Share to lead the transformation

In Focus

Jaspreet Singh

Partner, Cybersecurity, EY 

It’s about leading the cybersecurity organization in the new normal.

The Covid-19 pandemic has ushered in a series of unprecedented shifts in global and Indian economic conditions amidst extensive industry disruptions. Over the last ten months, there has been a significant remolding of how services and products are delivered and consumed. Remote working has become a reality and, in some ways, ‘the new normal,’ while online models have primarily driven consumption of goods and services. These drastic and sudden modifications in business environments have significantly impacted the ICT  and cybersecurity priorities and investments across organizations.

Almost all enterprises have responded to this precarious situation by empowering their employees and engaging customers through remote working interventions, policies, and tools. Without a doubt, this response has been brisk and useful to an extent and has brought to light chinks in many an organization’s armors in the realm of cybersecurity.

Coupled with an insurmountable surge in the volume and sophistication of cyberattacks in the last two quarters, India’s CISO community had to move ahead with a steely resolve to address these challenges. (See: How COVID-19 has changed cybersecurity focus for 2021)

Jaspreet Singh, Partner–Cybersecurity at EY, outlines the top challenges faced by the CISOs in India in the wake of the Covid-19 pandemic. He also shares best practices that organizations could embrace to steer them through the complex maze of cybersecurity issues and help them firm up their cybersecurity posture.

Essential, and yet troublesome—thy name is remote working.

Covid-19 is creating a global ‘work from home’ culture, as organizations see employees working from home as a feasible long-term option if regulatory issues can be addressed.

However, cybercriminals are using it as a massive opportunity as people are often connected to the corporate network through their home Wi-Fi connections, which are not secure due to weak router configurations or multiple poorly protected IoT devices connected to the same network (among other things).

Cybercriminals are also using this time of great fear to target people with phishing attacks using coronavirus themes. Cybercriminals are also leveraging and targeting video communication platforms for hijacking teleconferences, and we have also found maze ransomware targeting managed IT, service providers, on a global scale.

Adapting to the new normal is the biggest challenge for the CISO.

Today’s enterprises need to secure access to their organizational resources, regardless of the user or application environment. This means that the biggest challenge is about adapting to the modern distributed workplace and embracing a mobile workforce while protecting people, devices, and data, irrespective of their locations. (See: Here’s how the new Cyber Security Policy could reshape CISO roles)

Addressing the remote working conundrum—in search of a feasible and effective intervention

It is highly critical for organizations to review their cybersecurity strategies given the global pandemic and follow their renewed realization of IT dependence. IT teams are organizational warriors who have worked day and night and played a crucial role in helping most organizations adapt to the work-from-home culture.

The initial focus of all organizations has been on enabling work from home in the fastest possible time, due to which security was not kept on priority. This resulted in a major risk.

Cybersecurity also needs to align itself to see through risks to the organization—its people, processes, and technologies. The organization would have to align its cybersecurity strategy to changing IT strategies and investments.

Post the pandemic, the cybersecurity organization is slated to undergo a drastic transformation.

The cybersecurity industry will see a sharp increase in the demand for adapting to technological solutions for remote working and security solutions to reduce risks to the IT infrastructure.

The cybersecurity skills shortage will also worsen as these skills would be necessary to protect the IT infrastructure and address the likely increase in cybersecurity compliance.

Never trust, always verify—‘zero trust’ as a critical component of the cybersecurity system for Indian organizations. 

Zero trust teaches to “never trust, always verify.” It has a significant role in how people access organizational resources, regardless of where the request originates from or what resources one accesses.

Jaspreet Singh, PartnerCybersecurity, EY

With 17 years of rich industry experience, Jaspreet owns the P&L of Cybersecurity for North India at EY. He advises organizations across telecom, tech, media, and entertainment sectors, and has been instrumental in helping them become cyber-ready businesses of the future.

Over the years, his advisory and evaluation skills have helped many businesses progress through the cybersecurity value chain.

He also shares the additional responsibility of developing the cybersecurity practice in Bangladesh and the Middle East for EY.

Expertise

  • Data privacy
  • IT security and governance
  • IT strategy
  • IT program management
  • IT attestation services
  • Datacenter security
  • Network security
  • Risk assessment and management
  • Business continuity planning and crisis management
  • Ethical hacking

Honors and awards

  • Chairman Value Award, 2014
  • Consultant of the year, Cybersecurity, 2017

It is not about users being un-trustworthy; instead, it is about firmly authenticating, authorizing, and inspecting all traffic flows always to ensure that malware and attacks don’t sneak in accidentally or maliciously.

Many organizations are knowingly or unknowingly following, in principle, the ‘zero trust architecture.’ However, moving to a complete ‘zero trust’ architecture will take time. Organizations need to mature to a level starting with strong authentication in general.

It will be essential to consider each investment carefully and align it with current business needs. Fortunately, each step forward will make a difference in reducing the cybersecurity risk and returning trust in the entirety of your IT Infrastructure.

Aim to build resilience across the value chain.

You must be prepared to deal with the attack. You have to be able to investigate the incident quickly, make smart decisions, and take actions immediately.” Effective resilience programs look not only at the infrastructure within the four walls of the organization but also look to consider the impacts of customers, vendors, partners, and other participants across the value chain.

*The article was originally published as part of a Better World–Microfocus Coffee Table Book initiative titled Accelerating Enterprise Innovations. You can read the e-Book by clicking here.

MORE FROM BETTER WORLD

The growing web of digital payment frauds

The growing web of digital payment frauds

The rapid maturing of digital technologies and contactless payments have made lives of businesses and consumers easier. During the pandemic-stricken, confined ecosystem, enterprises quickly moved to digital and incorporated new digital payment and supply chain models. Consumers were also quick to shift to new behavior patterns and replaced in-store shopping with online shopping. Along with merchants and consumers, cybercriminals switched to new ways as well to expand their malevolent and fraud activities.

The upsurge in the online ecosystem is likely to create a brand new generation of digital customers in 2021. As digital experiences continue to become mainstream, cybercriminals are sensing an unprecedented opportunity to use new tricks and technologies to weave a deep fraud web around the gullible people and vulnerable IT networks.

Pandemic fueling fraud surge

By leveraging the latest technologies and network vulnerabilities, fraudsters explore new ways to target individuals and enterprises who lack adequate knowledge or cybersecurity tools to defend themselves.

Consider some statistics to understand the gravity of the situation: India witnessed over 2.9 lakhs cybersecurity incidents related to digital banking in 2020 (Source: CERT-In); a few months back, grocery delivery major Bigbasket faced a data breach, revealing data of 2 crores of its registered users; according to various industry reports, data breaches cost Indian firms Rs 15 crores yearly on average; FICO, a US analytics company revealed that four in five Asian banks are losing money to fraud as real-time payments rise.

The above data is just the tip of the iceberg. With the pandemic as a backdrop, digital payment frauds can upsurge even further.

Unified Payment Interface (UPI) emerged as one of the easiest ways to transfer money through Google Pay, Paytm, PhonePe, Freecharge, and others. This trend, however, also gave birth to various frauds associated with UPI payments.

The situation’s enormity can be fathomable as fraudsters didn’t even spare the Delhi chief minister’s daughter, as reported by various media outlets recently. She recently fell victim to an online payments scam while selling a piece of old furniture on an e-commerce platform. Last year, an Indian Air Force officer too fell prey to one such scam. The UPI-related frauds are even more concerning as India target massive uptake of digital transactions in the next few years, up from the current 46 billion.

There are also instances where users have fallen victim to fake shopping websites and transferring money by relying on unauthorized payment links received through SMS.

In one of the advisories issued in 2019, the Reserve Bank of India had warned all banks to take robust measures to prevent digital banking frauds that can wipe out the entire balance of a customer using UPI technology. With the more users connected to the mobile and the internet, such incidents are ordained to increase.

AI, ML, and user awareness

It is reasonable that most new customers moving to digital payments lack the knowledge and can be tricked by fraudsters to make security mistakes or provide sensitive information about their accounts. It becomes essential for enterprises and banks to take the necessary steps to combat digital payment frauds in such a scenario. (See: AI in banking now geared for a takeoff)

Enterprises and banks overhauling their payment and customer interface mechanisms by integrating digital pieces need to embed technologies such as machine learning and artificial intelligence to provide a secure and frictionless payment experience to customers.

By leveraging AI and ML algorithms’ competencies, the network can flag anomalies and derive a risk pattern, approving or declining a payment. In the year ahead, AI-enabled virtual chatbots will also play a pivotal role in enhancing user awareness and answer all payment-related queries. Enterprises are also testing predictive and prescriptive analysis to identify fraud in digital payment transactions.

There is a strong need for the industry to come together and make appropriate investments in next-generation security frameworks, real-time fraud monitoring solutions, and knowledge sharing programs to outsmart cybercriminals and strengthen consumers’ confidence in digital payments.

Digital transformation deals put IT sector back on track

Digital transformation deals put IT sector back on track

Buoyed by a rapid acceleration in digital transformation service deals, the Indian IT industry is back on the growth track, leaving behind the pandemic’s impact. In its strategic review 2021, titled ‘New World: The Future is Virtual,’ Nasscom estimated the IT industry to clock revenue of $194 billion in FY21, up from $190 billion a year back, registering a growth rate of 2.3% year-on-year. While the numbers may still be well-short of pre-pandemic 6-7% growth levels, Nasscom projections are really encouraging for one of the major industries in India.

The Indian IT industry is also likely to add over 138,000 new hires during the FY2020-21, taking the total employee base to 4.47 million. Much of this new workforce is expected to support the new-age technologies such as artificial intelligence, the internet of things, cloud analytics, automation, DevOps among others.

According to the Nasscom review, the indigenous domestic market, driven by hardware-led demand, continued to show resilience, growing at 3.4% in the year.

“As we look at 2021, while there are positives on the vaccination front and accelerated digitization across verticals, the technology industry in India is well geared to build on these trends and continue its transformation journey in this re-defined techad,” said Debjani Ghosh, President, NASSCOM.

The Indian IT industry is benefitting from the strong demand for digital transformation technology deals from Europe and Asia-Pacific (APAC). Sectors such as BFSI and healthcare are likely to continue to invest significantly in digital transformational technologies in the year ahead. (See: TCS finds its new growth mojo in DX)

A quantum leap for DX initiatives

Nasscom’s assessment is not surprising since the Indian IT industry has shown remarkable resilience in the last year and played a pivotal role in accelerating economic growth, enabling businesses to overcome supply and demand disruptions through digital transformation.

The disruption caused by the pandemic was terrifying for many enterprises as they were inexperienced in managing an upheaval of such magnitude. The crisis left them no option but to fast-track their digital transformation (DX) plans to meet the evolving market needs, interact with customers and employees. The immediate focus was to deploy technology solutions to enable the remote working for their workforce and increase business resiliency.

Indian IT services majors are also making continuous efforts to build new digital transformation capabilities in India and enhancing their focus on delivering more thoughtful, practical solutions to construct agile, integrated, simplified, and customized environments for their customers. This trend is likely to create further opportunities for IT firms to accelerate digital transformation deals in India and beyond through strategic mergers and acquisitions. Notably, in 2020 alone, the industry witnessed 146 M&A deals, 90% of which were digitally focused.

“Digital transformation is the topmost priority for global corporations, and in a highly connected world that will remain largely contactless for an extended period, there are shifts in business models, customer experience, operations, and employee experience. Our CEO survey for 2021 indicates that almost 70% of companies expect investment in global technology higher than the previous year. In this hyper-digital economy, trust with the four cornerstones of competence, reliability, integrity, and empathy will be the single-most-important currency, leading the industry growth towards a better normal,” says UB Pravin Rao, Chairman, NASSCOM in a media and analyst release.

Long-term impact

The impact of the crisis is going to be experienced for a long time. While the rapid vaccination program might pacify the COVID-19 effect by the end of 2021, the enterprise tech leaders in India will continue to rely on the cloud and AI-based contactless technologies to open their physical offices cautiously. (See: CIOs’ digital transformation focus accelerates recovery for IT firms)

Digital transformation in India and the global market will continue to see a significant focus in the year ahead as companies look to accelerate growth, innovate and compete at pre-Covid levels.

AI and ML adoption transforming recruitment workflows

AI and ML adoption transforming recruitment workflows

Megha Talpade (name changed), the talent acquisition leader of a leading organized retailer, is in a state of a quandary these days. Just like many other retailers, her company also faced hardships due to the pandemic that caused the shutdown of malls and shops for several months last year. However, as things are getting back to normal, Talpade has been assigned by the leadership to formulate a recruitment plan to expand the operations and sales team. As we continue through 2021, talent acquisition leaders like Talpade have no other option but to explore transforming the recruitment process through technologies such as AI and Blockchain to source the best talent in a cost-efficient way

What could have been a routine hiring exercise before the pandemic has suddenly looked like running a marathon! With the need for social distancing and safety likely to remain the top priority even in the waning pandemic scenario, shortlisting candidates through heaps of data and onboarding hundreds of new employees through traditional processes look like an inconceivable approach for talent heads. (See: How will AI impact enterprise ecosystems in 2021?)

Reimagining hiring experience through AI

AI is fast emerging as a top technology to transform the future of recruitment. AI-based screening tools empower companies to validate a specific number of criteria before sending the hiring managers’ selected profiles. Since the applications for a job have increased multifold after the pandemic triggered slowdown, it is no longer possible for companies to take the conventional route to shortlist candidates without a resume analysis tool.

Many companies are now looking forward to using AI to transform their recruitment processes and meet their hiring goals.

For instance, Vodafone started using AI to recruit call-center and sales staff in 2017 and has been pleased with the results. Similarly, Cathay Pacific, one of the world’s leading airlines, utilized AI-based platforms to reduce the hiring time for customer service and flight attendant roles from 3 months to 2-3 weeks.

By integrating AI-based analytical tools, talent acquisition teams can focus on the best candidates that match their core profile requirements. The algorithmic process can also scan candidates’ online behaviors by screening their publicly available comments and social media profiles and list the candidates as the top choice, recommended and not recommended at all.

AI tools can also analyze candidates’ facial movements, body language, and verbal skills through real-time AI scanning programs.

According to the 2019 State of Artificial Intelligence in Talent Acquisition report by Oracle, About 73% of organizations expect AI to increase recruitment speed, and 53% expect it to boost the overall productivity of the recruitment function. By 2022, the percentage is likely to go even higher.

In addition to screen the candidates, AI-based tools are also effective for conducting remote interviews through conversational chatbots or robots. Interactive chatbots can help businesses resolve candidates’ queries promptly and guide them with the onboarding and re-boarding process.

Credential verification through Blockchain

Blockchain technology enables hiring managers to access the complete and accurate employment history of a potential candidate. Leveraging its digital recordkeeping capability, Blockchain validates the CV of the jobseeker and removes any possibility of the candidate hiding an undesirable history. 

This means applicants cannot hide their professional historical data and credentials. It will give employers a better insight into their candidates’ natural strengths and weaknesses and assess them better for a given role.

The future will see a massive role of technology in recruitment cycles. Most of these technologies are governed by business logic, making it possible for enterprises to structure the patterns per specific inputs and solve many critical leadership hiring problems. While still at a nascent stage, 2021 is expected to see new use cases of Blockchain and likely play a key role to transform the recruitment processes.

Accelerating skills evaluation by leveraging AR and VR

These immersive technologies that were earlier restricted to the gaming industry can deliver substantial value in the new age recruitment process. By leveraging the advantage of AR and VR, companies can evaluate a candidate in an actual set-up, showcase their brand effectively and test the ability of a candidate to manage complex situations and analyze their resilience levels.

AR and VR can also make the entire recruitment cycle more engaging and exciting. For instance, Siemens was one of the first companies that started using AR and VR for driving recruitment almost a decade back. In 2011, the company had launched Plantville, an online gaming platform that simulates the experience of being a plant manager. Potential hires were given the challenge of maintaining a plant’s operation while strengthening the productivity, efficiency, sustainability, and overall facility health.

Since its launch, the game has helped Siemens build brand awareness, engage thousands of customers, and recruit several engineers.

While all these technologies hold great potential and are expected to play a pivotal role in mechanizing the top talent search and transforming the HR practices, they are yet to overcome obstacles like bias fully to make it wholly reliable. For instance, about three years ago, Amazon removed a secret AI recruiting tool from its hiring process that started to display prejudice against women candidates. For an enterprise looking at transforming its HR and recruitment practices, the best way is to identify your actual needs and partner with the right technology partner to harness the technology and increase the scope of hiring.

In adopting technologies like AI and Blockchain for talent acquisition, Talpade seems to have certainly taken note of this!

Tech Mahindra earns place in Forbes Blockchain 50

Tech Mahindra earns place in Forbes Blockchain 50

Digital transformation, consulting, and business re-engineering services and solutions provider Tech Mahindra has been featured in the 2021 Forbes Blockchain 50 companies list, a coveted global listing of pioneering companies, startups, and influencers in the distributed ledgers space. Tech Mahindra announced that it has been recognized for its transformative and innovative platform-based approach in Blockchain implementations for global clients. Its implementation of enabling 500 million mobile phone customers in India to manage their consent and preferences to avoid spam calls and text messages, was specifically highlighted. (See: Tech Mahindra gets new blockchain accreditation)

In 2019, Tech Mahindra introduced a Blockchain-based solution using Hyperledger, to manage unsolicited commercial calls (or “spam” calls) in compliance with the regulations and guidelines of the Telecom Regulatory Authority of India (TRAI). Forbes recognized this project as unique in its scale as it remains one of the largest live ledger implementations in the world to date. In its analysis for Blockchain 50 2021, Forbes highlights that this recognition is an illustration of the trend of globalization of blockchain technology and its incipient rise in Asia, in particular.

 “We are delighted to be recognized by Forbes as one of the leading blockchain organizations of the world. Tech Mahindra is leveraging Blockchain to solve tough business problems and create a completely differentiated experience for end-users through a combination of best-in-class platforms, product innovation, and deep domain expertise. It is indeed a matter of great pride that we are the only Indian company and only IT and digital services consulting company to feature in the coveted list,” said Rajesh Dhuddu, Practice Leader in Blockchain and Cybersecurity, Tech Mahindra in an official release.

Tech Mahindra has been focusing extensively on Blockchain technology and testing its capabilities across a wide range of business verticals.

 The USD, 5.2 billion organization with around 122000 employees across 90 countries, Tech Mahindra, provides a holistic framework called ‘Block Ecosystem’ comprised of various levers: Block Studio, Block Engage, Block Talk, Block Geeks, Block Accelerate, Block Access, and Block Value, which can be used to create applications that unlock significant value for clients. 

For more details on the Forbes 50 Blockchain list and accompanying commentary, click here and here.

Three key drivers that will shape cloud ecosystems in 2021

Three key drivers that will shape cloud ecosystems in 2021

2020 was one of the most challenging years in recorded history. With many paradigm-shifting developments, the year upended the lives of almost every person on this planet. Amidst the changing times that even left many soothsayers speechless, technologies such as the cloud emerged as a silver lining and enabled businesses and economies to adapt to the new normal and survive.

Cloud, which is the pillar of the data-intensive tech ecosystem, played a pivotal role during the pandemic to navigate the change, enabling enterprises to build effective supply chains and setting-up robust remote working environments for their expanded workforce. It empowered businesses to deliver essential services during the lockdown and successfully proved the possibility of creating a more sustainable world.

In 2021, cloud computing is expected to make an even more profound impact as most businesses would focus their strategies to recover from the pandemic. Let’s look at some of the key cloud computing requirements that will impact organizations’ tech ecosystems in 2021. (See: A case for cloud-enabled COVID-19 sensors and loggers)

1. Focus on new use cases

In 2021, cloud computing is expected to make even deeper inroads into organizations as most businesses would focus on building strategies to recover from the pandemic. In general, companies are likely to increase their dedicated IT spending to the cloud, opening the market for more innovations and new growth models.

Most importantly, with technologies like 5G around the corner, cloud service providers will have a massive role in developing new use cases using complementary technologies such as artificial intelligence and automation.

The battle of supremacy between top cloud service providers such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Alibaba is likely to become more intense in the year ahead.

Top cloud platforms — especially Amazon Web Service, Microsoft Azure, and Google Cloud — are expected to gain from this amplified focus. While AWS is likely to retain its supremacy, Microsoft, Google and Alibaba will continue to take aggressive steps to close the gap. To cater to the low-latency and high-redundancy capabilities required by several of these new applications, cloud service providers will look forward to adding intelligent edge capabilities in their solutions.

2. Hybrid and multi-cloud strategies to take center stage

As enterprises become more mature to understand the benefits of a strong cloud ecosystem, they also become more aware of adopting the multi-cloud approach to avoid the unnecessary risk of getting locked into certain vendors. And this cloud computing trend is likely to make a substantial impact in organizational tech ecosystems in 2021.

Kunwar Singh, Lead, Cloud Offerings portfolio across Microsoft Applications and Infrastructure Services, HCL, noted in an HCL blog post, “The hybrid cloud environment provides an essential blanket of security for mission-critical workloads, elasticity for delivery, and high performance to match the ever-growing need for constant innovation. To summarize, today, more than ever, hybrid cloud is an essential partner to businesses, as companies reposition themselves to maintain productivity, creating an efficient mobile workforce and staying poised to handle adversity.”

It is expected that organizations that plan to take a hybrid cloud route will focus on building an intelligent operative ecosystem to govern varied processes effectively.

3. More emphasis on governance and security

CIOs and technology leaders will continue to put more emphasis on deploying services without worrying about infrastructure overheads. Considering the continuous expansion of the distributed workforce, the industry will also focus on developing services and applications around network security, compliance, and privacy to secure sensitive data across the cloud ecosystem.

“For control, privacy, and regulatory concerns, private cloud has been leveraged to a greater degree as compared to public cloud services. From now on, the demand for public cloud services is also slated to rise along with a surge in private and hosted cloud models, ” says, Krishna Rao RV, Senior General Manager, IT AIG Hospitals.

While cloud security and governance will be a key focus area, it also remains one of the biggest challenges for organizations to expand their cloud programs. The industry is also battling with a massive shortage of IT Security professional talent and needs to find the best solution to resolve this issue. In the year ahead, there could be an upsurge of new talent programs and initiatives by the cloud computing providers to fortify necessary skill sets to drive further cloud adoption in enterprise tech ecosystems.

Mathan Babu Kasilingam joins Vodafone Idea as CISO

Mathan Babu Kasilingam joins Vodafone Idea as CISO

Mathan Babu Kasilingam

Indian telecom operator Vodafone Idea has appointed Mathan Babu Kasilingam as its new CISO and Data Privacy Officer. Kasilingam has joined the company in place of Amit Pradhan, who has recently quit the telecom operator to join Mandiant Consulting (Mandiant is a US-based firm that performs advanced cyber investigation, forensics, and incident response).

Kasilingam will be spearheading cybersecurity initiatives, digital security entities, data privacy compliance at Vodafone Idea in his new role. He will also have a huge responsibility to shoulder since data privacy and compliance has become a critical focus area for all the leading telcos.

This is the second technology leadership appointment that Vi has announced in the last four months. In November last year, the telco named Jagbir Singh as its new chief technology officer, following the exit of Vishant Vora. (See: Vishant Vora quits as CTO of Vodafone Idea).

Mathan Babu Kasilingam has over two decades of robust experience in the information security field. He has previously worked with companies such as the National Payments Corporation of India (NPCI), HDFC Bank, Symantec, Wipro Infotech, and BT Global Services in various security and data compliance domains. At NPCI, where he has worked for three years before moving to Vi, Kasilingam introduced several new initiatives and data protection practices.

Kasilingam holds a Bachelor’s Degree in Engineering from Sri Sivasubramaniya Nadar (SSN) College of Engineering and is a Certified Information Systems Security Professional. In his free time, Kasilingam loves playing badminton and enjoys listening to music. 

About Vodafone Idea (Vi)

Vodafone Idea Limited is a pan-India integrated GSM operator, offering 2G, 4G, 4G+, VoLTE, and VoWiFi services. With a subscriber base of 290 million, Vi is India’s third-biggest mobile telecom operator and sixth-largest globally. Vodafone’s Indian arm and Idea Cellular had merged their operations in August 2018 in a highly competitive Indian telecommunication market.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *