Despite having large security measures and budgets, compromises do happen, says Vishak Raman.
This cool button delivers CIO stories to you on Facebook:
On the first day of the CIO Year Ahead 2017, Vishak Raman, senior regional director for FireEye India and SAARC, conducted a session on how cybersecurity is keeping CIOs and CISOs up at night and also threw light on some of the must have cybersecurity solutions.
He started the session by talking about demonetization and the infamous debit card breach.
“As we move to cashless economy, the digital payment companies are witnessing a spike in their transactions, there is a risk element building up silently. Are we prepared for that? Despite having large security measures and budgets, compromises do happen,” said Raman.
How do we prepare ourselves for cyber resilience?
Today network is all over the place and data resides in these networks. He said that there is an urgent requirement to understand that the nature of attacks have changed. “The three four cyber threats which enterprises face are vastly expanded attack surface areas, targeted attacks and CISO’s are finding it difficult to define security ROI to executives,” said Raman.
Apart from the above mentioned threats, another challenge faced by the enterprises is how to manage the alerts and when to prioritize what. Raman said that according to one of the recent surveys done by FireEye, it takes an average of 146 days to notice a hidden cyber intruder in the network, worldwide. However, the figures are worst in the APAC region with 520 days on an average.
“This could certainly have huge implications on your business. The company faces legal implications along with financial and reputational losses. Therefore when you are breached, you need to understand the motive behind and respond quickly,” said Raman.
So, once the breach has happened, how should an enterprise prepare itself?
There is a strategic approach to it which is long term. Enterprises need to examine the risk associated with their company. The other way is to look at it from an operational perspective, where the organizations need to pay attention to the alerts which require priority.
“It is very crucial to rely on partners during the time of an attack and then regain position to investigate further on the breach,” said Raman.
The must do’s after a breach are identifying the attack, checking the scope of compromise from the enterprise level, accessing the data loss, removing the attacker at entry point and re-securing the network to get to the ground level. The response to the threat should be in a proactive hunting mode and not a reactive or defensive mode.
Raman concluded the session by saying that, “FireEye as a service provides proactive hunting mode. We are armed with research, equipped with good amount of cyber threat intelligence and how to investigate the breach and resolve.”
As CIO’s, we should not only make new technology available for our consumers but for our employees too, says Mohit Pande.
Big data, the blue-eyed boy of the enterprise, needs to evolve. It needs to get smarter, leaner, and make more sense. Sumit Datta Chowdhury explains why smart data is the new Holy Grail.
Rudra Murthy, CISO, Digital India at Ministry of Home Affairs, talks about the strategies to prevent, detect and mitigate insider threats of an organization.
Francis Rajan, Executive Vice President, Information & Communication Technology at Premier Airways highlights that today’s customers expect a fully integrated response to new requirements and enterprises should take an omni-channel approach to address them.
Sunil Rawlani, Digital Transformation Strategist highlights how CIOs and leaders are uniquely positioned to drive innovation and therefore they need to have the talent and skills to be forward looking and visionary.