WITH THE RISE OF DIGITISATION, THE WORST IS YET TO COME
Jyoti Prakash is Country Director of Enterprise Security Business, Micro Focus India. He says that at least 4 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches in 2019
Jyoti Prakash is Country Director of Enterprise Security Business, Micro Focus India. He says that at least 4 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches in 2019 Has 2019 been a bad year for cyber security?
Data breaches have gained a lot of attention owing to the rapid evolution of digitisation. Businesses of all size, nowadays, have become increasingly dependent on digital data, cloud computing and workforce mobility. With data being stored on machines, database and servers, invading a company’s data has become simple.
Whether it is the recent Poshmark breach, Capital One breach, Bulgaria’s National Revenue Agency breach, NASA breach or Facebook breach, millions and millions of users have been affected worldwide. If you look at it, on an average, every 10th day of the month you see another breach happening across
every corner of the globe.
Given the rise of digitisation, we feel that the worst is yet to come. We will see an increase in targeted ransomware attacks – criminal groups continue to target businesses, banking, health care providers, and, most visibly, local governments with these brash hacks. At least 4 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches in 2019.
According to a recent report revealed by EY, more than threequarters (87%) of organisations do not yet have a sufficient budget to provide the levels of cybersecurity and resilience they want, a reason why data thefts are happening. In India, we feel that 2019 will be a challenging year for security professionals. These new threats and challenges prevailing in the country will incite professionals to think differently in order to address the same.
Going forward, companies need to ensure that sufficient budget is provided to help overcome the growing concerns of cybersecurity. Additionally, they will have to invest in upskilling their security professionals so that they can get ready to address and respond to known, unknown threats. While this year has seen a lot of cyber-attacks, we are confident that companies will come up with more features and solutions that will help reduce such incidences.
What are the further threats we can expect as digital transformation cases are on the rise?
The advent of immersive technologies is causing firms to reimagine traditional business models and innovate new ways to leverage data for growth. According to a recent IDC research, two-thirds of the CEOs of Global 2,000 companies will shift their focus from traditional (offline) to modern (digital) strategies in order to improve customer experience, before the end of 2019 – with 34% of companies believing that they will fully transform themselves digitally within 12 months or less.
As threat landscape continues to evolve, companies need to adjust their strategies. There is a tremendous value with having the right combination of technology products and processes in the digital transformation journey. An agile enterprise can thus, help act rapidly and react to changing data, competitive conditions and strategies to succeed and guard against disruption. Additionally, DevSecOps is going to lead this transformation journey, as applications are becoming business drivers. They are also becoming more prone to targets. We feel that a wholesome security strategy, embedded in each stage of application development cycle, would be the right move ahead.
What will be the dangers in Industrial IoT (Industry 4.0)?
Industry 4.0 or the increased connectivity of smart machinery indicates a new age of connected, smart manufacturing, responsive supply networks, and tailored products and services. It strives to marry the digital world with physical action to drive smart factories and enable advanced manufacturing. While Industry 4.0 plans to enhance digital capabilities, it will also bring new cyber threats, for which the industry is still not prepared.
If we look at 2019, half of the year is already on the books and there have certainly been data breaches, supply chain manipulations, state-backed hacking campaigns, cyberwar, etc. to show for it
Will AI-ML make our systems safer or will they lead to their own host of problems?
As we are going ahead with the fast-paced digital environment, we see a drastic rise in data volume – this leads to a requirement for a strong cyber breach defence framework. We need to implement a holistic security framework to identify, protect, detect, respond and recover from cybersecurity threats – AI & Analytics can help only if it is implemented in the right manner. Acquiring data from historical threads and baselining the same is of utmost importance in order to detect threats properly and efficiently. This will in turn, help reduce millions of threat incidences into limited “Threat leads” and AI framework will play a critical role here.
What exactly is a Security Operations Centre (SOC) and why should enterprises invest in it?
SOC has a single co-relation engine, along with a single dashboard, which collects lots of technologies and gives a holistic and real-time view to any end customer. In fact, it is a journey that one needs to take and even if one invests in a SOC, it is pertinent to figure out whether the SOC is functioning efficiently or not. With an integration of SOC with multiple products – coming from multiple sources, real-time analysis that one gets, visibility that one has, compliance level and policy that needs to be enforced, are the trigger points that define the efficiency of a SOC. So, any organisation who has already invested in a SOC will be able to identify if there’s any data breach that is happening or is about to happen. This is the reason why SOC came into the market and over time, it has become much more intelligent.
Are CIOs/CTOs able to keep up with the abovementioned threats and what more do they have to do to keep their enterprises safe?
CIOs/CTOs need to spend time and effort to reduce business friction, minimise wasted time and resources. They should work together to minimise the historical tension between IT and rest of the organisation. CIOs/CTOs, as leaders, need to increasingly teach others how to respond to coming transformation and be adept at selecting the most efficient IT platform and employing agile, lean development practices. Additionally, they need to take out time to train their IT professionals on company’s business culture and customer expectations, for a better and safe enterprise.
Is cyber insurance necessary and what kind of insurance should be done?
With digital transformation on the rise, security concerns have also risen. Today, majority of us use smartphones/laptops and carry out financial transactions not just from our personal gadgets, but also from office computers and public internet connections. Accessing personal information from various devices, hence, exposes us to different types of connectivity risks. It is, hence, imperative for us to secure data.
While cyber insurance cannot stop cybercrime from happening, it can help maintain/stabilise a business’ financial structure, should a significant security event occur. Any organisation that collects, stores and maintains customer data or facilitates and stores online transaction data, or uses cloud, should ensure adding cyber insurance to its budget. This will help save organisations from huge business loss in terms of financials.