Share to lead the transformation

In Focus

Jaspreet Singh

Partner, Cybersecurity, EY 

It’s about leading the cybersecurity organization in the new normal.

The Covid-19 pandemic has ushered in a series of unprecedented shifts in global and Indian economic conditions amidst extensive industry disruptions. Over the last ten months, there has been a significant remolding of how services and products are delivered and consumed. Remote working has become a reality and, in some ways, ‘the new normal,’ while online models have primarily driven consumption of goods and services. These drastic and sudden modifications in business environments have significantly impacted the ICT  and cybersecurity priorities and investments across organizations.

Almost all enterprises have responded to this precarious situation by empowering their employees and engaging customers through remote working interventions, policies, and tools. Without a doubt, this response has been brisk and useful to an extent and has brought to light chinks in many an organization’s armors in the realm of cybersecurity.

Coupled with an insurmountable surge in the volume and sophistication of cyberattacks in the last two quarters, India’s CISO community had to move ahead with a steely resolve to address these challenges. (See: How COVID-19 has changed cybersecurity focus for 2021)

Jaspreet Singh, Partner–Cybersecurity at EY, outlines the top challenges faced by the CISOs in India in the wake of the Covid-19 pandemic. He also shares best practices that organizations could embrace to steer them through the complex maze of cybersecurity issues and help them firm up their cybersecurity posture.

Essential, and yet troublesome—thy name is remote working.

Covid-19 is creating a global ‘work from home’ culture, as organizations see employees working from home as a feasible long-term option if regulatory issues can be addressed.

However, cybercriminals are using it as a massive opportunity as people are often connected to the corporate network through their home Wi-Fi connections, which are not secure due to weak router configurations or multiple poorly protected IoT devices connected to the same network (among other things).

Cybercriminals are also using this time of great fear to target people with phishing attacks using coronavirus themes. Cybercriminals are also leveraging and targeting video communication platforms for hijacking teleconferences, and we have also found maze ransomware targeting managed IT, service providers, on a global scale.

Adapting to the new normal is the biggest challenge for the CISO.

Today’s enterprises need to secure access to their organizational resources, regardless of the user or application environment. This means that the biggest challenge is about adapting to the modern distributed workplace and embracing a mobile workforce while protecting people, devices, and data, irrespective of their locations. (See: Here’s how the new Cyber Security Policy could reshape CISO roles)

Addressing the remote working conundrum—in search of a feasible and effective intervention

It is highly critical for organizations to review their cybersecurity strategies given the global pandemic and follow their renewed realization of IT dependence. IT teams are organizational warriors who have worked day and night and played a crucial role in helping most organizations adapt to the work-from-home culture.

The initial focus of all organizations has been on enabling work from home in the fastest possible time, due to which security was not kept on priority. This resulted in a major risk.

Cybersecurity also needs to align itself to see through risks to the organization—its people, processes, and technologies. The organization would have to align its cybersecurity strategy to changing IT strategies and investments.

Post the pandemic, the cybersecurity organization is slated to undergo a drastic transformation.

The cybersecurity industry will see a sharp increase in the demand for adapting to technological solutions for remote working and security solutions to reduce risks to the IT infrastructure.

The cybersecurity skills shortage will also worsen as these skills would be necessary to protect the IT infrastructure and address the likely increase in cybersecurity compliance.

Never trust, always verify—‘zero trust’ as a critical component of the cybersecurity system for Indian organizations. 

Zero trust teaches to “never trust, always verify.” It has a significant role in how people access organizational resources, regardless of where the request originates from or what resources one accesses.

Jaspreet Singh, PartnerCybersecurity, EY

With 17 years of rich industry experience, Jaspreet owns the P&L of Cybersecurity for North India at EY. He advises organizations across telecom, tech, media, and entertainment sectors, and has been instrumental in helping them become cyber-ready businesses of the future.

Over the years, his advisory and evaluation skills have helped many businesses progress through the cybersecurity value chain.

He also shares the additional responsibility of developing the cybersecurity practice in Bangladesh and the Middle East for EY.

Expertise

  • Data privacy
  • IT security and governance
  • IT strategy
  • IT program management
  • IT attestation services
  • Datacenter security
  • Network security
  • Risk assessment and management
  • Business continuity planning and crisis management
  • Ethical hacking

Honors and awards

  • Chairman Value Award, 2014
  • Consultant of the year, Cybersecurity, 2017

It is not about users being un-trustworthy; instead, it is about firmly authenticating, authorizing, and inspecting all traffic flows always to ensure that malware and attacks don’t sneak in accidentally or maliciously.

