With the usage of advance mobile applications or getting anything in lesser time, sometimes unknowingly we fall ourselves in a trap of cyber-attack. With the increasing use of tech like Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT), Cloud Computing, and data analytics across various industries, Cybersecurity has become a necessity and a challenge. While talking with Nitisha from BISinfotech, Bala Prasad Peddigari, Senior Member, IEEE shared his thoughts about cyber-security and also emphasized the importance of upcoming opportunities in the same field.
1. Why has cybersecurity become a major concern nowadays and how this issue can be resolved?
With the onset of the pandemic, majority of the businesses have made the shift to online. With that shift, the use of virtual tools like cloud has evidently escalated. However, while remote working and trends like BYOD and IoT shape the current technology landscape, there arises a huge risk of vulnerability to cyber threats, putting sensitive data in danger. The increased inter-connectivity at all levels, without sufficient and up- to-date security tools, provides an excellent opportunity for cyber criminals to easily break into your network/system. Thus, making it crucial to invest in cybersecurity for businesses and as well as for individuals.
In the current scenario, the issues can be prevented by ensuring rigorous enforcement of the security policy in an organization and its partners by ensuring adequate training and awareness on data protection, implementation of appropriate security software and keeping them updated, data encryption and backing up data regularly. Cybercrimes and data breaches can be avoided by continuous risk assessment, audits and data security testing is a parallel activity that will help organizations proactively identify and plug gaps and secure data.
In case of a data breach, mitigation actions need to begin to contain any further breaches – by taking systems off-line and limiting access, fixing the vulnerability, analyzing the damage for initiating reparative actions, reaching out to the affected parties with clear messages, contacting online sites to scrub off leaked data, initiating an audit and conducting data security tests.
2. Please share the challenges, opportunities in securing the cloud.
The most important challenge today, is the lack of adequate awareness about securing the cloud arising from the weakest link in the chain – the end-users. While various new technologies are being used to ensure security, at the same time, the same tech is also used by cybercriminals, which in a way creates a constant lag between detection of a new type of cybercrime and the counter for the same. It is equally important to raise the awareness of each digital citizen on cybersecure practices.
A drastic expansion of the attack surface is another key challenge for cybersecurity professionals. Government, industry, and society have embraced digital as the key enabler across all facets and domains of activity. As these “digital estate” or critical digital resources are not confined to a physical location, new policies, protocols, and technologies are required to ensure cybersecurity. Hence, traditional perimeter and end-point security mechanisms are not sufficient in the “new normal”. The onus on cybersecurity professionals is to protect assets that are connected to a multitude of devices – human-operated or sensors.
With the Internet of Things (IoT) morphing into the Internet of Everything, more than 25 billion devices are estimated to be connected in 2020 (reference – statista.com). Sensors and devices, apps, the internet, and cloud computing are the main building blocks of this digital age. Each block presents a point of weakness. While the cloud and internet are core infrastructure prone to DDoS attacks, there is a greater focus on cybersecurity by service providers due to mission criticality.
The new challenges throw up many opportunities in cybersecurity. It is a mainstream requirement of any organization, and hence the need for cybersecurity professionals is expected to grow. I expect a rise in the requirements for security process automation tools for certain cybersecurity practices, thus partially easing the skills-gap.
3. Share your views about digital transformation and increased cybersecurity concerns.
Digital technologies convergence has transformed customer experience and opened many vulnerabilities for industries to look at and face. Industries which were early to ride the digital wave are Banking, Financial Services, Insurance and Healthcare sectors – they primarily wanted to increase the reach of their services to customer segment, improve their processing capabilities and offer secured services to enable trust and confidence of the customer. Today, we see organizations of every shape and size significantly invest in cybersecurity, keeping time as a major essence.
