Home Interviews Interview with Sharad Sadadekar, CISO, HDFC Life Insurance

Interview with Sharad Sadadekar, CISO, HDFC Life Insurance


With the growing threat landscape in cyber space, how HDFC Life Insurance has been managing to protect their business sensitive data?

Financial organisations are entrusted with billions in customers’ funds and personal data which needs to be protected at all times.

Cyber-attacks have now become the integral part of new and changing business models. There are limited options but to plan for responding actively and with agility.

We leverage the cyber security capabilities and threat intelligence and predictive alerts to build countermeasures, hunt hidden intruders and bolster defences.

The goal should be to develop a secure, vigilant, and resilient organization

How do you ensure data protection and prevent security breach in your organization?

We consider our-self to be privileged to “NOT have witness severe cyber security data breach” in the recent past. While his is excellent news, we cannot stay in the past laurels.

The cyber threat landscape is evolving – and so must the Cybersecurity strategy. Planning for the future, at-least 3 years in advance and continuously revisiting the plan vis-a-vis the implementation are key to success.

We also engage with Cybersecurity experts and do benchmark on our current state. This gives us confidence as well as the assurance of where we are with respect to industry peers.

Cyber liability insurance policies can cover the cost of notifying customers, forensics investigation charges and replace lost income as a result of a data breach. In addition, policies can cover legal defense fees a business may be required to pay as a result of the breach. It’s important to remember that it is cheaper to prevent a data breach by securing data than it is to lose that data from a breach. Data breach insurance policy can give peace of mind and allow organizations to allocate resources to help keep data secure.

How do you see the overall security threat for insurance companies at large in India?

The rapid spread of digital technology is enabling insurers to quickly transform their businesses. They can swiftly roll-out new products and services to meet the changing demands of their customers. And also seize opportunities to move into new lucrative markets.

However, the proliferation of digital technology has a sting in the tail. It exposes insurers to big risks. Digital downtime, caused by manual or technical failure or cyber-attacks, can be catastrophic. It can devastate a business. Sometimes even destroy it. It’s not just the loss of revenue that can be so damaging.  The harm to an organization’s reputation and brand can be enormous. If a company loses the trust of its customers, partners or investors, the consequences can be dire. Furthermore, regulator has also put a foot on the accelerator to up governance standards. Organizations deemed to be negligent in their cyber-security posture is likely to be hit with severe penalties.

Insurance organizations are particularly vulnerable:

• Insurers manage huge volumes of sensitive customer data and are therefore attractive targets for cyber-criminals.

• Insurers operate in highly regulated markets. Breaches of security, which expose customers’ personal data, are likely to be heavily penalized.

• Insurers are in the risk business. Their exposure to reputational damage is substantial. If they succumb to a cyber-security breach or major technical failure their professional competence can be seriously undermined.

• Many insurers are beginning to adopt new business models to capitalize on the potential of digital ecosystems. They will become increasingly reliant on processes, technology and people that they have limited or no control over.

What are the most devastating security threat do you foresee for the year 2018?

Ghostly Cryptocurrency mining:
Many are not aware of this new cyber threat which was witnessed in 2017 and is said to pick up this year. All these days, hackers used to target servers operating in data centers to mine digital currency. But in the upcoming year, their new targets will be individuals and their PC browsers. Yes, it has been discovered that publishers / hackers have started monetizing their traffic by making their visitor’s mine crypto-currencies while on their site. The plan is while a user is accessing content from a website; in exchange, the site owner will be using his/her PC browser for mining purposes. Remember, such mining techniques will cause a big impact on the productivity of the system and will affect its lifespan on an overall note.

Abuse of Social Network will be on rise:
Hackers are easily succeeding in launching phishing emails filled with nasty malware. In the upcoming year, the predictions that such attacks will increase and will prove devastating.

Hackers going Bonkers with advance malwares:
The malware developers are becoming super advanced these days and are architecting malware which goes undetected by anti-malware solutions available today. File-less Malware will be the new normal.

Therefore, businesses have to adequately protect themselves against the cyber threats of 2018 with a layered approach to security. Organisations can do so by using both anti-virus solutions for traditional threats and anti-malware for the more advanced threats.

Cloud Security, API abuse and Shadow IT:
Cloud computing has become a boon for those who are looking at virtualization as the next step forward for their development. But at the same time, these virtual storage and computing platforms are also turning into a paradise for hackers. The year 2018 will witness hackers targeting loosely configured API, cloud storage platforms to siphon data and sell it on dark web. Such data has a great demand on the dark web and so could earn excellent perks.

Most notable incident “Shadowbroker dump hacking tool leak” has made the hacker’s life easier. CaaS will allow “aspiring cyber hackers” without much technical knowledge to buy tools and services that allow them to conduct attacks they would otherwise not be able to undertake.

What are your suggestions for next generation CISOs?

Role of CISO continues to evolve who should not only should be security savvy, but also technically adept and business aware. The CISOs of 2020 will be more business aligned and business relationship orientated. They need to be closer to the company’s assets with regard to assigning ownership and accountability.

Control what matters
Since one cannot protect everything equally it’s important to focus on team’s expertise. Take the money spends on prevention and begin to drive it more equitably to detection and response. The ultimate truth is, that one won’t be in position to stop every threat and one needs to get over it – faster.

Connect with C-suite
Cyber security Awareness to be more pervasive and should cover every stake holders starting from Board to the third party service providers. Help them understand the new age threats and get them involved.

Security is as much art as science
The art aspect of it is there’s this constant battle between the bad guys and the good guys. The bad guys can get through your defense system and there’s all these neat ways that you can continuously protect business assets.

That’s an ongoing challenge and the Next-Gen just needs to relish in that.

Next generation of CISOs are maturing
The experienced CISOs need to build foundation for the Next-Gen and train tomorrow’s security professionals. Retaining cyber professionals isn’t just a matter of offering the biggest paycheck — it requires getting creative with cross-training, hands-on experience and developing collaborative solutions with fellow CISOs.


Please enter your comment!
Please enter your name here

77 + = 87