Post Your Comment
Meet The Fixers: 8 Experts Who Have Reinvented Cyber Security
Cyber security is undoubtedly a global problem today. Cue in the entry of "The Fixer" — the company's safest bet against hackers.
The world in 2017 was witness to an inordinate number of cyber security meltdowns. At home, Indian Computer Emergency Response Team (CERT-In) stated that until June 2017 alone, India witnessed more than 27,000 cyber security threats, which translated to a cost of over $4 billion. Experts predict as more business operations get networked, losses from cyber security threats could touch $20 billion over the next ten years.
79% of Indian organisations have identified cyber security as one of their top 5 business risks. Today’s cyber threats are all pervasive and the rise of connected devices in enterprises has rendered even the ubiquitous printer to evolve into a trapdoor. After all, they are also computers with memory and processor and more often than not outside the network firewall. In this context, today’s CIO has assumed a far more prominent place in the strategic thinking of any business. We profile eight of the most resilient information security experts who have brought some serious firepower to cyber security. They are “The Fixers” who are reinventing security and making sure vulnerability leaves the building.
Wonder why we are calling them Fixers? Watch the below:
BEATING THE HACKERS
Raja Ukil: Phishing For SolutionsSenior Vice-President and Chief Information Officer, Wipro Limited
“Each phishing email is drafted to be unique and designed to be polymorphic. A traditional signature-based detection technology will be unsuccessful in detecting / protecting against phishing threats and does not consider human action. This lacuna in the technology is highly exploited by attackers.
Senior Vice-President and Chief Information Officer, Mphasis Limited
“Finding the right tools and technology (eg: firewall) is easy. However, it is very critical to ensure all these tools and technologies are integrated to bring out the intelligence to act on time. It is equally important to ensure people-process-technology goes hand in hand. Hence, the focus on end-user awareness to avoid phishing attacks and malware attacks is extremely critical. Protecting Wi-Fi network, printers, among others, are also essential to avoid mitigating all vulnerabilities across the enterprise network.”
Chief Information Security Officer, GE South Asia & Sub Sahara Africa; General Electric (GE)
“GE Digital ‘OpShield’ technology inspects communications and commands on the OT network, providing visibility into what is happening in your controls network. This unique inspection technology lets you see and apply policy down to the command and parameter level. It lets you enforce policy across the OT network and protects control systems and assets to ensure integrity and continuity of operations. GE also has an “Achilles Test Platform” that enables device manufacturers to test for communications robustness. “
Rejo Thomas: Exercising Caution
Chief Information Security Officer, Exide Life Insurance
“This year is likely to be the year of more widespread adoption of AI powered attacks.
Red teaming and security-portfolio-analysis exercises are two such exercises that help you with cyber security. A red teaming exercise typically involves high-level adversarial objectives that include gaining access to customer information. This also involves good amount of social engineering, which puts to the test all the awareness sessions you may have invested in your employees.
A security portfolio exercise involves usage of cyber security frameworks to arrive at a maturity score for each of the categories and an overall maturity score for the organization. This also gives an insight into whether security investments are adequate/ overdone/ inadequate in certain categories.”
Vijay Kannan: Mission Security
Chief Information Officer, Hindustan Unilever Ltd & IT Director
“Both intensity and frequency of cyber security threats have increased in the recent past and we have ensured all endpoints including laptops, mobiles and printers are secured. Unilever is deploying HPAC to overcome the challenges they have in user experience and security. Here we are integrating with Unilever internal processes for enrolment of users into our print security software — for secure print authentication, quota setting to restrict wastage, pull printing to have zero downtime of devices.”
“GE Digital ‘OpShield’ technology inspects communications and commands on the OT network, providing visibility into what is happening in your controls network. This unique inspection technology lets you see and apply policy down to the command and parameter level. It lets you enforce policy across the OT network and protects control systems and assets to ensure integrity and continuity of operations. GE also has an “Achilles Test Platform” that enables device manufacturers to test for communications robustness. “
Chief Information Security Officer, Exide Life Insurance
“This year is likely to be the year of more widespread adoption of AI powered attacks.
Red teaming and security-portfolio-analysis exercises are two such exercises that help you with cyber security. A red teaming exercise typically involves high-level adversarial objectives that include gaining access to customer information. This also involves good amount of social engineering, which puts to the test all the awareness sessions you may have invested in your employees.
A security portfolio exercise involves usage of cyber security frameworks to arrive at a maturity score for each of the categories and an overall maturity score for the organization. This also gives an insight into whether security investments are adequate/ overdone/ inadequate in certain categories.”
Chief Information Officer, Hindustan Unilever Ltd & IT Director
“Both intensity and frequency of cyber security threats have increased in the recent past and we have ensured all endpoints including laptops, mobiles and printers are secured. Unilever is deploying HPAC to overcome the challenges they have in user experience and security. Here we are integrating with Unilever internal processes for enrolment of users into our print security software — for secure print authentication, quota setting to restrict wastage, pull printing to have zero downtime of devices.”
Satish V Kadiyala: Nullifying The ThreatPrincipal Area IT Manager, Head of Global Support – India, Microsoft
“We continuously monitor our assets, push the security patches, and our WAS (Windows As Service) helps us to ensure all client machines are up-to-date with latest OS updates reducing our client machines exposure to vulnerabilities. We rely on our Windows Defender to constantly monitor our clients, provide alerts, mitigate risks and provide options to control access to applications. Through identity and access management, we enable access for the right person, to the right resource, at the right time, for the right reason. Microsoft beefed up its print fleet security by standardising and consolidating its printers across locations.”
DGM- Certification Business Unit, International Center for Automotive Technology (ICAT)
“A CMVR certificate is the key and mandatory document for any automotive to be sold in India. ICAT already has some security features to ensure the originality, however, it needs to be enhanced and so we are ensuring more security features with an HP-Troy system.”
Associate Vice-President, IT Service Support & Operations at Infosys IT
“In current context, the malwares are sophisticatedly developed in such a way that when we print, the print job can include a small piece of code. When it reaches the printer for printing the content, the malware gets separated and stays in the printer’s memory. The user is unaware of such transfers. This malware, which is in the printer, will start scanning the network. Information like, documents, passwords, will be scanned by this malware and is transferred to a server in the internet. How can the printers be secured on the network? These are a few ways:
1) Job security: Securing jobs on the printer will avoid other users collecting my printouts. This can be achieved by providing PIN / password to every job.
2) Securing printer web page: Every printer on the network offers a webpage to ease the configuration of printer. A hacker can use this portal. This can be secured by mandatorily selecting the secured https protocol and removing the regular http protocol.
3) No unauthorised changes to printer settings.”
These eight “Fixers” have not only strengthened their core security strategy, but have also consciously worked on every small detail in their digital eco-system. The small trapdoors in information security do not escape their eyes.