As the organizations are working in a remote manner owing to the current pandemic, some of the key factors influencing the cyber risk landscape are:
- Elimination of Perimeter: Riding on the cloud wave, organization are bridging the gap between cloud and on-premise world
- Artificial Intelligence: This is leveraged by network defenders and attackers to identify the loopholes to protect and identify loopholes to penetrate
- Multitude of Technologies: Convergence of digital forces and accelerators such as Robotics, 3D microchips, Artificial Intelligence, Analytics, Mobile has opened cybersecurity challenges more than ever now
- Modern Workplace: Enabling the remote workforce and employing the gig workers are pushing organizations to manage the IT security model with continuous monitoring
- Lack of Security Awareness: Employees are the weakest link in the entire organization. Hence, their awareness can open the tollgates for attackers
- Reactive Methods: Organization employing any reactive defense posture to analyze the threats after it happens will create opportunities for cyber criminals to take advantage of known vulnerabilities
4. What is the status of cloud adoption in Indian industries?
The novel pandemic has undoubtedly accelerated the adoption of cloud services across sectors. As per IDC, India’s public cloud services market will grow to $7.4 billion by 2024. BFSI and Healthcare industries have adopted cloud in multiple methods while ensuring that the privacy of customer and patient data is maintained following hybrid cloud models, multi-cloud models, poly-cloud models. They have transformed the overall culture in driving proactive education on cybersecurity and institutionalizing the security standards by setting up Security Operations Center (SOC) for continuous monitoring and management. These two sectors had a faster adoption roadmap to meet the needs of millennials and generation Z workers, where many of the business capabilities were converged to provide the services.
As the technology transformation had increased the service adoption, it also triggered security concerns. According to a recent report, 93% of Indian entities fall prey to public cloud security breaches. Some of the key challenges are as follows:
- Manage the privacy and security concerns triggered while delivering services through cloud – There is a heavy reliance in securing customer personal identification data and there is also a greater emphasis required to protect the password, OTP, and other multi-factor authentication methods such as Face ID and Fingerprints
- Threats resulted because of operational challenges – Today, BFSI and healthcare sectors use a hybrid cloud model to drive their operations but to access the information, they use the channels of OTP, fingerprints, and Face ID. These are increasingly facing threats in the form of phishing and hacking methods
- Integrations with Upstream and Downstream Systems are exposing to threats – Banks, Insurance, and healthcare operate their functions with many upstream and downstream systems which need integration in the form of data-based, message-based, and API-based. All these channels are extremely vulnerable because they get continuous attacks in the form of Denial-of-Service attacks, SQL-injection attacks, man-in-the-middle attacks
According to a recent IDC, more than 60% of the Indian organizations plan to leverage cloud platforms for digital innovation, as the firms re-strategize their IT spending plans because of Covid-19. Indian enterprises of all sizes fast-tracked their decisions to shun the legacy infrastructure and move their operations — in piecemeal or in full — to artificial intelligence (AI) and machine learning (ML)-powered Cloud.
5. What are the top IT trends for cloud and security in 2021?
2021 is going to set a new benchmark in the Indian IT sector. To counter some of the evolving cyber-risks associated with deep fakes, synthetic IDs, ransomware, quantum arms race, 5G hardware and firmware behaviors. Cloud Jacking is countered by investing in the following cybersecurity trends: data security, infrastructure security, container/microservices security, access management & vulnerability assessment and compliance certifications. Some of the key emerging trends include:
- Secured access and end-to-end encryption getting employed to avoid data leaks
- Creating depth of defense cloud security strategy ensuring attacks will be reduced
- PrivSecDevOps getting adopted as part of application development, integration, and delivery pipeline
- Adoption of cloud security shared responsibility between customers and cloud platform vendors with continuous awareness and responsibilities to secure IT Infrastructure and application codebase
- Adoption of AI-driven security assessments by continuously monitoring the endpoints and workloads, and enabling informed decision making to mitigate the security threats.
6. How was the response of cloud adoption during COVID 19 pandemic?
According to a forecast by Gartner, spending on public cloud services in India is expected to grow 29.4% to $4.1 billion in 2021 from $3.1 billion in 2020. Prior to the pandemic, India was at an early stage of cloud adoption when compared to more developed countries. The pandemic and nation-wide lockdown accelerated the adoption rate as enterprises had to move critical business applications to cloud so employees could work remotely.
Two industries that have enabled large-scale cloud adoption are BFSI and Healthcare industries that have adopted cloud in multiple methods, while ensuring the security and privacy of customer and patient data on the following models – hybrid cloud, multi-cloud, and poly-cloud.