On Data Privacy Day, various IT industry leaders have expressed their views on the challenges in security and how to resolve them.
Peter Waters, Chief Privacy Officer, Equinix says, “In recent years, data privacy compliance has become a critical consideration driving critical business decisions as companies look to digitally transform. Cybersecurity vulnerabilities continue to increase as companies grow their digital footprints due to the massive amounts of data being generated. The Data Privacy Day comes as a reminder for organizations to assess their cyber risks and ensure strong data privacy protections are in place but in such a way that will not impede innovation within the digital economy. Due to the increasing complexity of data flows, enterprises need to evolve past securing data at rest to a posture of continuous governance where all data is protected."
"Increasingly, we are seeing enterprises place, manage and analyze data at the edge, closer to their users, services and clouds. Meanwhile, concerns over the security and privacy of data in movement and/or in the cloud have also increased. This situation is more critical in Asia-Pacific and has driven the need for better technology and infrastructure solutions that improve data accessibility, security and control, while also meeting increasing data privacy requirements. It is a balancing act."
--Peter Waters, Chief Privacy Officer, Equinix
Satya Machiraju, VP, Information Security, Whatfix says, “While it is great that we are all more connected than ever before, the shift to remote work in response to the pandemic has presented inherent security issues. Recent large-scale data breaches have made data privacy a hot topic in the last two years. As of 2021, CERT-In had documented and reported more than 11.5 lakh incidents of cyberattacks. Data Privacy Day is an excellent opportunity for companies to make a commitment to cyber security and implement robust data management solutions."
"Today, data privacy is a matter of paramount importance. Cyber criminals can target any organisation, no matter its size, location, or industry. So, if you want to safeguard your organization’s data, you need to build a cyber-secure and human-centric corporate culture. It is crucial for businesses of all sizes to take data privacy seriously and proactively protect personally identifiable information."
--Satya Machiraju, VP, Information Security, Whatfix
He continues, "Establishing a security-aware culture begins with an open discussion of data privacy. Employers are the source of the greatest privacy risks, and as such, they can play a vital role in minimising these risks. Changing behaviour is how leading organisations educate their employees about the risks they pose. Data Privacy Day is the perfect occasion to kickstart an ongoing focus on security and privacy. Employees will be less likely to share sensitive information online if they understand how websites and companies use their data."
Nitin Varma, Managing Director, India & SAARC, CrowdStrike says, "There is a huge digital shift that has been created by the pandemic where many industry sectors have witnessed an accelerated approach towards digital transformation and their erstwhile perimeter has moved beyond their enterprise firewalls to cloud; either a public cloud, hybrid cloud or a private cloud. This has added complexity to the IT architecture stack and also increased the potential attack surface for adversaries to exploit; and often under-resourced security teams to protect. "
"While many cloud service providers offer basic levels of data security, it is critical for organizations to develop and implement a comprehensive data security strategy that’s scalable and combines automation with human threat hunting and threat intelligence. Another critical element of a data security strategy is real-time monitoring, detection and response. These threat detection and response capabilities should be supported by machine learning and analytics to better identify anomalies and malicious activity."
--Nitin Varma, Managing Director, India & SAARC, CrowdStrike
He adds, "Companies require proficient and skilled cyber security experts who can keep their endpoints, cloud workloads, identify and data secure. Unfortunately some organizations still rely on legacy security solutions that are just not fit for purpose especially as adversaries evolve their tools, techniques and procedures (TTPs). They need security that is scalable, built for the cloud and can carry the same level of control and visibility from their on-premises environment into remote working environments. Meeting these challenges head on with a layered, unified approach to security will enable organizations to move forward with their cloud plans with the knowledge that their users and data are well guarded.”
