[BreachExchange] View from India: Build human capital to address cyber threats

[Audrey McNeil]

https://eandt.theiet.org/content/articles/2017/09/view-
from-india-build-human-capital-to-address-cyber-threats/

Malicious attacks on IT systems are becoming more complex and new malware
is constantly being developed. Unfortunately, companies that work with big
data face these issues daily.

It’s for this reason that companies across the Indian IT landscape are
increasingly investing in cyber security services to strengthen their
digital infrastructure and provide data security solutions to their clients.

Another trend points to the fact that companies are investing in human
capital to build a trained data security workforce. Both aspects are in
sync with the Cyber Security Task Force’s Vision 2025 whose aim is to grow
the Indian Cyber Security Products and Services Industry to USD 35 billion.

The Cyber Security Task Force has been initiated by National Association of
Software and Services Companies (NASSCOM) and Data Security Council of
India (DSCI). Considering the 2017 Union Budget has set a mission to
achieve a target of Rs 2,500 crore digital transactions for 2017-18 through
Unique Payment Interface (UPI), Unstructured Supplementary Service Data
(USSD), Aadhar Pay, Immediate Payment Service (IMPS) and debit cards, it
makes sense to make India a cyber-secure hub, essential for the Prime
Minister Narendra Modi’s Digital India Mission.

Of immediate concern to companies using Big Data is the security of
cloud-based systems and the supposition that legitimate cloud file-hosting
services such as Dropbox, Box and Stream Nation are at risk of being used
as control servers in upcoming cyber-espionage campaigns. If targeted,
these popular cloud services could enable the malware to transfer commands
without raising suspicion.

Consequently, advancements in computing technology have made systems
connected and more robust. While this has increased automation and
strengthened synergies to work together, it has also led to crucial
challenges related to cyber and data security.

“Challenges like single level of protection and continuous evolution of
non-relational databases (NoSQL), dated access control encryption and
connections security, combined with the constant hacking threats, are
making it difficult for security solutions to keep up with the demand,”
said Meenu Chandra, Senior Attorney Manager, IP & DCU Lead (India Region),
Microsoft.

Data is the most critical asset for a business entity. The threat to data
emerges from internal (employees) and external cybercriminals including
hackers and ransomware attackers. With the ever increasing threat
landscape, there is a compelling need for businesses to mitigate security
risks through investments in ransomware solutions, identity and access
management, threat intelligence, monitoring tools, audit and assessment,
besides ensure regulatory compliance such as Payment Card Industry Data
Security Standard (PCI DSS) and Health Insurance Portability and
Accountability Act (HIPAA).

Increasingly, cloud is being sought after to address this challenge. That’s
because the cloud service provider takes on a big responsibility as
companies progress from Infrastructure as a Service (IaaS) to Platform as a
Service (PaaS) and then to Software as a Service (SaaS). Hence the adoption
of disruptive technologies, i.e. cloud, not only helps in the digital
transformation of a company but also in their overall data and cyber
security.

Hyderabad-headquartered CtrlS Datacenters Ltd has introduced the Next
Generation Managed Security and Compliance Services to address the security
needs of businesses across industry verticals such as Banking, Financial
Services, and Insurance (BFSI), Manufacturing, Healthcare, Telecom, Retail,
E-Commerce and IT/ITeS. The security services help identify, detect
threats, incidents and respond with a plan and to ensure seamless business
operations.

The CtrlS service portfolio includes remote managed firewall management
with IPS next generation firewall (NGFW), managed APT (Advanced Persistence
Threat), managed PIM (Privilege Identity Manager), vulnerability assessment
as a service, managed FIM (File Integrity Monitoring), managed Compliance
as a Service, Penetration Testing as a Service, managed Web Application
Firewall, managed encryption, managed e-mail security, managed web
security, managed secure DNS, compliance Services focused on PCI-DSS, ISO
27001:2013, HIPPA, Good X Practices (GXP), Risk Assessment/Information
Health Check as Service, SAP Governance Risk & Compliance. The services are
offered on a pay-as-you-use model.

