With companies forced to adopt ‘Work From Home’ model as well as the growing popularity of cloud based environment, the threat of cyber attacks currently is more profound than ever before, says Jaydeep Ruparelia, Director – Security Strategy, Infopercept. He adds that merely meeting regulatory compliances or industry standards is not enough with cyber attackers innovating on a daily basis.
Jaydeep is a tech driven entrepreneur with over two decades of experience in cybersecurity with extensive experience in the areas of business process automation, digital transformation, security engagement and leadership. He is well-known for utilizing his pervasive security experience and deep insights into envisioning and formulating successful cybersecurity strategies for leading companies across the world including the Middle East.
He will be speaking in the webinar on the subject ‘Cyber Security Strategies for New Age Digital Warfare’ on 11 August from 11.00am GST onwards. Click here to register, https://urlpro.in/Webinar-CyberSecurity
In a conversation with Businessliveme.com, he talks about the latest trends in cybersecurity, related challenges and how companies could overcome them. Excerpts of the chat:
What are the key trends in the current global cybersecurity market?
The adoption of technology is rapidly increasing across businesses. The mechanical parts of businesses, cloud, mobile, third party alliances, are all running on technology. In the process, the complexity of systems is increasing. Cyber-attacks are happening across the landscape, and companies globally are struggling with the cybersecurity. To take Oman for example, billions of malicious attempts were made against its cyber space in 2019 as reported by the Sultanate’s Ministry of Technology & Communications.
New kinds of advance attacks are coming up on a constant basis which companies have not faced earlier, and are also not fully ready to deal with. The situation is very similar to the Covid-19 pandemic. The only difference is that Covid-19 is in the physical world and the cyber pandemic is in the virtual world. Both are unknown and complex. Advanced attacks are happening even on technology companies like Twitter. A new way of fighting this battle is needed.
What is your opinion about the cyber defence landscape in the Middle East? Do you think the compliance standards are in sync with the fast changing environment?
When it comes to cyber defence framework design, it is definitely the best in the Middle East. Saudi Arabia, Kuwait, Oman, Qatar and UAE have invested significant resources in building frameworks and have incorporated learnings from various international standards. However, the major gap and this is something true for across the globe, is the implementation of all controls mentioned in the framework. There is a high adoption of controls for compliance with regulations but optimization of the controls that needs to be implemented is missing. As in a war, where one needs not just weapons and the people to use them, but also the know-how regarding how to use them, there needs to be a dedicated optimization strategy, and this is where we see a good opportunity.
Staying on top of cybersecurity trends and threats is an absolute necessity. Do you think the government bodies and private sector companies are doing a good job on this front in the Middle East region?
Cybersecurity threats are a huge challenge across the globe, not just in the Middle East, and staying on top is an absolute necessity. The dynamics of business, the complexities, and the changes to face these new battles, are becoming difficult across the globe. It is critical for all businesses and governments to have the right implementation and the right battle strategy. However, cybersecurity challenges are changing fast. The cyber defence requires skilled and experienced people in multiple disciplines for effectively tackling the challenges, but because of this skills gap we are seeing gaps in cybersecurity globally.
Not a day passes without the news of a major cyber-attack. What are the common mistakes done by CISOs in large enterprises?
In a war, the commander alone does not face the enemy. Similarly, cybersecurity is not the responsibility of the CISO alone. There has to be a culture where every member of the organization is responsible for cyber warfare, and where, like in an army, everyone has a fixed role to play. We are seeing major cyber-attacks because we see a gap in terms of companies not adopting the right strategy, not doing the regular and continuous optimization, and people still depending on the CISO when the need of the hour is for everybody to fight the war together.
What are the key challenges related to cyber security for the industry especially in sectors including BFSI (banking, finance & insurance), oil & gas, power & water, logistics, tourism and healthcare?
Over the last decade, be it banking and insurance, or oil & gas, or power, all businesses have undergone a digital transformation. They are now significantly dependent on technology. As a result, the landscape has grown very fast. However, digital security initiatives have not been commensurate with the transformation. There are lots of security gaps across industries which are actually creating a challenge. There is a popular saying – for every lock, there is someone out there trying to pick it or break-in. The attackers are eyeing the single mistake or any hidden vulnerability, and if they succeed, the entire business is at stake. This is a huge challenge for all businesses, and the need is to ensure enough safeguards are put in place.
Do you think just ‘meeting industry security standards’ is a roadblock hindering enterprise risk efforts? The CEOs and CFOs will invest to just meet the regulatory norms whereas with cyber criminals innovating every day, the real protection need is to go beyond the standards. What do you think?
Somehow, most of the security standards businesses adopt are need-driven – in many cases just to comply with regulations and standards. However, this is not enough, and will not work. For effective cybersecurity, the need is to keep pace with the times. The most important thing is that the adoption should be driven by wish and not need, where the effort is to go beyond compliances and to have a robust system in place. We must remember that cyber attackers are innovating every day and coming out with new ways to launch attacks. The time is to have the right cyber strategy for fighting them. If you are not doing this, there is a high chance that while you may be complying with regulations, attackers will damage your reputation by bringing your systems down.
Can you share some insights on the surge in cyber threats in recent times especially with growing popularity of ‘work from home’ culture due to Covid-19 related challenges and cloud-based applications? What steps could be undertaken to mitigate these threats?
Until recently, the endpoints were considered the last point of attack. The systems were protected behind layers of cybersecurity solutions, but because of the sudden manner in which ‘Work From Home’ scenario has been forced upon us, we are seeing the largest of the banks, the biggest enterprises, and even large tech companies being impacted by cyber attacks. The endpoints have become the first target of the attack because businesses are not ready with holistic endpoint cybersecurity, and are not in a position to face advance attacks.
Secondly, there is the usage of cloud applications. Businesses went digital to continue their operations and started using cloud. There is a perception that when you are on cloud you are secure but this is not entirely true. While there is no doubt that the platform is secure, the cloud-based applications businesses are building and using is their responsibility. Again we are seeing a lot of gaps in cloud applications and attacks happening on them as the cyber adversaries try to take advantage of the gaps.
Tell us about Infopercept’s cybersecurity solutions and accreditation services.
Infopercept has four centres of excellence, which are dedicated to fighting cybersecurity battles. They are the Technology Optimization Centre (TOC), SOC (Security Optimization Centre), COC (Compliance Optimization Centre), and AOC (Automation Onboarding Centre).
The TOC helps customers and users to have continuous security and security, and to come up with the right optimization strategy, while SOC undertakes 24×7 monitoring and threat hunting. The COC helps clients integrate compliances to the extent possible, whereas AOC allows us to build custom cybersecurity bots using Robotic Process Automation. We have the Red, Blue, Green and Purple teams, each comprising individuals with multi-disciplinary skillset. This allows us to come up with the right strategy and the right skill to be an ally to the clients in digital warfare.
Can you share details on the work done by Infopercept in the Middle East region so far?
We have been in the Middle East for five years. So far, we have had good success stories in Saudi Arabia and Kuwait. We have a very good presence there with a lot of clients across banking, energy and healthcare sectors. We also have clients in Qatar and UAE. We are now looking forward to enter Oman with our partner UMS, part of Muscat Overseas Group, to provide our cyber security solutions to the discerning clients.
In the webinar ‘Cyber Security Strategies for New Age Digital Warfare’ taking place on 11 August, what are going to be the focus areas of your talk and the key takeaways for the audience?
We are going to talk about the various battle strategies that companies need to adopt to be safe. We have perfected these strategies over the past decade-and-a-half. We will also be talking about what all we have to offer and the value we can add. The key takeaways for the audience will be to have the right strategy to fight the advance attacks happening globally, how the digital war can be won, the changes needed to win this fight, the revision of existing strategies, and so on. The CISOs, CIOs and senior-to-mid level information security professionals across sectors especially banking & finance and oil & energy are showing a great interest in attending the webinar to acquire more knowledge on winning the new age digital warfare to protect the interest of their respective companies.
For more details and registration for the Webinar ‘Cyber Security Strategies for New Age Digital Warfare’, click here https://urlpro.in/Webinar-CyberSecurity