As sophisticated cyber threats increase in volume & effectiveness, organizations across all industries are shifting to a cyber defense model

Evolving Landscape Of Enterprise Security Through The Eyes Of CIOs

The following is an excerpt from an industry story featuring Manish Anand, VP & CIO, Infogain, that appeared in ET CIO on 9th November 2022. Read the original news article here

The recent acceleration of digitalization has made organizations re-evaluate their cybersecurity preparedness. In today's hybrid world, we must fortify data with modern surveillance techniques that promote resilience and business continuity. More than ever, organizations must invest in a robust security infrastructure to combat cybercrimes.

Ransomware groups are becoming more sophisticated and are increasing in volume, with 35 vulnerabilities associated with ransomware during the first three quarters of 2022 and 159 trending aggressive exploits. To make matters worse, a lack of adequate data and threat context makes it difficult for organizations to effectively tweak their systems and effectively mitigate vulnerability exposure.

According to Gartner's survey, 57% of organizations work with fewer than 10 service providers for their security needs, as they seek to optimize to fewer vendors in key areas such as secure access service edge (SASE) and extended detection and response (XDR). Organizations want to consolidate their security suppliers to reduce complexity and enhance their risk posture, rather than saving money on procurement. Sixty-five percent of surveyed organizations expect to improve their overall risk posture, while only 29% expect to reduce the licensing spend.

Mitigating cyber attacks effectively

According to a Gartner survey, the three top technology priorities for midsize enterprises in 2022 are risk & security management, application & integration strategies, and infrastructure & operations.

Cybercrime is now a burden to bear. What may be now far more meaningful is preventing information loss. Mitigation of cybercrime is not only an organization's goal; each user of the organization, both inside and outside, is a target as well and hence it’s a shared responsibility. The fundamental steps of computing healthcare work best against cyber attacks, whether the perpetrator is a result of phishing, ransomware attacks, or breaches.

These practices strengthen the security landscape, and when combined with advanced tools, a discretionary framework for information disclosure, and regular audits, they can help mitigate cybercrime scenarios to a considerable extent.

“Installation of updates and patches, whitelisting applications, proper settings for macros used wherever they are, hardening of assets and applications, regular Vulnerability Assessment and Penetration Testing (VAPT) and its remediation, and proper use of administrative privileges are some of the most basic things that users in their personal or professional lives can adopt,“ said Manish Anand, VP &CIO, Infogain.

These practices strengthen the security landscape, and when combined with specialized methods, a discretionary framework for information disclosure, and regular audits, they can help mitigate cybercrime scenarios.

Cybersecurity can’t be ignored anymore

In recent years, the Indian government has placed a high value on cyber safety and data privacy. Overcoming the laxity and gaps in the IT Information Act, robust Data Privacy laws have been enacted. The legal framework has been revised, and laws regarding cybercrime and cyberterrorism have been strengthened.

However, industry and public awareness in this matter are still low. Despite the growing number of technology users, the general public still lacks basic knowledge of the subject, and more work is needed in this area.

"A distributed architecture of both Web 3.0 and Metaverse lowers the risk of compromise at one location invading all records. Hacking becomes difficult as the number of targets multiplied. But at the same time, both Web 3.0 and Metaverse collect a huge amount of data. The risk of hacking always increases as the number of data increases, and approaches can be put into place to prevent issues as data volumes scale.”

While the BFSI sector has watchdog groups that have been impactful in laying down strong rules which have kept the pressure on enterprises, little has been done outside of the BFSI sector. “With DGCA being a slight exception, other industry verticals lack such strong governing bodies. Unlike Europe or America, India lacks strong rules on information security that help govern the day-to-day information usage across the general masses and the technology they use. Going forward, there is much to be accomplished at the ground level,” Anand adds.