cord­ing to re­search firm Gart­ner, in 2017, busi­nesses are likely to spend over $90 bil­lion to se­cure their sys­tems against po­ten­tial cy­ber­at­tacks, which is ex­pected to reach $113 bil­lion by 2020.

The first two quar­ters of 2017 saw cy­ber­at­tacks rang­ing from leaks re­lated to voter record in­for­ma­tion, leaks of spy tools from the US in­tel­li­gence agen­cies to the out­ra­geous ran­somware threats. Wan­nacry ran­somware spread around the world af­fect­ing thou­sands of pub­lic and large cor­po­ra­tions; an­other mal­ware, Petya, was mod­i­fied to be more com­plex and caused dev­as­tat­ing im­pact at even higher lev­els. While the world was still re­cov­er­ing from the im­pact of th­ese at­tacks, HBO be­came a tar­get for the cy­ber un­der­world, where hack­ers claimed to have stolen an es­ti­mated 1.5 ter­abytes of data and de­manded about $6 mil­lion to stop the leaks.

In­dian en­ter­prises have also in­creas­ingly be­come a tar­get for cy­ber­at­tacks. Ac­cord­ing to the In­dian Com­puter Emer­gency Re­sponse Team (CERT-IN), In­dia has seen a to­tal of 171,000 cy­ber­crimes in the past three years with 27,482 cases be­ing re­ported between Jan­uary and June 2017. Given the growth of cy­ber­crime in­ci­dents in In­dia, board mem­bers and C-level ex­ec­u­tives of many com­pa­nies are forced to iden­tify the spread of ever-chang­ing cybersecurity risks as one of the great­est chal­lenges for their or­ga­ni­za­tions. Last year, In­dia wit­nessed one of the big­gest se­cu­rity breaches, plac­ing about 3.2 mil­lion debit card users at high risk. Fur­ther, ac­cord­ing to a study, mo­bile apps of seven In­dian banks were found to be in­fected with mal­ware. There have been a lot of opin­ions on the kind of harm that cy­ber­crim­i­nals are ex­pected to cause to var­i­ous sec­tors. While the bank­ing and fi­nan­cial ser­vices mar­ket faces the great­est cybersecurity risk, In­dia also aims to trans­form it­self dig­i­tally on the back of the Dig­i­tal In­dia ini­tia­tive un­der­taken by the govern­ment, which, con­se­quently, may lead to greater risk for govern­ment bodies, as con­sumers are mov­ing to­wards dig­i­tal trans­ac­tions us­ing smart­phones. In­dia’s cybersecurity pre­pared­ness has been chal­lenged—a case in point be­ing the re­cent HBO cy­ber­at­tack that fo­cused on the vul­ner­a­bil­ity of our me­dia and en­ter­tain­ment in­dus­try, as an un­re­leased episode of HBO’S Game of Thrones was leaked on­line.

Ac­cord­ing to KPMG In­dia’s CEO Out­look Sur­vey 2017, over 89% of In­dian CEOS agree that mit­i­gat­ing cy­ber risk is now at the top of the board­room agenda, and al­most 84% of them plan to in­vest sig­nif­i­cantly in it over the next three years. About 45% of the CEOS sur­veyed in 2017 said that they feel pre­pared for a cy­ber event, up from 17% in 2016. While CEOS now feel they have a bet­ter un­der­stand­ing of cybersecurity, many still do not ‘own’ cy­ber to the ex­tent where they need to prop­erly man­age risks as­so­ci­ated with it.

An­other high­light from the sur­vey is hu­mans have emerged as one of the weak links in cybersecurity at­tacks and it is im­per­a­tive to fo­cus on cy­ber hy­giene and aware­ness. About 62% of In­dian CEOS ac­knowl­edge that the big­gest threat to en­ter­prise se­cu­rity lies within an or­ga­ni­za­tion in the form of its own em­ploy­ees, who have ac­cess to sen­si­tive in­for­ma­tion and com­pany as­sets. This puts the staff at an in­her­ent risk, a chal­lenge com­pounded by the al­wayscon­nected en­vi­ron­ment that they op­er­ate in. Know­ingly or un­know­ingly, in­sid­ers could pro­vide an open­ing for ma­li­cious ex­ter­nal at­tacks.

The ‘fear fac­tor’ apart, there is an­other very good rea­son to view se­cu­rity dif­fer­ently—it has the po­ten­tial to gen­er­ate rev­enues and achieve dif­fer­en­ti­a­tion for busi­nesses. Un­til re­cently, cy­ber was con­sid­ered part of risk and was seen as a func­tion of the in­for­ma­tion tech­nol­ogy (IT) en­vi­ron­ment. How­ever, CEOS are now grad­u­ally be­com­ing cog­nizant of the busi­ness op­por­tu­ni­ties in build­ing cy­ber re­silience across the board: 76% of CEOS view cybersecurity as an op­por­tu­nity to in­no­vate and find new rev­enue streams. At a time when clients and con­sumers are wary of se­cu­rity breaches, busi­nesses are em­ploy­ing dig­i­tal tech­nolo­gies to cre­ate value and in­crease op­er­a­tional agility for com­pet­i­tive dif­fer­en­ti­a­tion—a well-de­signed cybersecurity pro­gramme can help or­ga­ni­za­tions build trusted cus­tomer re­la­tion­ships.

With the grow­ing so­phis­ti­ca­tion of the cy­ber­world and pace of cy­ber­at­tacks, the need of the hour is to deal with cybersecurity in a holis­tic man­ner, rather than treat it as a tech­nol­ogy risk alone. As the na­ture of the threats evolves, so should an or­gan­i­sa­tion’s ef­forts to se­cure its data and in­tel­lec­tual prop­erty. The cur­rent IT en­vi­ron­ment de­mands that we look beyond tra­di­tional se­cu­rity mea­sures and, in­stead, cre­ate an agile and flex­i­ble se­cu­rity ca­pa­bil­ity.

Akhilesh Tuteja is part­ner and head of risk con­sult­ing, KPMG in In­dia.

COL­UMN

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.