View from India: Cyber security requires resilience

India is among the world’s top three countries when it comes to phishing attacks and malware.

Cloud is the platform for security as a service; which is why leading companies adopt new agile security providers. They invest in foundational cloud security and architecture. They blend commercial security solutions with their own repositories of cloud security tools.

The growing investment in cloud can also be attributed to the fact that many verticals have leapfrogged from 2G to 4G. And now, the country is awaiting 5G, the next transformative wave of growth. The cloud security ecosystem needs to be scaled up. More so as many citizen-related services are being uploaded on to the cloud for smooth operations.

Ekta Mishra, the Cloud Security Alliance (CSA) country manager for India, puts some numbers to the trend. “As per the January 2019 IDC Report, the cyber infrastructure revenue has expanded. India’s IT spending is $2.9 billion. The potential of cloud is being leveraged by technologies like artificial intelligence (AI), blockchain and machine learning (ML),” she said, speaking at the CSA Bangalore Summit 2019.

When we look at responsibility for cyber security in an organisation, the chief information security officer (CISO) forms its vortex. The CISO ensures information assets and technologies are adequately protected. CISO is a relatively new role created in a company. It’s required because CISO’s role is expansive. It goes beyond information security to safeguard the entire spectrum. This includes infrastructure protection, which extends to routing, authentication and coding practices. It’s a role which calls for forethought to lock down systems in a strategic manner. Holistic functional security is required to protect the reputation of the company. 

Then, tech gaps need to be filled in the cyber security space by educating users. In practical terms, it’s about refraining from clicking or downloading malicious links. 

Malicious email attacks are increasingly penetrating into organisations. These are in the form of documents, voicemails, e-faxes or PDFs and spring into action when the individual opens his or her email box. “Email data in healthcare and other verticals are subject to attacks. Hence every organisation requires a cyber security resilience strategy. This equips the organisation to face adverse events and bring continuity to the business,” added Anoop Das, Mimecast enterprise manager, Middle East and India.

Often, data breaches and hacking begin with some sort of email threat. An email threat may seem something small. We all know it as spam, spoofing and phishing attacks, which actually have a snowball effect. The ultimate is that email data is compromised; and customers lose faith in a company, leading to huge losses.

This is where cloud-based security solutions fit in, with their customised security offerings. These include detection engines that help detect any form of security threat.

The organisation needs to be secured before any attack and not vice versa. By doing so, there will be continuity in the business. “Cyber security is required from the quality perspective. Bangalore is a hub of start-ups and that includes cyber-security start-ups. They are disrupting the cyber-security landscape through cost-cutting solutions and by reducing surface attacks,” reasoned Ravikishor Mundada, CEO of the Government of Karnataka’s Centre of Excellence in Cyber Security.

Cyber-security collaboration requires the right direction to give structure and shape to the industry. “Global spending on spreading awareness on cyber security has been around $1.5 billion. Awareness happens through videos showcasing use cases. This needs to be plugged into the institution’s module,” explained Das.  

Apex bodies and institutions need to offer training courses in cyber security. On its part, CSA has launched the Certificate of Cloud Security Knowledge (CCSK), which is a cloud security user certification, along with the Cloud Controls Matrix (CCM), the meta-framework of cloud-specific security controls mapped to leading standards, best practices and regulations. CSA works with providers, government and industry, and has over 30 chapters in the Asia Pacific (APAC) region.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles