Info@NationalCyberSecurity
Info@NationalCyberSecurity

Unveiling cybersecurity’s next frontier, CIO News, ET CIO | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Bringing together cybersecurity experts from various domains, ETCISO Decrypt 2023 concluded its successful run at ITC Maratha in Mumbai on Thursday. With its focus on addressing the threat landscape, the event served as a dynamic platform for industry leaders and professionals to explore innovative strategies and foster collaborations in the field of cybersecurity.

The conclave brought together India’s top CISOs, CIOs, risk managers, enterprise architects, security managers, heads of mobility, IT heads, and data center heads. Their collective presence aimed at providing an immersive experience to proactively navigate the dynamic threat landscape and stay ahead.

Themed “Bracing the New Shift in Cybersecurity,” ETCISO Decrypt 2023 delved into the intricacies of data-driven security while harnessing the potential of cutting-edge technologies like AI and ML. The event gathered industry experts who shared insights on enhancing network security, fortifying Web Application Firewalls (WAF), safeguarding APIs, and future-proofing Security Operations Centers (SOCs).

The sessions ignited intellectual exchanges, stimulating the development of innovative strategies and broadening perspectives in the field.

Here are the key moments from the one-day conclave:

Shaping National Security through Cybersecurity

“I dream of a Digital India where cybersecurity becomes an integral part of national security,” said Lt Gen (Dr) Rajesh Pant, in his opening speech, quoting Prime Minister Narendra Modi’s vision of a Digital India where cybersecurity plays a vital role in national security.

Expressing concerns about the geopolitical influence on cybersecurity, he highlighted the rise of threat groups aligned with geopolitical interests. Lt Gen Pant drew attention to the future possibility of China creating its own internet, which he emphasized as unfavorable news for India.

“The Internet, even today, is run on 13 route servers. China may create its own internet in the years to come, and that is not good news for India.”

He also shed light on the lengthy process undertaken by the United Nations to establish cybersecurity norms and addressed the significant challenge of attribution in cyber attacks.

“About 40% of the attacks in India are coming from the US, although the source of the attack originates 2-3 hops before that. Companies like Google and Amazon will not disclose information on the source of traffic due to data protection requirements. This makes attribution a challenge,” said Pant.

Connectivity and Collaboration for CISOs

As the attack surface continues to expand, Hitesh Mulani, VP & Group CISO at Mahindra & Mahindra, emphasized the significance of connectivity and collaboration for CISOs.

“One of the most important things for CISOs is to stay connected—not just with the vendor community, but with the fraternity in which you work. You’d be surprised to see CISOs from rival companies reach out and share ideas. Cross-pollinate the knowledge of your teams with others,” he said.

To stay ahead of the curve, CISOs should adhere to technical expertise and their roles in stakeholder management and effective communication.

“CISOs must be risk managers and not technical security managers. Today, we’re getting a seat at the board. This is because we were able to influence business decision-making. Lastly, think of the threat landscape five years down the line. Think of the digital transformation, how privacy aspects will evolve, and how data protection mandates can change things,” said Sameer Ratolikar, Sr. EVP and CISO, HDFC Bank.

Controlling Cyber Threats and Risks

CISOs also discussed the need for managing risk by design, integrating risk management with business objectives, and ensuring data security and access control.

Pradeep Kumar Rangi, Chief Risk Officer (CRO) at Airtel Payments Bank, emphasized the importance of integrated risk management by highlighting its ability to provide essential risk and contextual information for each risk management principle. Rangi underlined the need for proactive risk management, emphasizing that risks should be addressed from the very beginning, rather than being treated as an afterthought.

“Integrated risk management provides inherent risk and contextual information for each risk management principle. Risk must be managed by design, not as an afterthought,” he said.

Ashutosh Mishra, Chief Risk Manager at NABARD, emphasized the importance of integration within risk management. Mishra specifically highlighted the need for integration between cybersecurity measures and the broader business objectives. According to him, successful integrated risk management relies on the seamless alignment of cybersecurity practices with the strategic goals of the organization.

“In integrated risk management, integration must happen between cybersecurity and the business objectives,” he said.

Sunilkumar KN, Chief Compliance Officer (CCO) at Federal Bank, brought attention to a significant shift in the landscape of risk management and data management.

“Risk management and data management have shifted from banks to fintech,” he said.

