CXOToday has engaged in an exclusive interview with Mr. R.V Raghu, ISACA Ambassador in India and past ISACA board director
“87% of C-suite professionals and board members lack confidence in cybersecurity initiatives” – Why?
One of the reasons for this poor buy-in could be that leadership does not understand the efforts being taken in the organization to ensure and enhance cybersecurity. Cybersecurity professionals would do well to ensure that they communicate on and about the various initiatives being taken on cybersecurity regularly and in simple non-technical language. It also helps if the information provided is presented in business terms such as risks, costs and benefits, improved regulatory compliance etc. Metrics which connect the technical and business aspects such as mean time to detect or mean time to respond could help explain how the technical measures translate into business benefits.
Why 1 in 3 consumers stopped doing business with a company known to have compromised cybersecurity?
Compromised cybersecurity is an indicator of how poorly the enterprise understands risk and what it does about it. This is especially so in cyberspace, where technology use is widespread and where threats abound. In fact, 40% of the respondents in India to ISACA’s recent consumer cybersecurity survey indicated that they would not do business with a compromised company. One must understand what a breach means in the cyber context to understand this better. A cyber-breach is usually preceded by the presence of an adversary within the enterprise’s network for an extended period of time, also known as dwell time. During this time, the adversary may reconnoiter the enterprise planning the attack and also exfiltrate data. Once the breach is discovered and remedied, it may not mean the end, because some remnant of the threat might remain and lead to a future breach. The enterprise also takes a reputational hit which has very long-term implications.
How does cybersecurity help companies to save their data from others?
Cybersecurity, simply put, protects the various cyber assets of the enterprise. Most cybersecurity measures are based on a risk assessment and help keep the risk responses current and up to date. If there is an understanding of what needs protection within the enterprise, it is easy to save data and other assets from attack, thereby keeping them safe.
What are the new ways by which the companies can protect themselves from cyber-crimes?
Companies need to a take a holistic approach to protection from cyber-crimes. As cliched as it sounds, the focus must be on People, Process, and Technologies.
On the technology front, companies should look to consolidate what they do and ensure that various solutions and tools in place talk to each other. This will provide a consolidated view of what is going on and when combined with threat intelligence and adoption of a strategic approach to cybersecurity, can yield great results. The buzz word today is cyber-consolidation. Various tools and technologies should be used to automate the actions the enterprise takes to respond quickly when something happens. Enterprises are adopting SIEM/SOAR which can automate responses when something goes wrong with the intent to prevent.
- People are a key piece of the puzzle, and the global skill shortage also resonates in India. 56% of Indian respondents to ISACA’s State of Digital trust Survey indicated a lack of staff skills and training as a key obstacle to digital trust. Though this might sound old, enterprises should really use all their people resources as an effective ally in the fight against cyber-crime. This means not just training IT staff on cybersecurity measures, but staff organization wide. Especially in today’s world where threats from ransomware, phishing and social engineering attacks are on the rise, training people becomes critical. It is also important that people are made aware of the risks from the various technologies that are being used so that a risk aware approach is adopted, and cybercrimes are nipped in the bud.
Are Indian companies being really aware with the cybersecurity?
The Indian ecosystem is on a maturity continuum that is taking off like never before. ISACA’s recently concluded digital trust survey showed high awareness of the need for cybersecurity with 85% of the respondents indicating that in the coming five years, digital trust will be more or much more important than it is today. The increased thrust to go digital by the government and the rise of the pandemic has made Indian companies sensitive to the downsides of poor cybersecurity, ranging from reputational impacts and increased operational costs, to increased regulatory scrutiny and high risk.
How much do Digital Trust, Cloud, AWS help in Cybersecurity?
In a world heading towards the metaverse, digital trust is paramount. Without trust, the end customer is eventually not going to engage and spend their real and virtual dollars. Digital trust is built on a foundation of many things, including cybersecurity. It is important to note that today every enterprise is a technology company, using technology to enable and sell products and services. By extension, this means all enterprises need to be “on” all the time and accessible to customers globally. This has made the need for technologies such as the cloud indispensable. These new technologies go a long way in fostering and furthering cybersecurity because essentially, services offered by AWS and others need to meet security requirements for a range of customers which means they need to have high minimum thresholds to be successful.
By relying on technologies such as the cloud and other new technologies, enterprises can focus on the business end of the supply chain and rely on other companies that have greater expertise in aspects such as cybers security. This translates into better and improved cybersecurity and digital trust.