CIO Insider

CIOInsider India Magazine

Separator

The Importance Of Cybersecurity In A Digital ERA

Separator
Mukesh Sachdev, Senior Vice President, Information Technology, HDFC ERGO General Insurance,,

With a wide network of 122 branches spread across 106 cities, HDFC ERGO offers complete range of general insurance products ranging from Motor, Health, Travel, Home and Personal Accident in the retail space and customized products like Property, Marine and Liability Insurance in the corporate space.

On the back of growing digitization and Internet penetration, India has been making its mark as one of the epicenters of the digital economy. As per the Department of Economic Affairs, the Indian digital economy is expected to touch the USD 1 trillion mark by 2022. As of today, a total of 462 million active Internet users are consuming informative, financial and entertaining content on their phones. These staggering numbers have also led to a corresponding upsurge in cybercrimes in the country.

A large-sized organization in India experiences an average of USD 10.3 million of economic loss from cyberattacks; while a mid-sized organization suffers an average of USD 11,000, these losses are on an annual basis, revealed a recent report by Frost & Sullivan commissioned by Microsoft. The study further revealed that more than three in five organizations (62 percent) surveyed in India have either experienced a cybersecurity incident (30 percent) or are not sure if they had one as they have not performed proper forensics or data breach assessment (32 percent).

Today, technology advancement is paced highest, to provide convenience - for example, by bringing Bots who listen, respond and perform various tasks and also learning by themselves by Artificial Intelligence & Machine Learning. We are so much surrounded by devices and automated bots; a slightest of this miss can cause huge data, reputation losses and can fall prey in the hands of hacker(s). For example, in the year 2017, WannaCry, a ransomware worm took control over computer networks across the globe, an estimated 200,000 computers were affected across 150 countries. It encrypted files on a hard drive, so people were not able to access their files. The best and the most technologically advanced industries have faced cyberattacks. For example, Blockchains are deemed immutable, something that cannot be modified as it runs on a set of nodes, it may get compromised if the nodes come together and decide to manipulate as it only requires 51 percent nodes to attack a chain. In short, Blockchains may not be safe too.

The cyber threats and breaches are ever changing and evolving. A large number of corporate houses

may face liability exposure posed by these threats and breaches. Most corporates are in charge of large amounts of data – this makes them prone to cyber threats. Such incidents may lead to a company losing the reputation and credibility, which may also lead to bring down the company.

Welcome to the world of Cyber Security!!
Considering, the increasing prominence of Legal, reputational and financial risk for the companies, cyber-security as understood or delegated as “an IT Issue” in the past, is no longer an IT issue. It has found a prominent place in the Board as one of the crucial aspects to be focused and reviewed by Board of Directors, Chairman, and CEOs.

The culture will have to be inculcated to a level where cyber security becomes everyone’s responsibility


Cyber-security simply means protecting everything that is digitally connected with the outside world (outside of an organization) from cyber-attacks, but easier said than done. The complete protection focuses on three aspects, People, Process and Technology, which can be further categorized as Application Security, Information Security, Network Security, Operational Security, Disaster Recover / Business Continuity Planning, End User Education, complete Incident Management and Cyber Protection (Insurance). Addressing each of the above areas (including Insurance) requires a significant investment. It is essential that investment gets sponsorship from the top without compromising on any of the aspects.

There are frameworks available like BS7799, ISO 27001, ISO 22301 and OWSAP etc. to protect each of the areas highlighted above from various cyber threats / attacks. There are various solutions/tools/ mechanisms available that can be implemented which can help organizations to make the defense system stronger technologically; e.g., Applications to be certified through detailed VAPTs (SAST & DAST), Networks & End Points to be made secure through Next Generation Firewall (NGFW), ATP Solution, IPS solution, SOC Monitoring, Event Analyzer, Multi DMZ, AntiSpam and DDoS etc. Additionally, vulnerability assessment reports suggest that significant percent ( approx 20 percent) of all network vulnerabilities are primarily related to patches / upgrades / fixes available / released but not applied in the organization systems/ software which gets exploited by hackers. Hence, it becomes absolutely necessary to have a strong Patch Management Practice – to ensure that all the available patches are applied appropriately as quickly as possible.

It’s a fight between Defenders vs. Hackers - All of the above can help organizations to protect themselves only to a certain level. The most important aspect or vulnerable piece in the entire value chain is 3Ps – People, People & People.

A report published by Tower Watson indicates that 66 percent of data breaches happen due to employee negligence and similarly there are various reports highlighting that biggest cyber security risk to business is employee negligence. It is imperative that if an organization is able to manage the people aspect, they will be able to mange 60+% of cyber risks. The question arises, how does an organization manage that piece and the only solution that comes into the mind is Cyber-Culture. The organizations will have to build a culture where every aspect of an organization becomes cyber conscious. The culture will have to be inculcated to a level where Cyber Security becomes everyone’s (From CEO to Security Guard) responsibility within the organization. Every employee from top to bottom should think, eat, drink and breathe cyber security. The push will be required from the top in the hierarchy.

Digital Era provides all the convenience to the consumers but comes with a cost of cyber threats and attacks. The efforts are being taken in all the areas by various stakeholders – the race is on between Good vs. Bad. However, the battle can only be won with Peoples’ strong focus, consciousness, vigilance and safeguarding against these threats and attacks. As someone wisely said – “They want what you have got. Don’t give it to them” and one should always remember that an ounce of prevention is worth a pound of cure.

Current Issue
Doing Business The Intelligent Way