Share to lead the transformation

In Focus

Jaspreet Singh

Partner, Cybersecurity, EY 

It’s about leading the cybersecurity organization in the new normal.

The Covid-19 pandemic has ushered in a series of unprecedented shifts in global and Indian economic conditions amidst extensive industry disruptions. Over the last ten months, there has been a significant remolding of how services and products are delivered and consumed. Remote working has become a reality and, in some ways, ‘the new normal,’ while online models have primarily driven consumption of goods and services. These drastic and sudden modifications in business environments have significantly impacted the ICT  and cybersecurity priorities and investments across organizations.

Almost all enterprises have responded to this precarious situation by empowering their employees and engaging customers through remote working interventions, policies, and tools. Without a doubt, this response has been brisk and useful to an extent and has brought to light chinks in many an organization’s armors in the realm of cybersecurity.

Coupled with an insurmountable surge in the volume and sophistication of cyberattacks in the last two quarters, India’s CISO community had to move ahead with a steely resolve to address these challenges. (See: How COVID-19 has changed cybersecurity focus for 2021)

Jaspreet Singh, Partner–Cybersecurity at EY, outlines the top challenges faced by the CISOs in India in the wake of the Covid-19 pandemic. He also shares best practices that organizations could embrace to steer them through the complex maze of cybersecurity issues and help them firm up their cybersecurity posture.

Essential, and yet troublesome—thy name is remote working.

Covid-19 is creating a global ‘work from home’ culture, as organizations see employees working from home as a feasible long-term option if regulatory issues can be addressed.

However, cybercriminals are using it as a massive opportunity as people are often connected to the corporate network through their home Wi-Fi connections, which are not secure due to weak router configurations or multiple poorly protected IoT devices connected to the same network (among other things).

Cybercriminals are also using this time of great fear to target people with phishing attacks using coronavirus themes. Cybercriminals are also leveraging and targeting video communication platforms for hijacking teleconferences, and we have also found maze ransomware targeting managed IT, service providers, on a global scale.

Adapting to the new normal is the biggest challenge for the CISO.

Today’s enterprises need to secure access to their organizational resources, regardless of the user or application environment. This means that the biggest challenge is about adapting to the modern distributed workplace and embracing a mobile workforce while protecting people, devices, and data, irrespective of their locations. (See: Here’s how the new Cyber Security Policy could reshape CISO roles)

Addressing the remote working conundrum—in search of a feasible and effective intervention

It is highly critical for organizations to review their cybersecurity strategies given the global pandemic and follow their renewed realization of IT dependence. IT teams are organizational warriors who have worked day and night and played a crucial role in helping most organizations adapt to the work-from-home culture.

The initial focus of all organizations has been on enabling work from home in the fastest possible time, due to which security was not kept on priority. This resulted in a major risk.

Cybersecurity also needs to align itself to see through risks to the organization—its people, processes, and technologies. The organization would have to align its cybersecurity strategy to changing IT strategies and investments.

Post the pandemic, the cybersecurity organization is slated to undergo a drastic transformation.

The cybersecurity industry will see a sharp increase in the demand for adapting to technological solutions for remote working and security solutions to reduce risks to the IT infrastructure.

The cybersecurity skills shortage will also worsen as these skills would be necessary to protect the IT infrastructure and address the likely increase in cybersecurity compliance.

Never trust, always verify—‘zero trust’ as a critical component of the cybersecurity system for Indian organizations. 

Zero trust teaches to “never trust, always verify.” It has a significant role in how people access organizational resources, regardless of where the request originates from or what resources one accesses.

Jaspreet Singh, PartnerCybersecurity, EY

With 17 years of rich industry experience, Jaspreet owns the P&L of Cybersecurity for North India at EY. He advises organizations across telecom, tech, media, and entertainment sectors, and has been instrumental in helping them become cyber-ready businesses of the future.

Over the years, his advisory and evaluation skills have helped many businesses progress through the cybersecurity value chain.

