CIO Insider

CIOInsider India Magazine


Rethinking Resilience: Unveiling a CISO's Call to Cyber Resilience

Dr. Yusuf Hashmi, Group CISO, Jubilant Bhartia Group

Dr.Yusuf has been at the forefront of digital defense innovation for over twenty years, leading the charge in coordinating security measures and setting industry standards. His expertise spans a wide array of topics, including AI in Cybersecurity, strategic planning, cyber risk quantification, threat intelligence, and beyond.

In a recent interaction with CIO Insider Magazine, Yusuf shared his views and thoughts on the role of training and simulations in preparing the team for effective incident response as well as the most critical elements of a cyber-resilient organization. Below are the key excerpts of the interaction-

What frameworks or standards are considered when developing incident response capabilities, and how do you ensure compliance?
When discussing incident response, I believe utilizing global frameworks is essential for providing a comprehensive approach to managing security incidents. One such framework that stands out is the NIST framework, which offers a holistic view of incident management. Additionally, the MitreAtt&ck framework provides a detailed insight into the entire lifecycle of an incident, from reconnaissance to impact. To star with these two frameworks, enable teams to tailor specific incident response plans accoridng to the tactics, techniques, and procedures (TTPs) inherent in Mitre-Att&cks, while also addressing broader resilience concerns. Furthermore, compliance with standards such as ISO 22301 is crucial for enabling security teams to effectively manage disaster scenarios resulting from security incidents. By leveraging these frameworks, teams can create targeted playbooks and incident response plans tailored to the specific threats they face. Ultimately, integrating the micro-attack framework into incident response strategies ensures a proactive and adaptable approach to security challenges.

Could you discuss the role of training and simulations in preparing the team for effective incident response?
It is paramount that any response plan devised exhibits efficacy, as the failure of these plans during actual incidents can be detrimental. Therefore, I strongly advocate for conducting tabletop exercises to thoroughly assess and validate response strategies. These exercises should encompass key scenarios such as ransomware attacks, business email compromise, email phishing attempts, DDoS attacks, or SQL injections, among others. By simulating these common use cases, organizations can gain a realistic understanding of the effectiveness of their security incident response plans, allowing them to identify and address any gaps for improvement. Additionally, integrating incident response plans into broader business continuity and disaster recovery strategies is essential for ensuring a cohesive approach to cyber incidents that impact the business. This integration necessitates close alignment between incident response efforts and business continuity measures. Responsibilities, controls, and activities must be clearly defined, with designated roles and responsibilities assigned

across the organization and within business units as well. Establishing a comprehensive framework that delineates these elements ensures a unified approach to cyber incident response and recovery, thereby enhancing overall resilience.

In your opinion, what are the critical elements of a cyber-resilient organization, and how do you address them?
Cyber resilience demands a comprehensive approach that integrates various facets of organizational capability. Fragmented or isolated efforts are insufficient. Establishing a holistic framework for security response is imperative, recognizing that addressing security incidents is just one component of building resilience within the organization. Crucially, this framework must encompass policy development, delineating clear processes from governance to risk management. Without robust risk identification, it becomes challenging to assess the significance of incidents in relation to business impact, hindering effective prioritization of response actions.

Effective collaboration and communication among different teams are paramount during cybersecurity incidents. Such incidents require concerted effort from multiple teams, including security, infrastructure, and business units. Collaboration fosters synergy and enables a cohesive response to incidents, preventing chaotic or fragmented reactions. When incidents occur, teams must swiftly convene, communicate, and collaborate to determine the appropriate course of action. This proactive collaboration ensures a unified response, mitigating the impact of cybersecurity threats on the organization.

With your robust professional experience, what is your message to upcoming CISOs?
For aspiring CISOs, a deep understanding of technology is paramount, as security initiatives hinge on effective technological solutions to mitigate risks. While manual intervention remains necessary, the ability to tailor and deploy technologies appropriately is crucial. Equally important is the human factor; skilled personnel are essential for configuring and operating these technologies effectively. The cybersecurity landscape evolves rapidly. Staying curious, learning continuously, and adapting to emerging threats. Attending conferences, reading research papers, and engaging with the community are some of the core fundamental approaches towards acquiring knowledge. Remember, knowledge is the most potent weapon against cyber adversaries. CISOs must not only understand technology but also grasp the organization’s business goals, processes, and risks.

Without robust risk identification, it becomes challenging to assess the significance of incidents in relation to business impact, hindering effective prioritization of response actions.

Operationalizing technology and personnel requires well-defined processes, underscoring the importance of integrating business, technology, people, and suppliers into the overall strategy. In the realm of cybersecurity, professionals have the opportunity to develop unique skills highly sought after in the market. Aligning security initiatives with business objectives to gain executive support and translating business problems into technological solutions while looking for associated risks remains as a core competency within this domain. As the responsibility for cybersecurity increasingly falls within the purview of CISOs, it's imperative for them to either possess or collaborate closely with seasoned professionals in this field. This underscores the critical need for continuous engagement with business stakeholders, partners, and suppliers to cultivate cybersecurity capabilities within the organization. By aligning technology, people, and processes with business objectives, CISOs can effectively navigate the evolving landscape of cybersecurity and propel their careers forward. CISO’s must develop robust incident response capabilities, test and refine their incident response plan.

Remember, it’s not a matter of if, but when an incident occurs CISO’s must strive for effective risk management rather than chasing perfection. Not all risks can be eliminated. Prioritizing risks based on impact and likelihood, and communicating these risks clearly to stakeholders are some of the key traits of a CISO. Develop strong communication skills. CISOs must convey complex security concepts to both technical and non-technical audiences. Influence decision-makers by articulating the business value of security investments and foster a security-conscious culture throughout the organization. Regularly educate employees about security best practices and their role in safeguarding data. Cybersecurity can be challenging and stressful for CISO’s. Cultivate resilience and adaptability. Learn from failures and setbacks; they are opportunities for growth.

Current Issue
63SATS : Redefining Cyber Security For A Safer World