By Lux Rao, Director – Solutions & Consulting, NTT Ltd. (India)
As enterprises face a barrage of cyberattacks, and the nature of these attacks is growing in sophistication, it is becoming difficult to pinpoint the vulnerabilities. The bad actors are becoming smarter and more coordinated. It has become a very organized industry, even though it is a dark industry. So here are three key aspects that organizations must immediately address as they prepare their cybersecurity strategy for 2020.
Firstly, enterprises need to be in a state of perennial alert. That calls for a set of robust threat intel, with an early warning or an advanced information system.
Whether an enterprise can do it on their own or depend on partners is not even a question. Organizations will have to work with partners who can provide threat intel and secure all flanks for an enterprise.
Secondly, AI and ML-based systems are becoming crucial factors in the evaluation and selection of security solutions. The volume (of attacks) is large, so you need to have not just machine learning, but also a constant learning algorithm that knows what the bad actors are up to, right up to the minute. This mitigates threats or provides early warning to enterprises.
Your partner could analyze threats, and not just for one technology, but for all technologies. The bad actor can enter through any door. If you secure your front door, which is your data center with robust prevention systems, and if you have a vulnerable backdoor, a trojan horse, then even the sensors can become the attack vector.
The third one is interesting. The identity is not limited to only humans now. By 2021 there will be nearly 50 – 55 billion devices and sensors for 7.5 billion people. That’s seven sensors or devices per human being.
So, you need to be looking at identity management not just from a human perspective, but it should identify and secure humans, applications and machines. You need to have one view and you need to monitor that behavior constantly.
The Personal Data Protection Bill, 2019
India’s Personal Data Protection Bill, 2019 is also a progressive move in regulating how a user’s data is protected without compromising data sovereignty. It will represent a huge shift in the way enterprises handle data. Organizations will be expected to overcome several unique regulatory and compliance challenges to meet the requirements of the regulation. This is not seen as a big challenge for implementation as Indian organizations are already very sensitive about security. GDPR was a big movement and it made everyone take security more seriously, but only as “best practices.” There is scope for full compliance and by focusing on the principle of “data protection by design and default,” this Bill will encourage organizations to make privacy and data protection a part of core business values, instead of a casual afterthought.
Since most organisations now will collect, store and process the data within the country to avoid any complications, it will also make India a processing hub. It will also allay data privacy fears, thereby giving us (in India), as well as the global players, the added confidence to actively participate in our growing digital economy.
These are some of the key takeaways, which are very relevant in geographies like India. India’s adoption of the digital twin has been very elementary so far. It is still shaping up, but once it comes into the mainstream, we need to be looking at that as well. It could be a target for attackers.
Disclaimer: Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.