Akshat Jain, CTO and Co-founder, Cyware says, "Today, organisations face growing security challenges due to the lack of collaboration and information exchange, and the siloed manner in which a diverse range of security teams operate. The lack of last-mile threat intelligence delivery capabilities to different stakeholders within an organization and to external partners often results in a delayed and ineffective response to critical threats. Furthermore, security teams are dealing with a deluge of alerts on a daily basis that lead to burnout and lack of focus on more severe threat investigations. Many security processes are still manual and reactive in nature, thereby only kicking into action after an incident occurs and leaving more time for threat actors to cause damage to their operations and steal data before detection."
He continues, "To overcome all of these challenges, security teams must leverage Virtual Cyber Fusion to drive collaboration between siloed security teams while combining threat intelligence with security orchestration, automation, and response (SOAR) for complete threat visibility and faster response."
"Virtual Cyber Fusion enables end-to-end threat intelligence operation and last-mile delivery while automating entire threat response workflows across cloud and on-premise environments. With a greater emphasis on information sharing within and outside the organisation, decision-makers can also help build a collective defense network wherein different industry stakeholders come together to ward off cyber threats.”
--Akshat Jain, CTO and Co-founder, Cyware
Sunil Sharma, MD, Sales, India & SAARC, Sophos says, "According to Sophos researchers, over the coming year, a greater proportion of ransomware attacks will be based on ransomware-as-a-service (RaaS) offerings, with specialist ransomware developers focused on creating and then leasing their malicious code and infrastructure to third-party affiliates. Some of the most high-profile ransomware attacks of 2021 involved RaaS, such as the attack on Colonial Pipeline in the US. Ransomware operators can then turn to other cybercriminal services to buy access to hacked victims or use malware delivery platforms to find and target potential victims. These platforms also deliver commodity malware, adware or spam, threats that are less dangerous and disruptive."
"Defense-in-depth and human-led threat hunting are two vital protection measures against the rapidly evolving, ruthless threat of ransomware."
--Sunil Sharma, MD, Sales, India & SAARC, Sophos
He adds, "What this means for business IT security teams, among other things, is that ransomware attacks are increasingly within range of cybercriminals regardless of their skill levels, as they can just rent or buy what they need; that any infection, for instance, with adware, can lead to every infection, including ransomware, once a target is compromised, so no suspicious signals should be overlooked; and that ransomware attackers will target people as well as technology."
Neelesh Kripalani, Chief Technology Officer, Clover Infotech says, “Although a great enabler, cloud raises a lot of security challenges. Cloud security has been voted as one of the biggest security threats that organisations face. Enterprises often misunderstand cloud security as the sole responsibility of the cloud services provider as against viewing it as a shared responsibility. Robust cloud security provides multiple levels of controls within the network infrastructure for the protection of cloud-based assets. Whether in a public or private cloud, enterprise need access to security tools that can protect their data and resources from theft, leak, or natural disasters."
He goes further, "One more important aspect that cannot be ignored when it comes to security is the ‘Human Error’. Surprisingly enough, it is the most neglected link in cybersecurity. Human error in cybersecurity breach is an age-old problem. For years, it has consistently been identified as a major contributing factor to data breaches. The average cost of data breaches from human error stands at USD3.33 million, according to IBM’s Cost of a Data Breach Report 2020."
"It doesn’t matter how many security measures and precautions an organisation undertakes, a simple human error can still put everything in jeopardy. Whether users are negligent, careless, or simply uninformed, a human error can lead to a cyber-attack and thereby data breach. Hence, enterprises along with cloud service providers need to develop detailed and stringent security policies that clearly outline access and privileged access management, zero trust policy, user activity monitoring, and further educate their employees on the negative impact of cyber-attacks and positive impact of best practices."
--Neelesh Kripalani, Chief Technology Officer, Clover Infotech
He concludes, "Security shouldn’t be treated as an isolated activity. It is a shared responsibility right from the management to vendors to even the new entrants in an organization. Hence, an organization can consider itself completely secure against breaches only by aligning all its stakeholders towards the common goal of ensuring comprehensive security.”
These comments place the issue of security in their multi-layered context and raise awareness about the various dimensions of security.