SolarWinds hack

SolarWinds hack: CISOs need to revisit cyber resilience?

by | Dec 23, 2020 | IT Security

The SolarWinds hack has highlighted the threats caused by third-party vendors and challenges the cyber resilience position of enterprises.
Share to lead the transformation

What many organizations feared came true! The year 2020 brought another shock to the business community last week with discovering a new cyber-attack, SolarWinds hack’ in the United States. The attack is an opportunity for enterprises and CISOs to reflect on their cyber resilience strategies. (See: Top enterprise cybersecurity trends of 2020)

For the unversed, California-based cybersecurity company FireEye uncovered the SolarWinds hack last week and estimated that the cyberattack campaign might have started as early as Spring 2020 and remained undetected for months.

The cyberattack emerged as one of the largest ever targeted against the U.S. Government and several other global companies, threatening organizations’ cyber resilience levels. To date, dozens of emails from the U.S. Treasury Department have been confirmed as compromised.

The attack was hurled by cybercriminals who hacked the infrastructure of an American I.T. Software company, SolarWinds, and then used illegitimate access to insert malicious code in the software updates that the company sends out to its 30,000 plus clients that also includes several departments of the U.S. Government. SolarWinds stated that the updates issued between March and June 2020 were contaminated.

Several industry onlookers have also slammed SolarWind’s lackluster approach to conquer its shortcomings. For instance, the Chief Information Security Officer’s (CISO) longstanding vacant position from its board and notifications issued to customers around deactivating antivirus tools before installing SolarWinds software.

Far-reaching effects

While the timelines of the SolarWinds hack are still unfolding, the SolarWinds breach is disturbing to the whole of the I.T. industry as it can have a far-reaching effect on many big organizations’ networks, questioning their cyber resilience levels.

The SolarWinds breach reflects that most organizations are appallingly unqualified to detect and prevent such kinds of software supply chain attacks. SolarWinds boast that it has been working with 425 of the U.S. Fortune 500 companies and hundreds of universities and colleges globally. This means that the severity of the attack can be severe in the coming days.

Top tech companies, Intel, Microsoft, Cisco, and NVIDIA, have all confirmed their exposure to the malicious software and undertaking necessary investigations to gauge the impact.

In a column published in the New York Times, Thomas P. Bossert, a former domestic security adviser to President Trump, notes that supply chain attacks of such magnitude require significant resources and sometimes years of execution.

Bossart also opined that a foreign state might have launched SolarWinds hack in a well-orchestrated way. These evaluations, if proved correct, can be more hazardous. For instance, in war-like situations, confidential data of governments can be modified or erased by hackers instantly to cause financial loss or take undue strategic advantage.

Stresses lack of preparation of organizations

As we move into 2021, the Solar Winds hack event has once again reiterated nothing is completely secure in this ever-evolving threat landscape. Indeed, no vendor or solution can fully guarantee to protect the networks of an enterprise. Perfect information security is a myth, but the key is resilience. (See: How COVID-19 has changed cybersecurity focus for 2021)

The last few weeks must have been more strenuous for CIOs and CISOs who would need to spend long-hours evaluating the impact on their networks, systems, and data from the SolarWinds cyber-attack. It’s time for enterprises to seek responses to some of the key questions more vehemently:

  • Do you have a contingency plan to combat accidental breaches and unknown threats?
  • Do you depend upon a single security vendor (say, for VPN, network monitoring, and network slicing) or want to onboard different security vendors to safeguard our networks?
  • Can you change our defense approach to strengthen our cyber resilience levels?
  • Are you regularly testing our multiple endpoints and operating systems and keeping them secure?
  • Have you evaluated the risks of third-party software vendors and analyzed their ability to combat sophisticated threats?
  • Is your service-level-agreement updated?

The SolarWinds hack event could be a catalyst for technology leaders to rethink and analyze all their security solutions and potential gates of network vulnerabilities in the context of modern-day technologies. There might be many undisclosed portions, and more details around the impairment from the breach is likely to continue to come out in the next few weeks.

 

 

 

MORE FROM BETTER WORLD

Narendra Agarwal joins Dabur as Global CIO

Narendra Agarwal joins Dabur as Global CIO

Narendra Agarwal CIO

Narendra Agarwal, Global CIO, Dabur.

Narendra Agarwal has joined Dabur India as its new Global CIO. Agarwal moves from Hindustan Unilever Limited (HUL), where he donned multiple IT and automation leadership roles during the nine-year tenure. He was responsible for digitizing Dabur’s newly acquired Nutrition (GSK) business.

“We are delighted to welcome Narendra Agrawal as the Global CIO of Dabur India Ltd. Narendra is an MBA professional with 13 years of industry experience in technology transformation and leadership. Narendra comes with vast exposure in successfully leading large-scale global transformation projects in ERP, Logistics Operations, financial forecasting, and S&OP,” Dabur said in a statement released through its official Twitter account.

Among his HUL accomplishments, Agarwal led E2E IT integration for Unilever’s biggest merger and the first-ever remote merger in the industry. He led the technology stabilization and automated platform management for the logistics technology solution, driving continuous improvements in the DevOps model for business.

Overall, Narendra Agarwal has led several large-scale business and technology transformation programs with Dabur, Amdocs, and Capgemini as a CIO or IT leader.

An alumnus of IIM Indore, Agarwal has a keen interest in strategizing and rapidly executing technology capabilities for specific business capabilities that help build business models to get closer to users and help enterprises gain a competitive edge. Narendra has also done a Bachelor’s in Engineering from Mumbai University. 

About Dabur India

Dabur India Ltd is one of India’s top FMCG Companies with revenues of over Rs 7,680 Crore and a market capitalization of over Rs 88,500 Crore. Riding on consumer discretionary spending revival, Dabur India reported its highest-ever quarterly revenue and profits in December 2020.

Dabur also plans to set up a new subsidiary to manufacture, sell, and export its consumer care products. The company was founded in 1884 by SK. Burman and headquartered in Ghaziabad, Uttar Pradesh.

AI tools can drive big efficiencies in oil and gas

AI tools can drive big efficiencies in oil and gas

The role of artificial intelligence (AI) is evolving, especially in industrial organizations such as oil and gas, where data acts as a critical enabler to provide a competitive advantage. Industrial organizations operating in the fields of mining, oil, and gas; and marine, are going through a radical transformation and seeking innovative ways to optimize performance with minimized risk.

The volatile and ever-competitive nature of the industrial companies demands them to identify new and innovative sustainable models to stay profitable, grow and unlock efficiencies. The situation has become more challenging in the wake of the coronavirus pandemic. According to a Capgemini research, over 50% of the European manufacturers, 30% in Japan, 28% in the USA, and 25% in South Korea implement AI solutions.

Enterprises operating in Oil and Gas, Marine, and Oil use traditional machinery which may not be easily replaceable because of the huge costs associated with it. Hence, they need advanced technologies to optimize their operations. They are the ones where data could act as a critical enabler to provide them a competitive advantage if managed with the right combination and tools. (See: How will AI impact enterprise ecosystems in 2021?)

Intelligent machines, optimized production

An estimate from the Robotic Industry Association says the cost of one minute of production-line downtime for a company like General Motors could be around $20,000. That’s enormous!

AI for industrial organizations has become essential for driving operational efficiencies of their assets and processes. With AI and ML advancements, industrial enterprises can make their machines smarter, predict maintenance schedules, minimize downtime and let the devices identify problems sooner, and even rectify them automatically in some instances.

Industrial organizations have an enormous amount of data from their different manufacturing processes. However, the lack of talent and necessary tools prevent them from leveraging the same for deriving meaningful insights.

By monitoring and analyzing data carefully, industrial organizations can anticipate the gaps in the output and receive automated warnings to stop the machine when there is an issue. This helps save cost and time, assisting companies to better their efficiencies. For instance, by leveraging AI-based predictive tools in oil and gas, companies can identify the machine and pipeline deterioration signs and raise alarms to pipeline operators. The use of voice-enabled AI chatbots can also help in oil and gas and mining areas, whereby operators can engage in meaningful automated conversations around the processes, focusing solely on production-related activities.

The supply chain is another crucial process gaining substantial benefits from the AI and ML-driven applications, ensuring industrial companies create equipment buffers as per the real-time market demand. Besides, AI capabilities are also being used extensively for manufacturing and industrial companies to reduce energy consumption, minimize assembly lead times, and increase asset utilization.

Key challenges

The challenge, however, for the industrial organization is a widening gap in the knowledge and competencies of various enterprises’ internal IT departments. The shortage of internal talent to deploy and scale AI in production and integrate with existing standardized solutions.

The successful predictive maintenance strategy is heavily dependent upon the data to integrate necessary engineering in the machinery. Data can not bring efficient results in case they are working in seclusion.

The industry needs strong foundations and collaboration models to create new enterprise-specific applications to analyze data and automate critical processes. Another major challenge that many enterprises need to deal with is managing the people and cultural change. It becomes necessary for organizations implementing AI solutions to conduct essential workshops and focus group discussions on understanding the pain points and queries of their employees.

As we move forward in 2021, AI for industrial organizations will see greater demand as they focus on reducing time to impact and balance their supply chains according to the real-time demand. The industry is likely to witness a steep rise of several integrated solutions from emerging solutions providers and specialized companies to help Industrial companies drive further innovations.

Star-Disney India ropes in Tirthankar Dutta as CISO

Star-Disney India ropes in Tirthankar Dutta as CISO

Tirthankar Dutta, CISO, Star-Disney India

Tirthankar Dutta, CISO, Star-Disney.

Tirthankar Dutta has joined as the Vice President (VP) and CISO of Indian media conglomerate Star-Disney India, a Walt Disney subsidiary in India.

In his new role at Star-Disney, Dutta will spearhead the company’s security transformation initiatives and provide the necessary direction and guidance to the CTO/CFO and key Disney-Star business leadership members.

Besides, Tirthankar Dutta will also manage information security governance processes, chair the information security advisory committee, and lead information security programs and project priorities at Star-Disney. He will be internally assessing and providing necessary recommendations around security controls to the Disney leadership in India. Dutta’s responsibility also includes establishing an inclusive and comprehensive security program for Disney and developing essential support for internal information systems and technology research capability.

As an IT professional with over 14 years of experience, Dutta has led several IT and IT security projects in top financial services, travel shopping, and IT services companies such as Religare, Expedia, HCL, TCS, and IBM.

Dutta has established and implemented large information security programs, including deploying a patent-pending fraud detection solution that protected thousands of clients from phishing attacks. He has been credited with performing evaluation and selection of IT security tools and successfully implemented IT security systems to protect availability, integrity, and confidentiality of critical business information and information systems.

Before moving to Star-Disney, Dutta was the Sr VP and Head of Information Security at Infoedge India, a pure-play internet classified company. At Infoedge, he led the information security program and built cohesive security and compliance programs to address state and Country statutory and regulatory requirements effectively.

About Star India

Owned by the Walt Disney Company, Star-Disney India is an Indian media conglomerate with its headquarters in Maharashtra. The media company offers content in eight languages through its 60 channels. Its network reaches approximately 790 million viewers a month across India and globally.

For other recent C-Track movements, click here.

Five key steps to a successful RPA implementation

Five key steps to a successful RPA implementation

The Robotic Process Automation (RPA) adoption in India has picked up pace as enterprises focus on developing automated intelligent process automation bots to support their users and employees round the clock. (See: RPA-led tools helping enterprises sail safely through a storm). Despite the benefits RPA offers, many companies struggle to maximize the value of their RPA implementations. Let’s delve deeper into some of the critical steps to a successful RPA implementation for enterprises.

These steps can also ensure there is no gap between reality and expectations from an RPA initiative.

#1. Define your objectives 

RPA is a game-changing digital transformation initiative, automating several traditional mainframe applications by leveraging AI/ML-based software robots. At the backdrop of the pandemic triggered economic slowdown, businesses are increasingly exploring intelligent automation and RPA for refining quality while controlling costs.

According to McKinsey, RPA can deliver up to 200% ROI in the first year of deployment and 20-25% cost savings. Additionally, it also enables organizations to enhance compliance, become risk-averse and strengthen the customer experience. The mundane and time taking processes turn fast, and users get an opportunity to switch to higher-value work.

However, like every strategic technology investment, RPA investments need to be evaluated based on their potential utility to a particular enterprise or a process.

There is no one size fit all solution! As a first RPA implementation step, the process you select for RPA should be carefully mapped against your end-goals. Before you assign the process execution from your employees to bots, you need to set clear goals around what you want to accomplish from a specific RPA implementation and the financial aspects of the deployment.

#2. Select your processes intelligently

An overarching strategy for process selection and implementation should be in place before you move to RPA. The most critical goal that drives RPA adoption is achieving enterprise efficiency for highly repetitive tasks. RPA tools imitate a human being’s actions by following a rule-based structured approach to accomplishing specific routine tasks, helping employees retrieve a significant proportion of their time.

Hence, as a key step for a successful RPA implementation, the process you select for RPA should be mature, predictable, and stable, high-volume, involve a considerable amount of repetitive human efforts, based on pre-defined data patterns, and evaluated on measurable savings. For instance, data validation, extracting data from PDFs, and employment history verification.

#3. Build an execution team

It is paramount for any automated process that a group of team members is assigned to keep a closer look at all the change-related developments and flag any inconsistencies. This team is often called as Center of Excellence (CoE) team for RPA projects.

Enterprises that do not have the right capabilities and resources or deploy the RPA model for the first time can also support specialized external consultants to facilitate RPA implementations effectively.

#4. Develop a robust change management plan

The success of any RPA initiative is dependent mainly upon how internal employees perceive the change.  Similar to any other digital transformation initiative, RPA is also bound to cause apprehension among impacted employees.

While some team members may follow a cautious approach for any recent change, others may like to debate the relevance of change. Moreover, there could be a fear of job losses, change of roles, the transition to a new team, anxiety around lack of training to supervise any new tool, and more.

A robust change management plan includes addressing these fears and anxieties, upskilling and reskilling impacted teams, setting up a robust governance framework, providing the necessary knowledge to groups about the positive impact that RPA will bring for the business. The technology heads and project leads should encourage people to ask relevant questions and engage them through focus group discussions or one-on-one interactions to understand the objectives behind the RPA implementations.

#5. Make sure to conduct the pilots

Any automation process is a long-term journey and needs sustained efforts for success. Do not expect to gain immediate benefits by deploying software robots. It’s a continuous process and needs several pilots before you ultimately obliterate any process-related obstacles or iron out flaws for a smooth run. It is advisable to have a multiple-phase rollout if the process spans several business operations geographies and impacts people from across teams.

Planning for pilots is one of the essential steps to any successful RPA implementation. Pilot implementations of RPA provide an excellent operating overview of the control frameworks, governance structure, and training to ensure that objectives align with expectations; remove reserves, if any;  and get buy-in from key stakeholders.

The growing web of digital payment frauds

The growing web of digital payment frauds

The rapid maturing of digital technologies and contactless payments have made lives of businesses and consumers easier. During the pandemic-stricken, confined ecosystem, enterprises quickly moved to digital and incorporated new digital payment and supply chain models. Consumers were also quick to shift to new behavior patterns and replaced in-store shopping with online shopping. Along with merchants and consumers, cybercriminals switched to new ways as well to expand their malevolent and fraud activities.

The upsurge in the online ecosystem is likely to create a brand new generation of digital customers in 2021. As digital experiences continue to become mainstream, cybercriminals are sensing an unprecedented opportunity to use new tricks and technologies to weave a deep fraud web around the gullible people and vulnerable IT networks.

Pandemic fueling fraud surge

By leveraging the latest technologies and network vulnerabilities, fraudsters explore new ways to target individuals and enterprises who lack adequate knowledge or cybersecurity tools to defend themselves.

Consider some statistics to understand the gravity of the situation: India witnessed over 2.9 lakhs cybersecurity incidents related to digital banking in 2020 (Source: CERT-In); a few months back, grocery delivery major Bigbasket faced a data breach, revealing data of 2 crores of its registered users; according to various industry reports, data breaches cost Indian firms Rs 15 crores yearly on average; FICO, a US analytics company revealed that four in five Asian banks are losing money to fraud as real-time payments rise.

The above data is just the tip of the iceberg. With the pandemic as a backdrop, digital payment frauds can upsurge even further.

Unified Payment Interface (UPI) emerged as one of the easiest ways to transfer money through Google Pay, Paytm, PhonePe, Freecharge, and others. This trend, however, also gave birth to various frauds associated with UPI payments.

The situation’s enormity can be fathomable as fraudsters didn’t even spare the Delhi chief minister’s daughter, as reported by various media outlets recently. She recently fell victim to an online payments scam while selling a piece of old furniture on an e-commerce platform. Last year, an Indian Air Force officer too fell prey to one such scam. The UPI-related frauds are even more concerning as India target massive uptake of digital transactions in the next few years, up from the current 46 billion.

There are also instances where users have fallen victim to fake shopping websites and transferring money by relying on unauthorized payment links received through SMS.

In one of the advisories issued in 2019, the Reserve Bank of India had warned all banks to take robust measures to prevent digital banking frauds that can wipe out the entire balance of a customer using UPI technology. With the more users connected to the mobile and the internet, such incidents are ordained to increase.

AI, ML, and user awareness

It is reasonable that most new customers moving to digital payments lack the knowledge and can be tricked by fraudsters to make security mistakes or provide sensitive information about their accounts. It becomes essential for enterprises and banks to take the necessary steps to combat digital payment frauds in such a scenario. (See: AI in banking now geared for a takeoff)

Enterprises and banks overhauling their payment and customer interface mechanisms by integrating digital pieces need to embed technologies such as machine learning and artificial intelligence to provide a secure and frictionless payment experience to customers.

By leveraging AI and ML algorithms’ competencies, the network can flag anomalies and derive a risk pattern, approving or declining a payment. In the year ahead, AI-enabled virtual chatbots will also play a pivotal role in enhancing user awareness and answer all payment-related queries. Enterprises are also testing predictive and prescriptive analysis to identify fraud in digital payment transactions.

There is a strong need for the industry to come together and make appropriate investments in next-generation security frameworks, real-time fraud monitoring solutions, and knowledge sharing programs to outsmart cybercriminals and strengthen consumers’ confidence in digital payments.

Digital transformation deals put IT sector back on track

Digital transformation deals put IT sector back on track

Buoyed by a rapid acceleration in digital transformation service deals, the Indian IT industry is back on the growth track, leaving behind the pandemic’s impact. In its strategic review 2021, titled ‘New World: The Future is Virtual,’ Nasscom estimated the IT industry to clock revenue of $194 billion in FY21, up from $190 billion a year back, registering a growth rate of 2.3% year-on-year. While the numbers may still be well-short of pre-pandemic 6-7% growth levels, Nasscom projections are really encouraging for one of the major industries in India.

The Indian IT industry is also likely to add over 138,000 new hires during the FY2020-21, taking the total employee base to 4.47 million. Much of this new workforce is expected to support the new-age technologies such as artificial intelligence, the internet of things, cloud analytics, automation, DevOps among others.

According to the Nasscom review, the indigenous domestic market, driven by hardware-led demand, continued to show resilience, growing at 3.4% in the year.

“As we look at 2021, while there are positives on the vaccination front and accelerated digitization across verticals, the technology industry in India is well geared to build on these trends and continue its transformation journey in this re-defined techad,” said Debjani Ghosh, President, NASSCOM.

The Indian IT industry is benefitting from the strong demand for digital transformation technology deals from Europe and Asia-Pacific (APAC). Sectors such as BFSI and healthcare are likely to continue to invest significantly in digital transformational technologies in the year ahead. (See: TCS finds its new growth mojo in DX)

A quantum leap for DX initiatives

Nasscom’s assessment is not surprising since the Indian IT industry has shown remarkable resilience in the last year and played a pivotal role in accelerating economic growth, enabling businesses to overcome supply and demand disruptions through digital transformation.

The disruption caused by the pandemic was terrifying for many enterprises as they were inexperienced in managing an upheaval of such magnitude. The crisis left them no option but to fast-track their digital transformation (DX) plans to meet the evolving market needs, interact with customers and employees. The immediate focus was to deploy technology solutions to enable the remote working for their workforce and increase business resiliency.

Indian IT services majors are also making continuous efforts to build new digital transformation capabilities in India and enhancing their focus on delivering more thoughtful, practical solutions to construct agile, integrated, simplified, and customized environments for their customers. This trend is likely to create further opportunities for IT firms to accelerate digital transformation deals in India and beyond through strategic mergers and acquisitions. Notably, in 2020 alone, the industry witnessed 146 M&A deals, 90% of which were digitally focused.

“Digital transformation is the topmost priority for global corporations, and in a highly connected world that will remain largely contactless for an extended period, there are shifts in business models, customer experience, operations, and employee experience. Our CEO survey for 2021 indicates that almost 70% of companies expect investment in global technology higher than the previous year. In this hyper-digital economy, trust with the four cornerstones of competence, reliability, integrity, and empathy will be the single-most-important currency, leading the industry growth towards a better normal,” says UB Pravin Rao, Chairman, NASSCOM in a media and analyst release.

Long-term impact

The impact of the crisis is going to be experienced for a long time. While the rapid vaccination program might pacify the COVID-19 effect by the end of 2021, the enterprise tech leaders in India will continue to rely on the cloud and AI-based contactless technologies to open their physical offices cautiously. (See: CIOs’ digital transformation focus accelerates recovery for IT firms)

Digital transformation in India and the global market will continue to see a significant focus in the year ahead as companies look to accelerate growth, innovate and compete at pre-Covid levels.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *