This interview has been attributed to Anshul Gupta
Anshul S Gupta is a seasoned cybersecurity leader with over 18 years of experience. He has been recognized for his expertise in threat and incident management, security compliance, and risk management.
Anshul has spearheaded strategic cybersecurity initiatives and complex cyber transformation projects across diverse industries. Anshul has successfully developed and implemented information security programs for cyber resilience and managed cyber defense and response digital forensic engagements in cloud and on-premises environments. His experience spans BFSI, e-commerce, and manufacturing sectors.
His dedication to simplifying intricate security concerns into streamlined, customer-centric solutions has bolstered organizational cyber resilience.
Securitydive.in speaks to Anshul about current state of cyber security ,Governance, Risk, and Compliance for 2024.
Read the whole interview
Q. How do you approach the integration of governance, risk, and compliance (GRC)
strategies within the cybersecurity framework of your organization?
Ans: Some key strategies I have adopted
Align the GRC objectives with business priorities – Identify critical
assets, compliance requirements, and potential threats to prioritize actions and
resource allocation.
Established centralized team to manage GRC function globally including
compliance monitoring and incident response.
Automate the GRC via using technology solution, to streamline workflows, and
provide centralized aggregated data on enterprise risk, compliance, and incident
dashboard for stakeholders.
Empowerment the employees by promoting security awareness and ethical
behavior within the organization
Continuous improvement of GRC program to make it resilience against changing
threat landscape and compliance requirements.
Q. Can you share specific measures or initiatives you've implemented to ensure robust governance, risk management, and compliance in the cybersecurity domain?
Ans: I would like to share some insight on the programs I have managed under GRC
portfolio, which focus on people, process and technology, which help us in managing
our risk in an effective way
Strengthen the cybersecurity programs with outcomes and objectives by linking
with business priorities.
Employee awareness programs were – cybersecurity training, flyers, and a
monthly infosec newsletter were developed in collaboration with the L&D and
communications team
Designed and implemented global automated centralized GRC tool to streamline
regulatory compliance, risk assessment, and governance practices
Strengthen the global threat management program by proactive threat hunting,
continuous vulnerability management and reduce attack surface.
Quarterly update to the steering committee on the status of the risk and
mitigation strategy
Q. What role does compliance play in shaping your cybersecurity policies, and how do
you ensure alignment with industry standards and regulations?
Ans:
We must work towards compliance for security, but many times due to cost pressure
and resource limitation it was adapted as security for compliance, which dilute the role
of cyber security policies.
One should a quarterly/Half-yearly review and update cyber security polices, which map
with the changing threat landscape, industry regulation demand and compliance
framework adoption. However, effectiveness of the policies is equally importance as
updating the documentation.
Risk Assessment Best Practices:
Q. What are the key components of your risk assessment framework, and how do you
ensure it aligns with the dynamic nature of cyber threats?
Ans:
Regularly update the asset inventory to reflect new acquisitions,
decommissioning, and changes in business processes or technology
Implement continuous monitoring of the security posture to detect and respond to
threats in real-time. Regularly review the risk assessment framework to ensure it
remains relevant and effective
Ensure that all stakeholders are aware of their roles in maintaining cybersecurity.
This involves regular training and awareness programs for employees.
Adopt a quantitative or qualitative risk analysis approach that factors in the
changing threat landscape and business context.
Q. Can you provide examples of successful risk assessment practices you've
implemented, and how they contributed to enhancing the overall cybersecurity posture
of your organization?
Ans:
Implemented continuous vulnerability management program, which includes
weekly external and monthly internal VA scans for critical business infrastructure.
Regular updates from multiple threat intel, help us to define our proactive
defense strategy.
Regular phishing simulation, awareness program, newsletter, help us to reduce
human risk towards the organization.
Brand monitoring with respect typo squatting domain, employee email in public
breaches, help us to minimize our attack surface.
Q. How do you balance the need for comprehensive risk assessments and the speed
required to adapt to evolving cyber threats?
Ans:
One should do risk assessment on the basis of your current security policy, regulatory
requirements, and any new business requirements
By keep updating cyber security policy and procedures on a regular interval, which
maps with the changing threat landscape. Industry specific, threat intel help us to be
focus on the risk related to our industry.
Inventory management play a key role, to understand the threat landscape and the risk
associated with it, like supply chain risk, software asset used in the organization.
Keep a tab on vendors and the exposed data, with regular assessment help me to
manage risk.
Addressing Cyber Threats:
Q. In the area of cybersecurity threats, particularly phishing, malware, and ransomware, what proactive measures have you implemented to safeguard the organization?
Ans: Below of some proactive measures
Minimized the risk of Ransomware attack, RAT, and insider threat by running a
global proactive threat hunting program using threat intelligence data derived
from various sources to identify previously unknown or unresolved threats
within an organization's network.
Reduced employee susceptibility to phishing scams by implementing a global
targeted phishing awareness campaign. Employee awareness programs were –
cyber training, flyers, and a monthly newsletter were developed in collaboration
with the L&D and communications team
Improvise continuous monitoring of the attack surface, help me to reduce the
risk from external threats
Q. Can you share insights into your incident response strategies for handling cyber
attacks, including any notable successes or lessons learned?
Ans: To build an incident response strategies, one should understand the business, and the
impact of the incident.
Identify the critical infrastructure, and assess the business impact of incident, to
formulate the strategies.
Sign-up for curated threat Intel feed to be well prepared for defense strategies
based on the threat to specific industry.
Build a RACI matrix and run couple of table-top exercises, to get practice of
managing cyber incident within the organization.
Build a proactive threat hunting team, which uncovers know and UN-know
threats present in the organization infrastructure.
Continuous monitoring of identified critical infrastructure and reduce the attack
surface.
Built a cyber-resilience plan, which help the organization to minimize the
business impact of any incident.
Update the incident response plan at least annually, or if there is major change in
the organization with respect to threat model.
Q. How do you approach user awareness and training to mitigate risks associated with
social engineering attacks like phishing?
We have run couple of programs, which includes posters completion on cyber security
awareness, global phishing programs, LMS program. Tailor made programs for
leadership, finance and human resources.
Monthly news bulletin will help to create awareness among employees.
.
Key Challenges for CISOs in 2024:
Q. Looking ahead to 2024, what do you perceive as the most significant challenges for
CISOs in the ever-evolving cybersecurity landscape?
Key challenges in 2024.
1. Identity based attacks in the era of hybrid working model
2. AI sophisticated attacks
3. Increase of cloud transformation, will increase the attack surface.
4. Cyber compliances on financial and healthcare industry
5. DPDP implementation and making organization complaint will requires lot of
changes at the organization level.
Q. How are you preparing your cybersecurity strategy to address emerging threats and
challenges that may arise in the near future?
Strategy:
1. Zero trust approach- This will help to build more secure approach towards
access of data and network. This will reduce a risk towards data breaches.
2. AI based cyber defense approach, will help to tackle emerging threats towards
the organization. This is specially require to defend phishing attack, which has
been increase and more sophisticated with AI.
3. Half-yearly update of annual compliance program, based on changing threat
landscape.
4. Cyber –Simulation to test detect and protect control, along with BCP/DR
strategies.
5. Adopting privacy by design, will help to build a privacy culture in the DNA of the
organization.
Q. in the context of technological advancements, what role do you see for artificial
intelligence, machine learning, or other innovative solutions in overcoming cybersecurity
challenges in 2024?
In 2024, I can see these technological tools will play a vital role
Threat Detection and Prevention
Anomaly Detection: AI can analyze vast datasets to identify unusual patterns that
might indicate a cyberattack.
Real-time Threat Intelligence: ML algorithms can process and correlate threat
intelligence feeds to provide up-to-the-minute insights.
Predictive Analytics: By analyzing past attack patterns, AI can predict potential
future attacks, allowing organizations to take proactive measures.
Incident Response and Remediation
Automated Incident Response: AI-powered systems can detect and respond to
security incidents autonomously, reducing human error and response time.
Root Cause Analysis: ML can help identify the root cause of security breaches,
enabling organizations to implement effective countermeasures.
Security Operations Center (SOC) Enhancement
Automation: AI can automate routine tasks, freeing up security analysts to focus
on more complex threats.
Threat Hunting: ML can assist security teams in proactively searching for hidden
threats.
Enhanced Threat Visibility: AI can provide a comprehensive view of the threat
landscape, enabling better risk assessment.