Vinit Sinha, Director, Cyber Security Advisory Practice, Mastercard, underlined that with digital transformation, organizations are replacing many of the manual activities with robotic process automation and AI-ML solutions. In addition, financial institutions are aggressively leveraging AI/ML and blockchain to secure customer transactions.
What are the major changes you have observed in the cyber security landscape since the Covid-19 pandemic emerged in India?
The changes are in two ways; the pace of digital transformation in the industry has rapidly increased and as organizations look at digital transformation, the manual process is now been automated. This is also similar for the banking sector, people are not willing to spend money through cash, and we are looking for a mechanism where the digital payment routes can be adopted on a day-to-day basis.
In the post-pandemic phase of Covid-19, how do you see the customer priorities changing in terms of risk and security management?
With digital transformation, many of the manual activities have been replaced by robotic process automation and AI-ML solutions. Organizations have adopted cloud as the priorities of the customers have also changed. While looking at some of this digital transformation or looking at any solutions or trying to move from an on-premise setup to a cloud setup, you will need to make sure that the framework and the best practices are also adopted at the same time.
With digital payment frauds evolving and getting more advanced, how the global digital payment leaders can secure their payment networks to ensure safety for their customers?
As part of the best practices, there are a lot of frameworks including PCI DSS, PA DSS, and PCI Pin. In addition, for contact-less transactions we have standards like PCI CPoG, PCI S POG. These are well defined and thorough standards for secure transactions. Hence, any organization that is looking for digital payments, they should weigh and adopt these frameworks and standards to secure digital payments.
How are the cyber-security assets and requirements of small and medium enterprises different from the large enterprises in India?
Each organization that is digitally connected to the internet is prone to attack. So it does not depend on the size of the organization. If there is an asset that is vulnerable and is connected to internet, then I am sure there will be an attack. So I think organizations, irrespective of their size, must evaluate their vulnerabilities and implement the standards and frameworks based on their infrastructure and need.
Please talk about two of your recent security innovations or best practices.
As an organization, we continuously keep on innovating something. We internally adopted a model where we used ELK to help manage some of our log-related issues. So based on the organization’s need and customers’ need we keep on looking at some of these pieces and then innovate accordingly. I was able to design the first blockchain security framework because blockchain as a technology is very robust and in terms of protecting the infrastructure the entire transaction infrastructure was happening over the blockchain.
How are the digital payment players leveraging emerging technologies like AI/ML, analytics, and blockchain to secure customer transactions?
AI-ML and blockchain are being talked about constantly and has been able to solve a lot of challenges for businesses. Solutions based on AI-ML and blockchain have definitely healed in terms of securing a customer. Same for transactions, if I am doing a transaction in Delhi and minutes later I see another transaction using the same credit card number from China or UK, so now the solutions are designed on the geopolitical region where the second transaction happening from a different region is automatically blocked. In addition, there are multiple other use cases where AI-ML and blockchain as a technology are getting adopted.
According to you what are the three most influential technologies in cyber security over the next 3-4 years?
Cyber security as an industry will continue to evolve. We cannot say that one specific technology is going to solve all the problems. My take will be rather than focusing on the technology, it’s more important to look from the framework design standpoint.