Many organizations are knowingly or unknowingly following, in principle, the ‘zero trust architecture.’ However, moving to a complete ‘zero trust’ architecture will take time. Organizations need to mature to a level starting with strong authentication in general.

It will be essential to consider each investment carefully and align it with current business needs. Fortunately, each step forward will make a difference in reducing the cybersecurity risk and returning trust in the entirety of your IT Infrastructure.

Aim to build resilience across the value chain.

You must be prepared to deal with the attack. You have to be able to investigate the incident quickly, make smart decisions, and take actions immediately.” Effective resilience programs look not only at the infrastructure within the four walls of the organization but also look to consider the impacts of customers, vendors, partners, and other participants across the value chain.

*The article was originally published as part of a Better World–Microfocus Coffee Table Book initiative titled Accelerating Enterprise Innovations. You can read the e-Book by clicking here.

MORE FROM BETTER WORLD

Climate Change: Javadekar takes charge

Climate Change: Javadekar takes charge

Prakash Javadekar today assumed charge as the Union Minister of Environment, Forest and Climate Change here today. He was greeted at the office at Paryavaran Bhawan by Environment Secretary Shri C K Mishra and other senior officials of the ministry. Babul Supriyo also assumed charge as Minister of State.

Briefing the media after assuming the charge, the Union Minister said it is like a home coming for him as he already served in the ministry for two years in the first term of NDA government. He stressed that we will strongly reinforce that this ministry is seen as a facilitator and not merely as a regulator. “Economic growth and environment protection should go simultaneously, and we need to work with an increased impetus towards that”, said Javadekar.

After assuming the charge, the Minister also held a meeting with the senior officers of the Ministry where he was briefed on the key initiatives and policy issues of the Ministry.

Infosys Foundation Opens Aarohan Awards 2019

Infosys Foundation Opens Aarohan Awards 2019

social-impact

The awards would recognize solutions that could positively impact the underprivileged in India. (Representative image)

Infosys Foundation, the philanthropic and CSR arm of Infosys, has announced the launch of the second edition of the Aarohan Social Innovation Awards. The award is aimed at accelerating innovation in the social sector. The Aarohan Social Innovation Awards 2019 seek to recognize and reward individuals, teams or NGOs developing unique solutions that have the potential to positively impact the underprivileged in India, at scale.

Speaking at the launch of the second edition of the awards, Infosys Foundation Chairperson Sudha Murty said, “The Aarohan Social Innovation Awards 2018 was a huge success. Infosys Foundation witnessed a very good response from social innovators across the country and eventually, 12 leading innovators were recognised and awarded. The overwhelming response we got last year, has reaffirmed my belief that there are innumerable innovators across India who are looking up to this platform to give wings to their passion by scaling their innovation and impacting millions of lives. With the second edition of the awards, we hope to discover these hidden social innovators across the country and help them scale the power of their social innovations”

The awards will accept submissions across six categories, namely, Healthcare, Rural Development, Destitute Care, Women’s Safety & Empowerment, Education & Sports, and Sustainability.

The submission process for the second edition of these awards commences on July 15, 2019 and will continue till September 30, 2019. Participants can submit entries describing their work in the form of videos that can be uploaded on the Aarohan Social Innovation Awards website. The entries must be of a fully functioning prototype, not just a concept, idea or mock up. Additionally, the project must not be an established commercial venture.

Aarohan Social Innovation Awards will also offer winners an opportunity for residential technical mentorship at the IIT Hyderabad campus for up to 12 weeks to help them further develop and scale their solutions.

A panel of distinguished judges will evaluate and select the winners whose submissions will be assessed on five broad criteria – application to a social problem or need, innovative use of technology, originality of ideas, ease of use and the quality of presentation. The jury will comprise Prof. Trilochan Sastry, former Dean, IIM Bangalore; Padma Shree Arvind Gupta, an Indian toy inventor and science expert; Prof. Anil Gupta, visiting faculty member, IIM Ahmedabad, a globally renowned scholar of grassroots innovations and founder of the Honey Bee Network; Prof. GVV Sharma, Faculty member of the Department of Electrical Engineering and Coordinator, Teaching Learning Centre, IIT Hyderabad; Sumit Virmani, Senior Vice President and Global Head – Marketing, Infosys, and Infosys Foundation Chairperson, renowned author and philanthropist Sudha Murty.

0 Comments