With the growing threat landscape in cyber space, how Essar has been managing to protect their business sensitive data?
While the threat landscape has been growing rapidly with much more advanced social engineering techniques, it becomes equally imperative for Organisations to ensure proper measures taken in terms of right security solutions being implemented along with basic hygiene being followed with precision.
We at Essar believe in striking the right balance of implementing proper security measures with focus on process hygiene across the IT landscape. We believe in the theory of multilayered security
strategy to ensure each gateway is protected and vigil enough to prevent threats. One the other hand we also believe in the hygiene that includes stringent Backup & Recovery process to ensure minimal impact in the worst case scenario. Rigorous patching mechanism to ensure the Operating systems and software are up-to-date with latest patches post verifying the test parameters. Updated End Point protection helps to maintain the basic hygiene of preventing known threats along with Application whitelisting to ensure only approved software are installed. User awareness will play a vital role to avoid the targeted cyber-attacks. Last but not the least, any security strategy with best of the breed solutions and rigor in basic hygiene isn’t effective enough without proper monitoring mechanism. We’ve taken the managed SOC services for Essar IT landscape from AGC Networks that helps us with round the clock effective monitoring and alerting mechanism.
How do you see the overall security threat for large enterprises at large in India?
The overall security threat landscape for any enterprise, large or small will be challenging and will really need focused approach towards detection, prevention and mitigation of the advanced cyber-attacks. Large enterprises in particular will have a major threat with respect to disrupting business processes or defacing brand image, stealing critical data, internal threat, advanced zero-day attacks, phishing, spams and many more.
Large enterprises in particular with user base (internal/external) spread across different geographies, will need to ensure cautious approach with necessary user awareness sessions.
What are the most devastating security threat do you foresee for the year 2018?
With the increase in embracing the latest technology trends, the Organisations will also need to take great care on proper due diligence prior to implementing solutions while exposing the
business critical data. Mobility initiatives are prone to targeted attacks with sophisticated mobile malwares. Phishing attacks with advanced social engineering will have more probability of Ransomwares that will play major role in disrupting business production cycles. Again with IoT picking up quickly, the OT networks that were working as the separate islands within the IT landscape will be exposed to the advanced threats with sensors pulling & pushing the data for analytics and action oriented apps. While the threat horizon is expected at a much larger scale, these are some of the few areas to be more careful off.
What are your suggestions for next generation CISOs?
While there are multiple approach methods to strategize as a part of cyber security role, I’ve always believed in focusing on the basic hygiene of backup/restore processes, patching mechanism, updated Endpoint & Gateway level security, least privilege policies, application whitelisting, user awareness when it comes to cyber security and proper due diligence with rigorous monitoring practices keeping in mind the advanced threats & techniques.