1. Why is cyber security so important in this digital economy?
In this digital economy, everybody with a Smartphone is on the Internet 24x7 and their usage moves fluidly across devices and platforms for work and in their personal lives. In this context, Cybersecurity is of fundamental importance. It’s important to keep our work information, our personal information and our loved ones’ information safe on the Internet. It’s as basic as that.
2. Do you feel cybercrimes are going to increase in this recession time and how we can handle it?
Simply put, the threat actors out there are fifty steps ahead of most organisations in the corporate world. They pour in a lot of effort into targeting and breaking into the most recent or modern cybersecurity programmes.
Whilst they are doing this, the CISO has to justify their IT budget and cybersecurity roadmaps to their Company’s senior decisions-makers. Budgets for Cybersecurity tools, processes and personnel are allocated, vendor management processes or Request for Proposals (RFP) are followed before narrowing down on a vendor or tool. All this takes time and has the potential to impact any Cybersecurity roadmap.
With technology evolving at blazing speeds, organisations without proper cybersecurity leaders and practitioners will struggle to implement the proper cybersecurity practices for the latest technologies in a timely way. The threat actors take advantage of this to conduct cyber-attacks.
It’s also true that many organisations are negligent or ignorant about cybersecurity, lacking proper cybersecurity policies, procedures, processes, and personnel. Taking all of the above into account, it’s not surprising there will be a plethora of cyber-attacks on a daily basis.
As the old saying goes, prevention is better than cure. This is definitely true in cybersecurity also. When cybersecurity is in firefighting mode, then it’s surely a failure. In order to proactively build a cybersecurity programme and improve the security posture of an organisation, these basic cybersecurity processes, programmes and tools must be implemented.
Get started with Next Generation Firewalls, IPS/IDS, End Point Detection and Response (EDR), followed by a robust Identity Access Management programme, a proper IT Asset Inventory platform, SIEM/SOAR, Privilege Access Management (PAM), Data Leakage Prevention (DLP), Web Application Firewall (WAF), DDoS Protection, Cloud Access Security Broker (CASB), Zero Trust Architecture, etc.
Additionally, conduct regular external and internal audits to evaluate yourself, conduct regular Red Team Exercises, use an external vendor partner for Vulnerability Assessment and Penetration Testing, build a highly competent CSIRT team, build a Cyber Defence Centre for Threat Intelligence and Threat Hunting, sign up with an external cyber risk score partner and also purchase cyber risk insurance.
This is not an exhaustive list but includes what could be described as the bare essentials for an effective cybersecurity programme that is focused on prevention.
3. Does the digital encouragement from government side makes large chunk of population vulnerable?
Yes, the digitization initiatives of the government do have a risk of a large chunk of population vulnerable. Particularly senior citizens and the rural population are at a critical risk. Even in the urban world, people who are technically challenged can easily fall prey to cybercrimes. Last but not the least, even seasoned IT professionals can become victims of cybercrimes through negligence. So, everyone is vulnerable.
4. What are your initiatives in this field to educate people about the hackers?
In the corporate world, people are the weakest link - 95% of cyber-attacks are caused by people, most times unintentionally by employees of an organisation. In order to mitigate this risk, employee cybersecurity awareness must be carried out regularly for all staff.
For home users, cybersecurity awareness must be carried on through TV, radio, newspapers, and social media. The Reserve Bank of India is already running a few commercials about online transactions security. Similarly, other cybersecurity campaigns must be conducted on a regular basis.
People should also develop the habit to keep reading about cybersecurity online and get some knowledge on the latest scams, cyber-attacks and frauds happening in the cyber world to protect themselves.
4. What are the technical skills they need to develop and how they endorse this field to be successful?
Not everybody can acquire technical skills. But here are the Ten best practices of Cybersecurity:
- Always use a strong password for all your Internet accounts, as strong password should be: a) At least 10 characters long, b) A combination of upper case, lower case, numbers, and special characters, c) A passphrase instead of a password.
- Use a unique password for various Internet accounts, including online banking, social media, emails, etc.
- Never use easily guessable words from the dictionary, date-of-birth, telephone numbers, names, etc. for your password
- Never share your passwords with anybody nor write down your password
- Reset your password if you think your password may be compromised
- Use a strong password for your Home Wi-Fi router
- Don’t use free public Wi-Fi
- There’s no free lunch, so emails or social media messages promising free stuff are always phishing attacks, don’t click on those links or download such attachments
- Always have an antivirus solution installed on your laptops
- Don’t advertise your whereabouts on social media
5. Is there any software you would recommend to people? How paranoid should people be when they are using it for very basic purpose like interacting with friends and colleagues?
Yes, as seen in Point 9 above, please use an antivirus software on all your laptops. Also, enable MS Windows Firewall for greater protection.
You don’t need any security software for interacting people. Just remember the basic rule, don’t share anything that you shouldn’t be sharing with others.
6. Any suggestions for business owners to keep their sensitive data safe in this WFH situation due to employee can access the sensitive data from their home.
The world is working from home (WFH) or remotely. Most of the measures that were started in Q1 2020 have continued – some might be reversed but employees have learnt to work in new ways. Most organizations are supporting flexible working going forward.
If I had to sum it up in one phrase, then it would be ‘The world has gone to the cloud’. All our communications including voice, video and text now go through cloud-based apps. This has eased early WFH difficulties and has helped a WFH culture mature admirably in the past 18 months. Cloud solutions are fairly safe and secure.
Other time-tested strategies such as using a Virtual Private Network (VPN) and Virtual Desktop Interface (VDI) can be used to keep sensitive data secure when WFH without compromising on efficiency.
- Website: Patrick Pitchappa
- Interviewed By Kusum Jha
.jpeg)
){kind=link}
0 Comments