The inaugural edition of the CXO Global Security Summit mesmerized an audience of 1291 delegates by exploring the future of risk management with actionable insights and best practices from industry leaders, experts and security and risk peers to enhance data security and risk management strategy
The CXO Global Security Summit 2021 fortified the fact that an effective public-private partnership is essential in building cyber security resilience across the sectors and industries. Themed on Building Security Resilience, the summit upheld the need to invest in advanced predictive and cyber-intelligence capabilities.
In his opening note on government’s cyber security initiatives, Dr Rajesh Pant, National Cyber Security Coordinator, PM Office, Govt of India, disclosed the recent development on creating a task force to lay down foundation of the National Cyber Security Strategy for the next five years. “The National Cyber Security Strategy 2021 is with the cabinet for approval. The strategy underlines the government’s commitment to ensure a safe, secure, trusted, resilient and vibrant cyberspace. The strategy will define the ways to tackle cyber crime through an elaborate cyber skilling and education roadmap, legislative framework, cyber intelligence and cyber audit processes,” he stated.
He further added that cyber security is crucial to attain our goal to build $1 trillion economy, which has large dependence on initiatives like Digital India and Smart Cities. “In fact, public-private partnership has become crucial to build security resilience across the critical sectors including power, water, transport and telecom.”
The inaugural edition of the CXO Global Security Summit mesmerized the audience consisting of 1291 delegates by exploring the future of risk management with actionable insights and best practices from industry leaders, experts and security and risk peers to enhance data security and risk management strategy.
Speaking on ‘Building Cyber-Immunity with Right Prediction and Intelligence Capabilities,’ Chris Connel, Deputy VP, Global Sales Network and Managing Director, APAC & Japan, Kaspersky, highlighted that with people working from home and high dependence on Internet, organizations are forced to rethink their security strategies. “Against just 1 virus per hour in 1994, we today face 342,000 virus attacks every day, this comes down to 4 malwares per second. As we expect 75 billion connected devices by 2025, it’s crucial for businesses to invest in advanced predictive capabilities in order to Predict, Prevent, Detect and Respond to cyber attacks and build cyber immunity in the organization,” he elaborated.
Sunil Sharma, Managing Director, Sales, Sophos, India and Saarc, stressed on the need to have synchronized and layered security. Speaking on an interesting topic, ‘Cyber Security Evolved,’ he underlined that we face 4 lakh new malwares everyday, of which 75 percent are unique. “Although ransomware constitutes just 23 percent of the threat landscape, it accounts for 51 percent of the organizations that were hit. Interestingly, 73 percent of the ransomware attacks were successful. The environment gets further complicated with the rising number of vulnerabilities increasing every year with over 17,300 vulnerabilities waiting to be exploited in 2020 as per NSIT data,” Sharma said.
Highlighting the challenges, he further added that organizations take average of 13 hours to discover a threat and almost 68 percent of the businesses were hit by cyber attacks in 2020. In addition, 95 percent of the organizations find security talent recruitment a challenging task and 54 percent of the businesses are unable to take full advantage of their EDR solution due to the talent crunch. “Looking at the complex environment and increasing threats businesses need to have synchronized and layered security solution which works in conjunction with each other to enable threat intelligence sharing between endpoint, network and gateway levels.”
Speaking on the Platform-based Approach to Security, Vishak Raman, Director, Security Business, Cisco India and Saarc, specified that security experts are worried about three time-based parameters: Time to hack is reducing from few hours to few minutes; Time to detect is increasing to few months; and the Time to remediate may be few days or weeks. “Among these parameters, time to detect is the most crucial as the focus must be on reducing attacker’s dwell time in order to minimise the impact of the attack. We are seeing customers moving towards adopting a platform-based approach, where a single platform cuts across the layers to gain visibility across network, endpoint, cloud and application,” detailed Raman.
Moreover, in an interesting panel discussion on ‘Economics of Cyber Security,’ moderated by Durga Prasad Dube, Group CISO, Reliance Industries, panellists including Dr Lopa Mudraa Basuu, VP-ISM, Cyber Security and Control, APAC, JP Morgan Chase; Vinit Sinha, Director-Cyber Security Advisory Practice, Mastercard; Manoj Srivastava, CISO, Future Generali India Insurance Company; and Suhas Desai, Senior VP, Aujas Cybersecurity, discussed on how economic models can help security and risk leaders in making effective cyber security investment decisions.
Dube highlighted that it is essential to understand the desired state of cyber security as budgets can’t be unlimited in an organization. He stressed that speaking the business language of the organization is the best strategy to explain the security framework in a board meeting. Srivastava added that applying quantitative risk assessment by converting hyper convergence language to business is the appropriate strategy. “In general, we require 30 percent of the working capital as additional funds to meet solvency guidelines. However, the less capital we invest on security, the more capital you need to reserve to meet the solvency guidelines. Hence, we need to communicate the kind of budget required to deliver a certain level of security.”
Sinha stated that indentifying the crown jewels and digital assets as per the criticality level is essential. “We need to create a holistic security approach taking into account the region we operate in and the kind of attack surface we have. On this framework, we can analyse the current security infrastructure, the gaps and the kind of investment required to fill the gaps.” Basu added that risk prioritization is another aspect of the analysis, where you can prioritize the risks and the timeline to achieve the desired state of security. “The risks can be structured into compliance, brand and operational risks, which form the basis of risk prioritization.”
Desai further highlighted that CISOs should not venture into quantifying the RoI. “RoI in cyber security is directly proportional to brand value protection and must not be quantified. The idea is to think beyond the compliance requirements and how we can secure our assets and operations.”