“Our Managed Security Services provide a ‘Security Shield’ for
organizations to protect their data from security threats supported by 40+
security tools and controls backed by a Single service legal agreement
(SLA) from detection to remediation. Their infrastructure is monitored
through our 24X7 Security Operations Center (SOC) manned by skilled and
certified security professionals. This apart, our security offering
provides zero second cyber threat detection and remediation, secures the
whole life cycle of data from creation to consumption to secure destruction
and lastly ensures regulatory, standards compliance for hyper converged
infrastructure,” explained Sridhar Pinnapureddy, Founder and CEO, CtrlS
Datacenter.

To support a comprehensive, cross-company approach to security, Microsoft
invests more than a billion dollars in security research and development
annually.

“Our commitment to cloud is reflected in our heavy investment on 100 data
centers in 19 regions in over 40 countries, including India. Additionally,
the Cyber Security Engagement Center (CSEC) leverages our know-how,
expertise and technology on cyber threat and offer to enable the government
and enterprises to understand existing cyber threats and tap into a pool of
resources such as security specialists and technologies at the company to
effectively respond to digital threats,” highlighted Chandra.

CSEC enables customers to work closely with a dedicated India-based
response team from Microsoft Consultancy Services (MCS), to develop
enterprise security strategies to empower their critical digital
transformation.

However, cyber and data security, backed by trained data personnel, is an
important dimension of digital transformation. Companies are filling the
talent gaps through technology and outsourcing certain security functions,
such as risk assessment and mitigation, network monitoring and access
management and repair of compromised systems.

Apart from this, skill shortage can be addressed by the automation of
certain tasks that are repeatable and the re-skilling of employees is done
for additional complex problems. While automation will never fully replace
human judgment, it does create efficiencies which allow cyber-security
professionals to focus their time and talent on the more advanced threats
that require human intervention.

“India has companies that provide data security as a service, but when we
look at the overall scenario, there is a shortage of data security
professionals in the country,” said Sharath Satish, Lead Consultant and
Office Technology Principal at ThoughtWorks India, a software company.

On its part, ThoughtWorks India has security professionals across India
geared to address security issues. “All our professionals undergo training
through AppSec101 (Application Security 101), a day-long programme that
helps raise the awareness levels of threats and prepares employees to
handle such situations as they gain exposure to specific kind of attacks,”
added Satish. Other than that, employees get a hands-on experience when
security workshops are conducted during the execution of projects for
clients.

With the last six months being a classic example of how important security
is becoming, companies must take heed to confronting challenges head-on in
terms of protecting their IT infrastructure at every level.

“Today the transformation of the data center is inevitable as the
advantages are numerous. Though the opportunities for both end-user
security and data centre infrastructure are growing rapidly, the top two
challenges faced by organisations are the limitations of existing security
frameworks and the process of moving away from a single type of data center
deployment to integrating both private and public cloud services into an
architecture,” explained Sanjay Agarwal - Director of Platforms and
Solutions Group, Hitachi Data Systems (HDS).

At HDS, security is a core tenet of Hitachi Content Platform (HCP) and HCP
Anywhere. Hitachi’s Content Portfolio solution is built to address current
business objectives while enabling their transformational business
strategies.

“Whether the data is in the data center, a private/hybrid/public cloud, on
the edge, or mobile devices, customer data remains controlled and securely
protected by an agile IT system with embedded intelligence capabilities,”
added Agarwal.

Pentaho, the big data analytics solution also provides successful data
integration and business analytics for organizational and business data.
With advanced analytics and machine learning integrations using Pentaho and
Hitachi Streaming Data Platform, the company can help provide real time
threat intelligence, risk-based alerting, and identify abnormal user
behavior, while addressing the need to ensure appropriate access to
resources across increasingly heterogeneous technology environments and
meet increasingly rigorous compliance requirements.

“Sometimes security is not a tech problem, companies get hacked when a
particular employee is compromised. Targeted phishing attacks can happen if
the person clicks on a link that’s come through an email or if the user has
a weak or guessable password. We need to gear up and defend ourselves
during such attacks,” Satish said.

Security is an ongoing concern in organisations as a plethora of devices
including mobiles, tablets, vehicles and social media generate data at an
exponential pace. Communication needs to be secure and safe. This can
happen when a suite of tech solutions analyze data through artificial
intelligence (AI) and machine learning (ML) to safeguard intellectual
property (IP), and track malware and cyber attacks.

Skilled workforce and capacity building initiatives are also fundamental to
strengthen the cyber-security industry in India.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170915/cb79ae79/attachment.html>