Singh is the senior vice president and head -- Global Cybersecurity Business, Tech Mahindra
Cybersecurity breaches across the world have one common factor – “lack of awareness about the breach”.
Digital security firm Gemalto in its recent study claimed that 3.24 million records were compromised in India in 2017, a whopping 783 percent increase from 2016! Of these, identity theft was the leading type of data breach. It accounted for 77 percent of all incidents in 2017! But a more worrisome fact is that even a data privacy-conscious country such as, the United States of America takes an average of 206 days to detect a data breach!
Some of the high profile data breach incidents include the Yahoo email data leak. It took the brand years to identify the full extent of the attack, and eventually disclose that 'all three billion' accounts were breached. It is estimated that the time lapse between data breach and recognising the attack, gives perpetrators plenty of time to steal data, spy on victims and give them enough fodder to help them launch yet another malicious attack.
Connected world and the magnitude of cyber-disaster
A traditional security system is descriptive and reactive by its very nature. It jumps into action after the security alarm buzzes off alerting a possible breach. Consider this in a situation when cyber-breaches have increased manifold. The rate and vastness of breaches would out-pace the rate of containment of breaches! No wonder the Global Information Security Survey (GISS) 2016-17 India Report states that 26 percent of Indian organizations incurred financial damage of up to a whopping $100,000 in the past year and it is only increasing! Cyber-attacks are capable of wreaking havoc in the increasingly digitalised world. A connected world while being aspirational has its perils too. A minute gap in the safety armour is capable of putting the integrity of the one trillion connected devices, we expect to see deployed within the next 20 years, at risk. We have witnessed frequent cases of ransomware, hospitals delaying surgeries, government halting services due to cyber-attacks. If these incidents scale up then in no time we shall be on the brink of cyber-disaster.
Prevention is always better than cure
Security is a holistic concept. It needn’t only be descriptive, diagnostic and prescriptive but also predictive. Predictive analytics, ability to obtain foresight, is therefore imperative to help organisations set up defence in the face of potential threats. Threats are evolving at very fast clip and thence continuous and comprehensive risk assessment to reveal risk insights and take mitigating steps are crucial as a first step.
An integrated risk management strategy is the one that identifies and prioritizes vulnerabilities based on business criticality. The self-learning and automation capabilities of an Information Security Operations Center (iSOC) reduce compliance verification cycles from months to minutes. An iSOC constantly collects, crunches and analyses data, accurately measuring overall breach risk. This is critical to enabling cyber-resilience.
Culture of ‘Security by design’
India neither has a national law on cyber security nor a national law on privacy. With the Digital India campaign in full swing, the cyber threats have also evolved to become more sophisticated as confirmed by recent WannaCrypt and Petya ransomware attack. Stealing information, espionage, threatening corporates, weaponising software by installing malicious scripts and disrupting work are all happening at an alarming pace. Technology disruption has triggered cyber landscape evolving at fast pace than ever before rendering a holistic cyber security infrastructure just a quagmire. In such a scenario, it is important to undertake design-thinking approach and make ‘security by design’ the mainstay of cybersecurity infrastructure supplemented by clear business guidelines. An intelligent cybersecurity framework shall approach all data crunching and calculation in the context of business risk it poses. In this context, an iSOC can be considered a quantum leap forward towards making a cyber-resilient enterprise.
-The author is the Sr. Vice President & Head of Global Cybersecurity Business at Tech Mahindra