Ved Prakash, Senior Business Development Leader at Thales, emphasized the key benefits of Integrated Risk Management (IRM). Prakash highlighted that IRM facilitates the discovery and classification of sensitive data, enables effective risk mitigation measures, and establishes robust access and control mechanisms. By providing this context, Prakash underlined the comprehensive capabilities of IRM in addressing critical aspects of data protection and risk management.

“IRM helps discover and classify sensitive data, carry out risk mitigation, and define access and control aspects,” he said.

Next-gen Technology Optimization

The cybersecurity leaders also delved into the “Use of AI/ML-based Business Intelligence Solutions to Optimize Business and Cybersecurity Strategies,” focusing on the utilization of AI and ML technologies, aligning them with infrastructure architecture, and monitoring data quality for improved AI models. These strategies contribute to optimizing business operations and enhancing cybersecurity measures.

Pradipta Patro, Head of IT & CISO at KEC International (An RPG Group Company), drew attention to the growing sophistication of attackers’ AI engines and emphasized the significance of configuring AI systems effectively to enhance efficiency. Patro underscored the importance of minimizing the threat surface by providing regular assistance and adhering to basic security hygiene practices.

“Attackers have sophisticated AI engines, so it’s important to configure AI systems effectively to build efficiency. Minimizing the threat surface through regular assistance and basic security hygiene is critical,” he said.

Apurva Dalal, the CIO at Adani Green Energy, emphasized the relevance of aligning AI and ML technologies with the organization’s infrastructure architecture to optimize business operations. According to Dalal, the correct utilization of AI and ML in the past highlighted the significance of aligning these technologies with the existing infrastructure. By doing so, businesses were able to unlock the full potential and reap the benefits of AI and ML, resulting in enhanced operational efficiency.

Sourav Biswas, Senior Director, Product Management at Seqrite, emphasized the criticality of monitoring data quality to improve AI models and highlighted the use of AI/ML-based Business Intelligence (BI) solutions to optimize both business strategies and cybersecurity measures.

Tech Huddle: Unfolded

The ETCISO Decrypt 2023 featured unique “Tech Huddle” sessions, where security leaders engaged in focused discussions tailored to their specific areas of expertise.

The sessions shed light on two critical areas of cybersecurity: API security in banking and fintech and OT security in manufacturing. These sessions focused on the challenges faced in protecting sensitive data and implementing effective risk mitigation strategies.

Kiran Belsekar, CISO at Aegon Life, highlighted the risks associated with new technologies and avenues, particularly the exposure of sensitive or critical data through APIs. Belsekar underscored the need for modernized tools to enhance cybersecurity specifically for APIs.

“New tech and avenues come with their risks, as these APIs reveal sensitive or critical data. Now that in the insurance sector the transactions happen via APIs, the existing firewalls and security tools are not sufficient. We need modernized tools for cyber security APIs,” said Belsekar.

Ambarish Singh, CISO of Godrej & Boyce, shed light on the challenges associated with operational technology (OT) setups, which encompass legacy infrastructure as well as the level of maturity in OT/IT convergence and security.

“OT security is critical because it is the second most targeted sector after BFSI. Ensuring air-gapping and network segmentation is imperative to OT security,” said Singh.

Adapting to the Digitalized Era: Safeguarding Digital Identities

The ETCISO Decrypt 2023 also circled the increasing complexity of safeguarding digital identities as a key discussion point. Industry experts highlighted the need for data lakes and warehousing solutions to protect digital identities effectively.

Mathan Babu Kasilingam, Chief Technology and Security Officer (CTSO) and Data Protection Officer (DPO) at Vodafone Idea, discussed the evolving landscape of customer app choices and the increasing complexity faced by organizations in safeguarding digital identities.

“The choice of choosing apps does not lie with the customer anymore. Customers have to live with 20–30 digital avatars. The complexity for organizations lies in safeguarding their digital identities. Digital identities require data lakes and data warehousing solutions. We’re investing in homegrown technologies around securing user identity,” he said.

The session also featured Nirav Kamdar, Head Risk at Edelweiss Retail Finance, discussing the validation of digital identities and their use in expanding digital lending, and Alyque Sequeira, SVP, Product at TruSense, who emphasized the dominance of mobile traffic and the need for effective authentication measures.

By fostering collaboration, exchanging insights, and embracing innovative strategies, ETCISO Decrypt 2023 served as a catalyst for driving advancements and ensuring a resilient and secure digital future for all.

  • Published On Jun 23, 2023 at 09:28 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCIO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW