Aeris Communications committed to providing secure network for customer data

CXOToday has engaged in an exclusive interview with Sameer Mahapatra, Country Manager-India & SAARC at Aeris Communications

1. How do businesses commonly encounter challenges when establishing a secure and risk-free infrastructure?

Businesses are increasingly prioritizing cybersecurity due to the severe financial and reputational consequences associated with data breaches.

Cybersecurity and privacy worries remain two of the chief hurdles to IoT adoption, and by extension, broader digital transformation in the industrial realm. A 2017 European-focused Accenture survey revealed that the topics were top of mind for 70 percent of 250 industrial leaders. Other research involving North American and Asian industrial companies have reached similar conclusions, including The IoT Institute IoT Implementation Practices Survey from last year. Similarly, reports from the Minister of State for Electronics and Information and Technology, revealed that India witnessed 13.91 lakh cyber security incidents in India in 2022. Data leaks can expose sensitive user information, in addition to inflicting enormous financial damages. Customers are at danger of having their private and confidential information misused in such circumstances. A single data loss incident can have significant effects on a company’s growth prospects as well as its public image.

When establishing a secure and risk-free infrastructure, businesses face a wide range of cybersecurity threats, such as malware, ransomware, phishing attacks, and data breaches. These threats can compromise the integrity, confidentiality, and availability of their infrastructure and sensitive information. Many firms also struggle with a lack of awareness and understanding of cybersecurity best practices among their employees and with the complex IT systems these days, managing the security of these systems can be challenging, especially when there are different technologies, vendors, and platforms involved.

It is a known fact that ‘You Can’t Protect What You Can’t See’ – Visibility is critical to minimizing threat vectors as the threat surface for IoT devices expands. For instance, back in 2015 Fiat Chrysler had to recall 1.5 million cellularly connected vehicles including Jeep Cherokees, Jeep Grand Cherokees, Dodge Vipers, Dodge Challengers, and several other models because of a software bug. Researchers discovered that they could exploit the bug to hijack a Jeep, not only controlling every single component of the car and commanding it to do whatever they wanted but also gaining access to Fiat Chrysler’s entire deployment of connected vehicles. Gaps in IoT security visibility prevent timely detection of malicious activity and data exfiltration while also jeopardizing compliance with certain industry regulations like Personal Identifiable Information (PII), Payment Card Industry Data Security Standard (PCI), and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

To address these challenges, businesses should adopt a multi-layered security approach that includes implementing strong access controls, regular security assessments, employee training programs, incident response plans, and staying updated on the latest security practices and technologies. Collaborating with cybersecurity professionals and adopting industry-recognized security frameworks can also help businesses establish a secure and risk-free infrastructure. Next-generation, purpose-built IoT security solutions are designed to provide continuous operational behavior visibility and analytics. By leveraging advanced machine learning capabilities and algorithms, enterprises become empowered to prevent, detect, and respond to the evolving cybersecurity threat-scape. Aeris’ real-time network visibility and machine learning capabilities allows dor continuous monitoring of IoT network activity that complements and strengthens existing security strategies. It enables rapid detection and remediation of security incidents which are tracked and managed through a user-friendly dashboard that visualizes indicators of compromise (IoCs), deep forensics, actionable alerts, and immediate response and ensures sompliance with standards and best practices thanks to risk-scoring algorithms that are dynamically updated to reflect the growing cybersecurity attack surface in real time.

2. What key considerations should IT companies prioritize to effectively protect both employee devices and company data?

Implementing a comprehensive security strategy centered on personnel, policies, procedures, and technological controls is the best way to safeguard your personal data. By doing this, you may lower the danger of a breach and make sure that your company can compete in the current digital era. According to a report by Tenable, a cyber exposure management company, 2.29 billion records were exposed globally in 2022 due to data breaches, with India accounting for 20% of the total. Companies need to prioritize safeguarding their data by implementing advanced security measures, providing training to employees and also ensure consumer’s data is being protected while using the services.

Organizations must implement policies and procedures for remote employees that specify the need for firewalls, encryption, and password protection and classifying data and communications as sensitive, confidential or public. This would aid in concentrating efforts on protecting the company’s most valuable assets. Providing regular training and awareness programs helps in educating employees about the best practices for device security, data protection, and identifying and mitigating potential security threats such as phishing attacks. Outdated software and unpatched vulnerabilities can be exploited by attackers, so ensuring that employee devices are regularly updated with the latest security patches and software updates is crucial.

As more individuals in India use online services and digital platforms, cybersecurity is becoming more and more crucial. Organisations, enterprises, and individuals must understand the patterns and risks as the threats advance in sophistication in order to defend against cyberattacks.

3. What is your outlook on the cybersecurity landscape in India? Are we prepared to combat the new threats of the digital age?

India has quickly emerged as one of the world’s fastest-growing technology hubs, but this has also raised the potential of cyberattacks. Indian businesses are dealing with a wide range of security issues, such as financial fraud, data breaches, and even state-sponsored attacks. According to the “2023 Global Cybersecurity Skills Gap Report,” 24% of Indian firms had five or more breaches. Additionally, with the proliferation of IoT devices and the adoption of emerging technologies such as artificial intelligence, cloud computing, and blockchain, new attack vectors and vulnerabilities are emerging.

Throughout many industries, regulatory scrutiny has significantly increased over the last ten years in India. As a result, firms now need to implement more rigorous risk management procedures and pay higher compliance fees. The demand for firms to be open in their operations and to show that they are properly managing risks has increased as a result of regulatory developments. The Indian government has also taken several initiatives like the National Cyber Security Policy (NCSP) 2013 and the National Cyber Security Strategy (NCSS) 2020 have been formulated to provide a framework for securing cyberspace and protecting critical information infrastructure.

The cybersecurity landscape in India is evolving rapidly, driven by the increasing digitization of various sectors and the growing reliance on technology. A strict cyber workforce is essential at this point in time, when demand is expanding across the board. Companies must be on the lookout for new risks and problems as the business environment changes. A strong and thorough risk management programme can assist businesses in reducing risks, improving their decision-making skills, and ensuring company continuity in the event of a disruption.

4. What role do company leaders play in building a strong cybersecurity talent base?

The increasing vulnerabilities and attacks present a unique chance for top company leaders to establish a robust cybersecurity culture that guides individuals towards desired actions and behaviors. Cybersecurity has become a significant focus for business leaders, with PwC reporting that 48% of CEOs are increasing their investments in cybersecurity and data privacy. The spotlight is on CISOs (chief information security officers) and cybersecurity leaders, who are under pressure to keep their organizations’ IT landscapes and data safe from attackers.

CISOs must still maintain a fine balancing act of keeping data safe, bolstering IoT security measures, and preventing attacks, while supporting growth and innovation so organizations can flourish. They  should recognize the importance of cybersecurity and incorporate it into their strategic planning. As they balance these requirements, here are four strategies CISOs can use to vastly improve the security of their IoT ecosystems.

1. Adopt an Enterprise-Wide Zero Trust Mindset: The first step in bolstering your organization’s IoT security is to adopt a cautious company-wide mentality. Organizations must be on the lookout for intrusion attempts, and ready to stop bad actors from gaining entry into their IoT networks. CISOs and cybersecurity leaders should also encourage proactive monitoring and preparing for potential IoT network intrusions. This offensive mindset ensures organizations are never playing catch-up to an IoT intrusion and enables them to act faster to deal with the situation and protect their IoT environment and assets.
2. Implement Robust Employee Security Training Programs: Consistent security training is simply one of the best ways to combat intrusions such as phishing attacks and malware, which are costly for organizations. Just last year, malware attacks on IoT networks cost organizations an estimated $2.8 billion. On a macrolevel view, all total cybercrime is expected to cost a collective $8 trillion – a sum equal to the third largest economy in the world, behind the United States and China. By instituting consistent employee security training, organizations help their workforces from falling victim to these threats. However, CISOs and cybersecurity leaders must go deeper than generic training designed to simply meet certain benchmarks. Employees need consistent training and must learn how to recognize intrusion attempts. For example, organizations can send test phishing emails to their employees to gauge their ability to discern and deal with an attempted intrusion.
3. Prepare IT Environments for Remote Work: It’s obvious that as we emerged from the COVID-19 pandemic, hybrid work environments have steadily become the new normal for many office jobs. In fact, many people prefer hybrid work environments today. It’s important to give your employees the means to be secure, even when they are not at the office.
4. Leverage Robust IoT Security Solutions to Protect IoT Investment: While these actions go a long way in protecting your IT and IoT environments, they cannot stop every single intrusion. Since most IoT environments are often made up of hundreds – or thousands – of connected devices, IoT security solutions are particularly useful, as they leverage device behavior data to understand what are – and are not – normal network behaviors.

5. How is Aeris implementing its practices & solutions in curating a safe and integrated cybersecurity infrastructure?

Aeris is committed to providing a safe and protected network for critical assets and data. The Aeris Intelligent Security Centre (AISC) offers behavioural analysis, constant non-intrusive monitoring, and the capacity to identify rogue actors or offline devices. It confirms that conversations are indeed taking place over encrypted channels even when encryption is deployed at the application layer. It is more scalable, regardless of the size or scope of your IoT deployment now or in the future, or the kind of IoT devices you need to monitor.

The average cost of a cybersecurity data breach in the U.S. is estimated at more than $4 million. However, with the right IoT security strategy in place, it’s possible to mitigate those risks.  Aeris launched the IoT Readiness Calculator, a free online tool to help determine enterprises’ level of preparedness for deploying IoT solutions and Security is one of the important element that the Aeris IoT Readiness Calculator takes into consideration.

Aeris not only takes care security of its own infrastructure, it also spreads awareness about the upcoming possible threats and vulnerabilities by regularly hosting webinars and writing blogs for benefit of the whole ecosystem.

We belive that it’s important to give our employees the means to be secure, even when they are not at the office. We preload a VPN service on employee laptops, which they can leverage when working remotely. We also conduct training sessions for employees and their families on phishing and cybersecurity issues. This fortifies home networks, which can be compromised and lead to an intrusion of employee devices on the family network. Taking steps like this will enable organizations to accommodate hybrid work schedules and protect their IT environments.

To minimize the risk of compromise, organizations aiming to enhance IoT security should prioritize the implementation of a comprehensive security policy. They should also adopt effective solutions capable of identifying real-time threat intelligence. By leveraging AI, organizations can improve their ability to detect patterns of threats, data breaches, and irregularities, and respond swiftly across multiple networks in a coordinated manner.