He also shares the additional responsibility of developing the cybersecurity practice in Bangladesh and the Middle East for EY.

Expertise

  • Data privacy
  • IT security and governance
  • IT strategy
  • IT program management
  • IT attestation services
  • Datacenter security
  • Network security
  • Risk assessment and management
  • Business continuity planning and crisis management
  • Ethical hacking

Honors and awards

  • Chairman Value Award, 2014
  • Consultant of the year, Cybersecurity, 2017

It is not about users being un-trustworthy; instead, it is about firmly authenticating, authorizing, and inspecting all traffic flows always to ensure that malware and attacks don’t sneak in accidentally or maliciously.

Many organizations are knowingly or unknowingly following, in principle, the ‘zero trust architecture.’ However, moving to a complete ‘zero trust’ architecture will take time. Organizations need to mature to a level starting with strong authentication in general.

It will be essential to consider each investment carefully and align it with current business needs. Fortunately, each step forward will make a difference in reducing the cybersecurity risk and returning trust in the entirety of your IT Infrastructure.

Aim to build resilience across the value chain.

You must be prepared to deal with the attack. You have to be able to investigate the incident quickly, make smart decisions, and take actions immediately.” Effective resilience programs look not only at the infrastructure within the four walls of the organization but also look to consider the impacts of customers, vendors, partners, and other participants across the value chain.

*The article was originally published as part of a Better World–Microfocus Coffee Table Book initiative titled Accelerating Enterprise Innovations. You can read the e-Book by clicking here.

MORE FROM BETTER WORLD

Narendra Agarwal joins Dabur as Global CIO

Narendra Agarwal joins Dabur as Global CIO

Narendra Agarwal CIO

Narendra Agarwal, Global CIO, Dabur.

Narendra Agarwal has joined Dabur India as its new Global CIO. Agarwal moves from Hindustan Unilever Limited (HUL), where he donned multiple IT and automation leadership roles during the nine-year tenure. He was responsible for digitizing Dabur’s newly acquired Nutrition (GSK) business.

“We are delighted to welcome Narendra Agrawal as the Global CIO of Dabur India Ltd. Narendra is an MBA professional with 13 years of industry experience in technology transformation and leadership. Narendra comes with vast exposure in successfully leading large-scale global transformation projects in ERP, Logistics Operations, financial forecasting, and S&OP,” Dabur said in a statement released through its official Twitter account.

Among his HUL accomplishments, Agarwal led E2E IT integration for Unilever’s biggest merger and the first-ever remote merger in the industry. He led the technology stabilization and automated platform management for the logistics technology solution, driving continuous improvements in the DevOps model for business.

Overall, Narendra Agarwal has led several large-scale business and technology transformation programs with Dabur, Amdocs, and Capgemini as a CIO or IT leader.

An alumnus of IIM Indore, Agarwal has a keen interest in strategizing and rapidly executing technology capabilities for specific business capabilities that help build business models to get closer to users and help enterprises gain a competitive edge. Narendra has also done a Bachelor’s in Engineering from Mumbai University. 

About Dabur India

Dabur India Ltd is one of India’s top FMCG Companies with revenues of over Rs 7,680 Crore and a market capitalization of over Rs 88,500 Crore. Riding on consumer discretionary spending revival, Dabur India reported its highest-ever quarterly revenue and profits in December 2020.

Dabur also plans to set up a new subsidiary to manufacture, sell, and export its consumer care products. The company was founded in 1884 by SK. Burman and headquartered in Ghaziabad, Uttar Pradesh.

AI tools can drive big efficiencies in oil and gas

AI tools can drive big efficiencies in oil and gas

The role of artificial intelligence (AI) is evolving, especially in industrial organizations such as oil and gas, where data acts as a critical enabler to provide a competitive advantage. Industrial organizations operating in the fields of mining, oil, and gas; and marine, are going through a radical transformation and seeking innovative ways to optimize performance with minimized risk.

The volatile and ever-competitive nature of the industrial companies demands them to identify new and innovative sustainable models to stay profitable, grow and unlock efficiencies. The situation has become more challenging in the wake of the coronavirus pandemic. According to a Capgemini research, over 50% of the European manufacturers, 30% in Japan, 28% in the USA, and 25% in South Korea implement AI solutions.

Enterprises operating in Oil and Gas, Marine, and Oil use traditional machinery which may not be easily replaceable because of the huge costs associated with it. Hence, they need advanced technologies to optimize their operations. They are the ones where data could act as a critical enabler to provide them a competitive advantage if managed with the right combination and tools. (See: How will AI impact enterprise ecosystems in 2021?)

Intelligent machines, optimized production

An estimate from the Robotic Industry Association says the cost of one minute of production-line downtime for a company like General Motors could be around $20,000. That’s enormous!

AI for industrial organizations has become essential for driving operational efficiencies of their assets and processes. With AI and ML advancements, industrial enterprises can make their machines smarter, predict maintenance schedules, minimize downtime and let the devices identify problems sooner, and even rectify them automatically in some instances.

Industrial organizations have an enormous amount of data from their different manufacturing processes. However, the lack of talent and necessary tools prevent them from leveraging the same for deriving meaningful insights.

By monitoring and analyzing data carefully, industrial organizations can anticipate the gaps in the output and receive automated warnings to stop the machine when there is an issue. This helps save cost and time, assisting companies to better their efficiencies. For instance, by leveraging AI-based predictive tools in oil and gas, companies can identify the machine and pipeline deterioration signs and raise alarms to pipeline operators. The use of voice-enabled AI chatbots can also help in oil and gas and mining areas, whereby operators can engage in meaningful automated conversations around the processes, focusing solely on production-related activities.

The supply chain is another crucial process gaining substantial benefits from the AI and ML-driven applications, ensuring industrial companies create equipment buffers as per the real-time market demand. Besides, AI capabilities are also being used extensively for manufacturing and industrial companies to reduce energy consumption, minimize assembly lead times, and increase asset utilization.

Key challenges

The challenge, however, for the industrial organization is a widening gap in the knowledge and competencies of various enterprises’ internal IT departments. The shortage of internal talent to deploy and scale AI in production and integrate with existing standardized solutions.

The successful predictive maintenance strategy is heavily dependent upon the data to integrate necessary engineering in the machinery. Data can not bring efficient results in case they are working in seclusion.

The industry needs strong foundations and collaboration models to create new enterprise-specific applications to analyze data and automate critical processes. Another major challenge that many enterprises need to deal with is managing the people and cultural change. It becomes necessary for organizations implementing AI solutions to conduct essential workshops and focus group discussions on understanding the pain points and queries of their employees.

As we move forward in 2021, AI for industrial organizations will see greater demand as they focus on reducing time to impact and balance their supply chains according to the real-time demand. The industry is likely to witness a steep rise of several integrated solutions from emerging solutions providers and specialized companies to help Industrial companies drive further innovations.

Star-Disney India ropes in Tirthankar Dutta as CISO

Star-Disney India ropes in Tirthankar Dutta as CISO

Tirthankar Dutta, CISO, Star-Disney India

Tirthankar Dutta, CISO, Star-Disney.

Tirthankar Dutta has joined as the Vice President (VP) and CISO of Indian media conglomerate Star-Disney India, a Walt Disney subsidiary in India.

In his new role at Star-Disney, Dutta will spearhead the company’s security transformation initiatives and provide the necessary direction and guidance to the CTO/CFO and key Disney-Star business leadership members.

Besides, Tirthankar Dutta will also manage information security governance processes, chair the information security advisory committee, and lead information security programs and project priorities at Star-Disney. He will be internally assessing and providing necessary recommendations around security controls to the Disney leadership in India. Dutta’s responsibility also includes establishing an inclusive and comprehensive security program for Disney and developing essential support for internal information systems and technology research capability.

