“Cybersecurity Has Become A Critical Point Of Discussion In Indian Boardrooms”

“Cybersecurity Has Become A Critical Point Of Discussion In Indian Boardrooms”

Pandemic has opened the gateway for the cyber criminals to target the organizations in as IT infra became vulnerable. People are using unsecured networks and accessing the crucial data of their organizations, it helped the threat actors to exploit the vulnerable security architecture. Sharing his views about the changing cybersecurity market, Ram Vaidyanathan, Cybersecurity Evangelist, ManageEngine said, “The pandemic redefined the working models of organisations, paving the way for the hybrid work culture. This has forced firms to adopt new technologies at an increased pace. The market has evolved in the following ways over the last two years:

ii. Strict cybersecurity laws: The Indian Computer Emergency Response Team (CERT-In) has introduced requirements to log the activities of VPN, cloud, and other vendors and provide them to the authorities on demand. While the intention is good, it also opens up new avenues for cyberattackers to compromise sensitive data.

ii. Fresh opportunities in cybercrime: Company data is not protected by firewalls anymore. The use of SaaS-based applications, unmanaged devices, and unsecured networks has led to fresh opportunities in cybercrime and a surge in ransomware and mobile attacks. According to the recent CERT-In study, more than 2.12 lakh cybersecurity incidents were reported in just the first two months of 2022.

iii. Ransomware as the biggest threat: Ransomware has become the biggest threat to Indian organisations, increasing 70% over the last year. Other nation-states have been behind the majority of these attacks. 

Indian Companies Increasing Investments for Cyber Security 

“Due to various market drivers, cybersecurity has become a critical point of discussion in Indian boardrooms. CISOs are now routinely involved in business decision-making, playing a big role in bridging the gap between business and cybersecurity. This has led to an unprecedented demand for effective security solutions. According to a PwC survey, 80% of Indian organisations will increase their cybersecurity budget in 2022. Gartner has also forecast that end-user spending on security and risk management in India will total USD 2.6 billion in 2022,” said Ram Vaidyanathan. “This is a good opportunity for security solution providers to make a tangible impact on their clients. If their solutions solve definitive security challenges, help with compliance management, give visibility into insider risk, and perform effective threat hunting, then solution providers can increase their brand awareness, gain new customers, and establish credibility and trust in the market.” 

Zero Trust Model Gaining Popularity Among Indian Organizations 

While talking to DT, on the increased adoption of Zero Trust model, Ram Vaidyanathan said “Zero Trust is widely adopted by companies for the following reasons: 

  • Data is not confined within physical boundaries: Employees use third-party SaaS applications for higher productivity at work, and they work from remote locations, too. At the same time, organisations have started using public and hybrid clouds for agility in operations and cost-effectiveness. Therefore, the location of a device, host, or user does not automatically mean they can be trusted. In such a scenario, the authentication and authorisation of devices and users should be managed dynamically.
  • Attackers are compromising identities: Network-based attacks are becoming less common, because attackers are now going after identities, compromising them, and ultimately exfiltrating data.
  • Insider risk has increased: Close to half of all data breaches are due to insider threats. Therefore, organisations have to always assume there might be a breach and constantly verify the identities and behaviours of users. 

“Zero Trust helps secure organisations' sensitive data by moving access and security controls as close to the data as possible. Microsegmentation—dividing a network into logical microsegments to maintain granular access and security controls—is one approach to doing this. Firms also need to implement the principle of least privilege, in which employees get the minimal level of access necessary to perform their jobs. Just-in-time access also helps limit the amount of time users have privileged access.” 

“Zero Trust further requires comprehensive, continuous log collection to ensure constant threat detection and reassessment of trust. These collected logs should be used to improve the organisation's security posture. Zero Trust also involves the implementation of dynamic policies where authentication methods are based on user context and the sensitivity of the resources being accessed. Context includes the device location, device state, and network health. Anomaly detection techniques are also used to assess the risk posed by users and entities at any point in time,” concluded by Ram Vaidyanathan.

Related Stories

No stories found.