Cybersecurity is no longer an IT issue but has become a business one

Organizations require a hybrid approach that converges networking and security to be able to reduce complexity, while securing and connecting hybrid and remote users to advanced security with superior performance. We spoke with Satyavrat Mishra, Vice President & Head of Corporate IT at Godrej Industries on why traditional network and security architectures no longer work for today’s digital business.

Why is Securing Networks becoming critical and more important, yet challenging?
We are witnessing an increasing adoption and dependence on IT for all aspects of business operations including communication, production, operations, supply chain and finance. The proliferation of connected devices, IoT, remote working and adoption of cloud over last few years has further accelerated digital transformation and increased the dependence on connected networks. While there is no organization that is immune to cyberattacks, a secure and protected network is essential to protect critical assets and data.

Implementing a good security strategy helps business reduce the risk of a breach. Security incidents and data breaches can have very disruptive and devastating effects on an organization. Recovering lost data is only part of the equation. Extended downtime can quickly compound costs on an hour-by-hour basis. And more difficult to quantify is regaining lost consumer confidence and damage to an organization's brand, which can take months or years to repair.

Can you give some everyday examples to help provide some context?
Recently, cybercriminals known as DarkSide gained access to the US Colonial Pipeline network in a ransomware attack. This shows the stakes continue to climb and the criticalness of attacks is high. In July 2021, a new global supply chain ransomware attack targeted users of the Kaseya VSA platform—software that provides remote management of IT operations spanning service desk ticketing to performance monitoring and reporting. As a central management console, the Kaseya VSA platform is used by numerous managed service providers to remotely monitor and deploy software, updates, etc. to multiple machines simultaneously in a multi-user environment. There are reports of ransom demands of $50,000 for smaller organizations and up to $5 million for larger enterprises.

With an evolving threat landscape with more sophisticated techniques, how can organizations keep up?  
Cyber Security is no longer an IT Issue but has become a business one. Creating a culture of security should be the goal of every organization. Bearing in mind that people are typically the weakest link in any security link, training employees to play an active role in the protection of the organizations digital assets improves an organizations security posture.

Preparing for the worst-case scenario helps organizations manage threats and minimise the damage caused by a breach. Cyber incident response planning consists of specific actions for specific attack scenarios, avoiding further damages, reducing recovery time  and mitigating cybersecurity risk.

Business disruption that results from a ransomware attack comes at a huge cost including business downtime, mitigation expenses, ransomware payments and reputational costs. Even with the most sophisticated controls, policies and procedures in place, many organizations still fall victim to cyberattacks. Having adequate cyber insurance cover is an important part of any cybersecurity incident response and recovery plan.

What are some defensive strategies that businesses should be implementing?
The increase in the breadth and frequency of cyberattacks translates into more cyber risk for organizations, which means security teams need to be just as nimble and methodical as their adversaries. Outdated point-product approaches to security are insufficient, making integrated security solutions essential to combatting this proliferation of advanced and sophisticated attacks. Organizations need tools that can ingest real-time threat intelligence, apply AI to detect threat patterns and correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response across networks. This holistic approach to a cybersecurity mesh architecture allows for much tighter integration and increased automation, making it easier for security teams to coordinate quickly and respond effectively to threats in real time.

As industrial systems become more connected, they also become more exposed to vulnerabilities. The high cost of industrial equipment and the negative impact to business that an attack could generate are key factors for organizations looking to protect their industrial networks. By using solutions that allow complete visibility of network control traffic and establishing the right security policies, one can put an effective OT strategy in place that will protect processes, people and significantly reduce security vulnerabilities and incidents.

Research suggests that human error is involved in more than 90% of security breaches and awareness training helps to minimize human risk thus preventing the loss of data. Effective awareness training program addresses the cybersecurity mistakes that employees may make when using email, web, endpoint devices, social media, physical access, and safe handling of data.

How has Fortinet helped in reducing complexity and improving security?
We are a large, distributed network with users working from multiple locations. SD-WAN makes it possible to use available WAN services more effectively and economically. It simplifies branch networking, improves application performance, and provides faster access to cloud-based applications and communications.

With Fortinet’s Secure SD-WAN platform in place, we now benefit from a fully consolidated and converged network and security stack, with one appliance supporting all the SD-WAN, advanced routing, and NGFW needs all managed through a single pane of glass.

The approach has greatly simplified both network and security management for us as we can scale and manage security for all locations from one place. Additionally, thanks to flexible scripting options, our IT teams can quickly automate configurations and security policies to meet the diverse needs of various locations. Beyond security, SD-WAN application steering, and advanced WAN remediation provide an improved user experience.

Through the Fortinet Secure SD-WAN, we are also significantly reducing costs. In part, cost benefits result from the consolidation of our network and security systems. Further the Fortinet Secure SD-WAN runs on the broadband as its primary connection, we have been able to replace expensive MPLS lines with internet.

The pages slugged ‘Brand Connect’ are equivalent to advertisements and are not written and produced by Forbes India journalists.