As an IT professional with over 14 years of experience, Dutta has led several IT and IT security projects in top financial services, travel shopping, and IT services companies such as Religare, Expedia, HCL, TCS, and IBM.

Dutta has established and implemented large information security programs, including deploying a patent-pending fraud detection solution that protected thousands of clients from phishing attacks. He has been credited with performing evaluation and selection of IT security tools and successfully implemented IT security systems to protect availability, integrity, and confidentiality of critical business information and information systems.

Before moving to Star-Disney, Dutta was the Sr VP and Head of Information Security at Infoedge India, a pure-play internet classified company. At Infoedge, he led the information security program and built cohesive security and compliance programs to address state and Country statutory and regulatory requirements effectively.

About Star India

Owned by the Walt Disney Company, Star-Disney India is an Indian media conglomerate with its headquarters in Maharashtra. The media company offers content in eight languages through its 60 channels. Its network reaches approximately 790 million viewers a month across India and globally.

For other recent C-Track movements, click here.

Five key steps to a successful RPA implementation

Five key steps to a successful RPA implementation

The Robotic Process Automation (RPA) adoption in India has picked up pace as enterprises focus on developing automated intelligent process automation bots to support their users and employees round the clock. (See: RPA-led tools helping enterprises sail safely through a storm). Despite the benefits RPA offers, many companies struggle to maximize the value of their RPA implementations. Let’s delve deeper into some of the critical steps to a successful RPA implementation for enterprises.

These steps can also ensure there is no gap between reality and expectations from an RPA initiative.

#1. Define your objectives 

RPA is a game-changing digital transformation initiative, automating several traditional mainframe applications by leveraging AI/ML-based software robots. At the backdrop of the pandemic triggered economic slowdown, businesses are increasingly exploring intelligent automation and RPA for refining quality while controlling costs.

According to McKinsey, RPA can deliver up to 200% ROI in the first year of deployment and 20-25% cost savings. Additionally, it also enables organizations to enhance compliance, become risk-averse and strengthen the customer experience. The mundane and time taking processes turn fast, and users get an opportunity to switch to higher-value work.

However, like every strategic technology investment, RPA investments need to be evaluated based on their potential utility to a particular enterprise or a process.

There is no one size fit all solution! As a first RPA implementation step, the process you select for RPA should be carefully mapped against your end-goals. Before you assign the process execution from your employees to bots, you need to set clear goals around what you want to accomplish from a specific RPA implementation and the financial aspects of the deployment.

#2. Select your processes intelligently

An overarching strategy for process selection and implementation should be in place before you move to RPA. The most critical goal that drives RPA adoption is achieving enterprise efficiency for highly repetitive tasks. RPA tools imitate a human being’s actions by following a rule-based structured approach to accomplishing specific routine tasks, helping employees retrieve a significant proportion of their time.

Hence, as a key step for a successful RPA implementation, the process you select for RPA should be mature, predictable, and stable, high-volume, involve a considerable amount of repetitive human efforts, based on pre-defined data patterns, and evaluated on measurable savings. For instance, data validation, extracting data from PDFs, and employment history verification.

#3. Build an execution team

It is paramount for any automated process that a group of team members is assigned to keep a closer look at all the change-related developments and flag any inconsistencies. This team is often called as Center of Excellence (CoE) team for RPA projects.

Enterprises that do not have the right capabilities and resources or deploy the RPA model for the first time can also support specialized external consultants to facilitate RPA implementations effectively.

#4. Develop a robust change management plan

The success of any RPA initiative is dependent mainly upon how internal employees perceive the change.  Similar to any other digital transformation initiative, RPA is also bound to cause apprehension among impacted employees.

While some team members may follow a cautious approach for any recent change, others may like to debate the relevance of change. Moreover, there could be a fear of job losses, change of roles, the transition to a new team, anxiety around lack of training to supervise any new tool, and more.

A robust change management plan includes addressing these fears and anxieties, upskilling and reskilling impacted teams, setting up a robust governance framework, providing the necessary knowledge to groups about the positive impact that RPA will bring for the business. The technology heads and project leads should encourage people to ask relevant questions and engage them through focus group discussions or one-on-one interactions to understand the objectives behind the RPA implementations.

#5. Make sure to conduct the pilots

Any automation process is a long-term journey and needs sustained efforts for success. Do not expect to gain immediate benefits by deploying software robots. It’s a continuous process and needs several pilots before you ultimately obliterate any process-related obstacles or iron out flaws for a smooth run. It is advisable to have a multiple-phase rollout if the process spans several business operations geographies and impacts people from across teams.

Planning for pilots is one of the essential steps to any successful RPA implementation. Pilot implementations of RPA provide an excellent operating overview of the control frameworks, governance structure, and training to ensure that objectives align with expectations; remove reserves, if any;  and get buy-in from key stakeholders.

The growing web of digital payment frauds

The growing web of digital payment frauds

The rapid maturing of digital technologies and contactless payments have made lives of businesses and consumers easier. During the pandemic-stricken, confined ecosystem, enterprises quickly moved to digital and incorporated new digital payment and supply chain models. Consumers were also quick to shift to new behavior patterns and replaced in-store shopping with online shopping. Along with merchants and consumers, cybercriminals switched to new ways as well to expand their malevolent and fraud activities.

The upsurge in the online ecosystem is likely to create a brand new generation of digital customers in 2021. As digital experiences continue to become mainstream, cybercriminals are sensing an unprecedented opportunity to use new tricks and technologies to weave a deep fraud web around the gullible people and vulnerable IT networks.

Pandemic fueling fraud surge

By leveraging the latest technologies and network vulnerabilities, fraudsters explore new ways to target individuals and enterprises who lack adequate knowledge or cybersecurity tools to defend themselves.

Consider some statistics to understand the gravity of the situation: India witnessed over 2.9 lakhs cybersecurity incidents related to digital banking in 2020 (Source: CERT-In); a few months back, grocery delivery major Bigbasket faced a data breach, revealing data of 2 crores of its registered users; according to various industry reports, data breaches cost Indian firms Rs 15 crores yearly on average; FICO, a US analytics company revealed that four in five Asian banks are losing money to fraud as real-time payments rise.

The above data is just the tip of the iceberg. With the pandemic as a backdrop, digital payment frauds can upsurge even further.

Unified Payment Interface (UPI) emerged as one of the easiest ways to transfer money through Google Pay, Paytm, PhonePe, Freecharge, and others. This trend, however, also gave birth to various frauds associated with UPI payments.

The situation’s enormity can be fathomable as fraudsters didn’t even spare the Delhi chief minister’s daughter, as reported by various media outlets recently. She recently fell victim to an online payments scam while selling a piece of old furniture on an e-commerce platform. Last year, an Indian Air Force officer too fell prey to one such scam. The UPI-related frauds are even more concerning as India target massive uptake of digital transactions in the next few years, up from the current 46 billion.

There are also instances where users have fallen victim to fake shopping websites and transferring money by relying on unauthorized payment links received through SMS.

In one of the advisories issued in 2019, the Reserve Bank of India had warned all banks to take robust measures to prevent digital banking frauds that can wipe out the entire balance of a customer using UPI technology. With the more users connected to the mobile and the internet, such incidents are ordained to increase.

AI, ML, and user awareness

It is reasonable that most new customers moving to digital payments lack the knowledge and can be tricked by fraudsters to make security mistakes or provide sensitive information about their accounts. It becomes essential for enterprises and banks to take the necessary steps to combat digital payment frauds in such a scenario. (See: AI in banking now geared for a takeoff)

Enterprises and banks overhauling their payment and customer interface mechanisms by integrating digital pieces need to embed technologies such as machine learning and artificial intelligence to provide a secure and frictionless payment experience to customers.

By leveraging AI and ML algorithms’ competencies, the network can flag anomalies and derive a risk pattern, approving or declining a payment. In the year ahead, AI-enabled virtual chatbots will also play a pivotal role in enhancing user awareness and answer all payment-related queries. Enterprises are also testing predictive and prescriptive analysis to identify fraud in digital payment transactions.

There is a strong need for the industry to come together and make appropriate investments in next-generation security frameworks, real-time fraud monitoring solutions, and knowledge sharing programs to outsmart cybercriminals and strengthen consumers’ confidence in digital payments.

Digital transformation deals put IT sector back on track

Digital transformation deals put IT sector back on track

Buoyed by a rapid acceleration in digital transformation service deals, the Indian IT industry is back on the growth track, leaving behind the pandemic’s impact. In its strategic review 2021, titled ‘New World: The Future is Virtual,’ Nasscom estimated the IT industry to clock revenue of $194 billion in FY21, up from $190 billion a year back, registering a growth rate of 2.3% year-on-year. While the numbers may still be well-short of pre-pandemic 6-7% growth levels, Nasscom projections are really encouraging for one of the major industries in India.

The Indian IT industry is also likely to add over 138,000 new hires during the FY2020-21, taking the total employee base to 4.47 million. Much of this new workforce is expected to support the new-age technologies such as artificial intelligence, the internet of things, cloud analytics, automation, DevOps among others.

According to the Nasscom review, the indigenous domestic market, driven by hardware-led demand, continued to show resilience, growing at 3.4% in the year.

“As we look at 2021, while there are positives on the vaccination front and accelerated digitization across verticals, the technology industry in India is well geared to build on these trends and continue its transformation journey in this re-defined techad,” said Debjani Ghosh, President, NASSCOM.

The Indian IT industry is benefitting from the strong demand for digital transformation technology deals from Europe and Asia-Pacific (APAC). Sectors such as BFSI and healthcare are likely to continue to invest significantly in digital transformational technologies in the year ahead. (See: TCS finds its new growth mojo in DX)

A quantum leap for DX initiatives

Nasscom’s assessment is not surprising since the Indian IT industry has shown remarkable resilience in the last year and played a pivotal role in accelerating economic growth, enabling businesses to overcome supply and demand disruptions through digital transformation.

The disruption caused by the pandemic was terrifying for many enterprises as they were inexperienced in managing an upheaval of such magnitude. The crisis left them no option but to fast-track their digital transformation (DX) plans to meet the evolving market needs, interact with customers and employees. The immediate focus was to deploy technology solutions to enable the remote working for their workforce and increase business resiliency.

Indian IT services majors are also making continuous efforts to build new digital transformation capabilities in India and enhancing their focus on delivering more thoughtful, practical solutions to construct agile, integrated, simplified, and customized environments for their customers. This trend is likely to create further opportunities for IT firms to accelerate digital transformation deals in India and beyond through strategic mergers and acquisitions. Notably, in 2020 alone, the industry witnessed 146 M&A deals, 90% of which were digitally focused.

“Digital transformation is the topmost priority for global corporations, and in a highly connected world that will remain largely contactless for an extended period, there are shifts in business models, customer experience, operations, and employee experience. Our CEO survey for 2021 indicates that almost 70% of companies expect investment in global technology higher than the previous year. In this hyper-digital economy, trust with the four cornerstones of competence, reliability, integrity, and empathy will be the single-most-important currency, leading the industry growth towards a better normal,” says UB Pravin Rao, Chairman, NASSCOM in a media and analyst release.

Long-term impact

The impact of the crisis is going to be experienced for a long time. While the rapid vaccination program might pacify the COVID-19 effect by the end of 2021, the enterprise tech leaders in India will continue to rely on the cloud and AI-based contactless technologies to open their physical offices cautiously. (See: CIOs’ digital transformation focus accelerates recovery for IT firms)

Digital transformation in India and the global market will continue to see a significant focus in the year ahead as companies look to accelerate growth, innovate and compete at pre-Covid levels.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *