In an ever-evolving inter-connected digital world, data is the most important aspect for all. Organizations collect and store huge amounts of data like customer information, financial data, intellectual property etc. and these data help to improve their products and services, target their marketing campaigns, make better business decisions, help to gain competitive advantage and also essential for many new technologies. As the importance of data is growing, it is also becoming a target for cyber criminals. With the emergence of new technologies, the cyber criminals are also coming up with sophisticated tools for data theft. This leads to various consequences like financial loss, damage of reputation, operational disruption, legal consequences etc. So, cybersecurity and data privacy are critical for every organization today.
Nowadays, law is also urging organizations to stress upon cybersecurity and data privacy and if they fail to do so then they must be prepared to face legal consequences.
The guardians of this digital realm, the experts and leaders in data security, cybersecurity, and privacy, have taken center stage to ensure that the invaluable assets of businesses and individuals remain safeguarded in this dynamic and sometimes perilous landscape. From pioneering innovative approaches to data security to navigating the combined risks of innovation and security, these leaders provide essential guidance in a world where the battle against cyber threats is ongoing.
Cybersecurity and data privacy are essential in today's hyperconnected world
Rajesh garg
Sr. Executive VP & Chief Digital Officer, Application & Cybersecurity Services
Yotta Data Services
“As we know, the world is becoming increasingly digital, with data being one of the most valuable resources. Organizations collect, store, and process vast amounts of data, including sensitive personal and financial information. This data is an open field for cybercriminals, and a data breach can have devastating consequences for an organization, both financially and reputationally. Not only there are direct costs of remediating the breach and compensating the affected individuals, but organizations can also lose revenue, customer confidence, and have to deal with regulatory consequences.
Data privacy is also important for organizations, both to comply with regulations and to build trust with customers and employees. By ensuring data privacy, organizations can demonstrate their commitment to respecting the rights of individuals and avoid regulatory violations.
Prioritising cybersecurity and data privacy, therefore, is essential in today's hyperconnected world to gain a competitive edge and maintain trust with both internal and external stakeholders.”
Compliance with law: The way to address concerns of growing cybercrime and data privacy
Dr. Pavan Duggal
Chairman, International Commission on Cyber Security Law
“The ramifications for data breach for organisations are very serious. Once a data breach takes place, the same has to be reported within six hours to the nodal agency on cyber security under the IT Directions 2022. Non-reporting becomes a criminal offence punishable with imprisonment and fine and the top management gets exposed to the criminal liability. Further, if there is a personal data breach of personal data that is resident on the systems of corporations, they could be fined upto Rs 250 crore per contravention under the DPDP Act. Hence, the ramifications for data breach for corporations are both civil and criminal and compliance is the only mantra as they move forward.
Organisations need to address the concerns of growing cybercrime and data privacy by ensuring compliance with law. All organisations today invariably are intermediaries under the Information Technology Act, 2000. They are required to implement and maintain reasonable security practices and procedures e.g. ISO 27,001 for them to be complaint with the law. Further, they must comply with the parameters of the IT Directions 2022 and the relevant parameters of the DPDP Act. Only by compliance with the parameters of law, can the organisations claim their statutory exemption from legal liability and hence address the concerns of growing cybercrime and data privacy.”
A holistic and pro-active focus required on risk management, cybersecurity and data privacy
Vijay Sethi
Chairman, Mentorkart
“In today’s era, data is one of the most valuable assets an organization possesses. Whether it's customer or employee information, financial and other transactional records, intellectual property and trade secrets or other data including e-mails, protecting this data is crucial not only to maintain competitive edge but also for building trust with customers, employees and other stakeholders and safeguarding organization's reputation. In addition, cyber attacks can lead not only to disruption of day-to-day operations, downtime, productivity loss but there could be severe legal consequences.
While, one can see that organizations are ramping up their cyber security technology solutions and going beyond traditional solutions like Firewalls, Intrusion prevention/detection systems (IPS/IDS), anti-virus etc. to solutions like EDR/XDR/MDR, DLP, SIEM and SOAR, CTI or setting up SOC or enhanced focus on end user training and awareness, however, I feel couple of areas where still lot of focus needs to be given include:
◆ OT (Operational Technology) security
◆ Periodic Risk Assessment and internal / external audits
◆ Increasing threats because of Shadow IT
◆ Finally, building an organizational culture where everyone cares for Cyber security and data privacy and it is not considered as on ‘overhead’ or ‘burden’
In conclusion, as organizations implement more and more digital solutions to help their customers, employees, other stakeholders and to enhance not only organizational productivity but also their products, a holistic and pro-active focus on risk management, cybersecurity and data privacy has to be there.”
India Power committed to adopting a proactive and
multi-layered approach
Sanjeev Sinha
President – IT & Digitization, India Power Corporation
“Many organizations are addressing the concerns of growing cybercrime and data privacy through a combination of technology, processes, and cultural changes. We at India Power too have taken several steps to address these concerns. We are an ISO27001 certified company and are guided by all 114 controls in the framework. While we have robust cybersecurity measures such as AI powered firewalls, intrusion detection systems, and antivirus software to protect against cyber threats, the focus has been on training our employees in addressing these concerns and also bringing the secure best practices. We are classified as CII (Critical Information Infrastructure) by the Ministry of Power and hence we are all steps mandated by the Government of India, including a CCMP (Cyber Crisis Management Plan) in place.
India Power is committed to adopting a proactive and multi-layered approach to address the concerns of cybercrime and data privacy. By combining technology, education, and a commitment to privacy and security, we aim to reduce risks and protect sensitive data while maintaining the trust of customers and stakeholders.”
Healthcare sector faces Ramsomware attacks in a major way
Dr. Sushil Kumar Meher
CIO, Dept. of Computer Facility, AIIMS
“Healthcare continues to be the most targeted sector nowadays. Cyber security is the process of protecting systems, devices, networks, IoMT devices and data from any type of unauthorized access or attack. Cyber attacks typically try to gain access to sensitive information and alter, disrupt, destroy or control that information for malicious or criminal intent.
There are more and more Ransomware attacks being carried out on medical institution infrastructure. A study by Sophos highlights the rate of data encryption following a ransomware attack in healthcare was the highest in the last three years: 73% of healthcare organizations reported that their data was encrypted in the 2023 report, up from 61% in the 2022 report and 65% in the 2021 report. In more than one-third of the attacks (37%) where data was encrypted, data was also stolen.
6 Data Security Breach Consequences in healthcare organization:
◆ Damage to the reputation of the organization.
◆ Disruption of services
◆ Revenue Loss those who are in health care business
◆ Online Vandalism
◆ Loss of Intellectual Property
◆ Losing confidence of patients
Nowadays Cyber Security is crucial in healthcare digital data to protect sensitive patient information, comply with regulations, maintain patient trust, and prevent financial losses. It consists of a range of actions to safeguard organizations from internal and external cyber-attacks, guarantee the availability of medical services, maintain confidentiality, ensure the proper operation of medical systems and equipment and integrity of patient data, and comply with industry regulations.”
Proactive and multi-faceted approach ensures effective protection of organization and data
Smith Gonsalves
Director, CyberSmith Secure
“In addressing the concerns of growing cybercrime and data privacy, our organization adopts a comprehensive and proactive approach. We recognize that the threat landscape is dynamic and continuously evolving. Therefore, we prioritize several key strategies to safeguard our data and mitigate cyber risks.
First and foremost, we have established a robust cybersecurity framework that includes the latest technologies, threat intelligence, and security best practices. We continuously monitor and assess our security posture to identify vulnerabilities and proactively address them.
Secondly, we place a strong emphasis on data privacy by adhering to relevant regulations and industry standards. This includes implementing strong access controls, encryption, and data retention policies.
Moreover, our organization invests in ongoing training and awareness programs for our employees. Every employee is educated about the importance of data privacy and security.
Lastly, we maintain a robust incident response plan that ensures swift and effective action in the event of a breach. This plan encompasses detection, containment, eradication, and recovery procedures to minimize the impact of any security incident.
In conclusion, we are fully committed to addressing the challenges posed by the growing cybercrime and data privacy landscape. Our proactive, multi-faceted approach ensures that we can effectively protect our organization and the data entrusted to us while also maintaining the highest standards of cybersecurity and data privacy.”
Adopting comprehensive approach to address growing cyber threats and data privacy
Avneesh Vats
GM (IT), EESL
“Our organization takes a comprehensive approach to address the growing concerns of cybercrime and data privacy. We prioritize cybersecurity by implementing a robust set of measures, including firewalls, intrusion detection systems, and encryption to protect our data and systems from external threats. Regular assessments are conducted to identify vulnerabilities and potential risks, allowing us to allocate resources effectively. We recognize the importance of employee training, ensuring that our staff is well-informed about cybersecurity best practices and can recognize and respond to potential threats, such as phishing attacks. Access controls are enforced to restrict data access to authorized personnel only, reducing the risk of insider threats. Regular software updates and patch management keep our systems secure. We conduct cybersecurity audits and assessments to evaluate and improve our security posture. Our commitment to secure development practices reduces vulnerabilities in any software or applications we develop. We actively monitor and detect unusual or suspicious activities through continuous monitoring and advanced threat detection systems, enabling real-time response to threats. Our approach to addressing these concerns is ongoing and adaptive, recognizing that the threat landscape is ever-evolving.”
Cybersecurity and data privacy are fundamental to success and sustainability of a business
Col. Inderjeet Singh
Chief Cyber Officer, Vara Technology
“Cybersecurity and data privacy are of utmost importance for organizations. They are essential for protecting sensitive information, complying with regulations, maintaining trust, ensuring operational continuity, gaining a competitive advantage, safeguarding the supply chain, managing financial stability, and, in some cases, upholding national security. Cybersecurity and data privacy are not optional considerations for organizations. They are fundamental to the success and sustainability of any modern business.
As technology evolves, new threats and vulnerabilities emerge. Staying ahead of these threats requires a proactive approach to cybersecurity and data privacy.”
The ramifications of a data breach for corporations are indeed serious and have been growing in significance over the years. Data breaches represent a significant and growing threat to corporations. Mitigating these risks requires a proactive approach to cybersecurity, including robust security measures, employee training, and incident response plans. Corporations must stay informed about evolving data protection regulations to ensure compliance. The consequences of a data breach are far-reaching, and their severity underscores the importance of taking data security seriously in today's digital business landscape.
A robust incident response plan in place helps minimize damage
Ruby Mishra
National IT Security Officer, KPMG India
“Cybersecurity and data privacy are essential not only for protecting an organization's interests, but also for maintaining trust and security in the broader digital ecosystem. It is imperative to have them in an era when data is valuable but vulnerable as well. The importance of cybersecurity and privacy in the workspace cannot be overstated. It has gone beyond protecting sensitive information to maintaining customer, client, and partner trust. Financial losses, reputational damage, legal liabilities, and regulatory penalties are possible consequences of negligence when it comes to cybersecurity and data privacy. To ensure long-term success and sustainability in today's interconnected world, organizations must prioritize these aspects.
Data breaches can damage a brand's reputation and cause clients to lose trust in the organization. Legal and compliance consequences can also result from data breaches. In some cases, data breaches can lead to identity theft and a loss of privacy, which can have serious consequences for individuals. As a result, organizations must take proactive measures to prevent data breaches and have a robust incident response plan in place to minimize damage should a breach occur. In cyberspace, continuous vigilance and adaptation are required due to the rapidly evolving nature of cybersecurity threats.”
Prevention and preparedness: Key to mitigate cyber incidents
Pradnya Manwar
Sr. Director - Information Security and Cybersecurity, Sutherland Global Services
"The consequences of a data breach for corporations are multi-faceted and can have far-reaching effects. Prevention and preparedness are key to mitigating the potential fallout from such incidents.
The ramifications of a data breach for corporations are indeed substantial and continuously evolving. Here are some key points to consider:
Data breaches can lead to significant financial losses. This may include the costs of investigating and mitigating the breach, legal fees, fines for non-compliance with data protection regulations, and potential lawsuits from affected parties.
Perhaps one of the most critical aspects is the damage to a company's reputation. A high-profile data breach can erode customer confidence, potentially leading to a loss of business and market share.
Losing customers due to a breach is not only a direct financial hit, but it also increases the cost of acquiring new customers to replace those who leave.
Depending on the jurisdiction and industry, companies may face a range of legal consequences. These can include fines for non-compliance with data protection laws (e.g., GDPR, CCPA), as well as potential lawsuits from affected individuals or groups.
Following a breach, companies often need to invest in enhanced cybersecurity measures to prevent future incidents.
Insurance premiums for cyber liability policies may increase following a breach.
High-profile data breaches can lead to a drop in a company's stock price, especially if investors lose confidence in the company's ability to protect sensitive information."
A Data breach draws serious consequences for organizations
Prince Joseph
Group CIO, NesT Group and SFO Technologies
“Cybersecurity and data privacy is not just essential but also critical for organizations of all sizes. In today's digital world, organizations collect and store huge amounts of data, including sensitive customer information, financial data, and even intellectual property. Organizations can use data to improve their products and services, target their marketing campaigns, and make better business decisions. Data is also essential for many of the new technologies that are driving innovation in the economy, such as artificial intelligence, machine learning, and the Internet of Things.
This data is a valuable asset that can be used to gain a competitive advantage, but it also makes organizations a target for cybercriminals.
A data breach can have serious consequences for organizations, including:
Financial losses: Organizations can incur significant financial costs to investigate and respond to a data breach, including the cost of notifying affected individuals, providing credit monitoring and identity theft protection services, and paying fines and penalties.
Damage to reputation: A data breach can damage an organization's reputation and erode customer trust.
Loss of customers: Customers would be less likely to do business with an organization that has experienced a data breach especially industries worried about IP protection.
Legal liability: Organizations may be held legally liable for damages caused by a data breach.”
Cybersecurity and data privacy Critical for an organization
Arvind Singh
CTO, Puravankara Group
“Both cybersecurity and data privacy are most critical for any organization as cyber security is the biggest thread and data is the new oil in today’s digitally connected world.
Data privacy starts from data definition, its capturing, storage, on the move, access controls, awareness and well-defined data policy, backup and recovery in place.
Cybersecurity is not limited to network security (switches, DNS, firewall etc.), but also includes servers, applications, end-points and beyond. It is not just limited to internal network posture but also includes external surface which is not in our control like social network, internet, dark web etc. to ensure there is not identity or data theft, also ensuring brand identity & value.
The ramifications of data breach are a serious and a growing concern for the organizations.
Data breaches like Phishing, Eavesdropping, Denial-of-Service (DoS), Malware and many more, can affect the brand's reputation and cause the company to lose customers. Breaches can damage and corrupt databases. Data breaches also can have legal and compliance consequences. Data breaches also can significantly impact individuals, causing loss of privacy and, in some cases, identity theft, financial losses, damage individual’s credit score, and bring emotional distress.”
Data privacy and cybersecurity are inextricably linked
Tarun Bali
VP - IT, Beauty & Beyond
“Though there are clear distinctions between the two, data privacy and cybersecurity are inextricably linked. The fundamental distinction is that cybersecurity focuses on preventing security breaches, whereas data privacy guarantees that a user's information is handled responsibly. These are always vital for the firm, and now we all need to comply with the Personal Data Protection Act (PDPA) recently enacted by the Indian Parliament, we should be more serious about data governance and proactively protect the data and resolve the breaches on the fly while also preserving privacy utilising the best cloud, application & data architecture to decrease the risk and threats.
PDPA necessitates on-going expertise, a broad set of tools, and rigorously established procedures. This is a journey that takes continual dedication, and you hold the key to success.
There must be a two-step approach: Top down to avoid intrusions and breaches and bottom up to safeguard the data at the architecture level, with state-of-the-art warnings, alerting and logs systems to lock the database instantly during attacks or leakages. This can be accomplished by improvising protocols and methods including hardware, software, and hosting, with best practices to manage and govern data assets securely.”
Cyberattacks leads to serious consequences
Harsh Arora
Group Head – IT, Hindustan Powerprojects
“Cybersecurity involves implementing various measures and technologies to ensure the confidentiality, integrity, and availability of information stored and processed on computer systems.
Cybersecurity is important because cyberattacks can have serious consequences, including financial loss, Reputational damage, Physical harm. It protects digital assets like Sensitive personal and financial information, Intellectual property, Critical infrastructure, personally identifiable information (PII), Protected health information (PHI) and Government and industry information systems from theft and damage.
Data privacy empowers individuals to maintain control over their personal information. It allows them to decide how their data is collected, used, and shared. By respecting individuals' autonomy, data privacy ensures that personal information is not exploited or misused without consent.”
Implementing industry-specific strategies to address cyber crime and data privacy
Sanjay Kumar Singh
Head - IT Operations & Digital Transformation, Global Education (GEDU)
“As a leading global education service provider, we are acutely aware of the critical importance of addressing the growing concerns of cybercrime and data privacy within our industry. To safeguard our vast network of employees, students, and educational campuses worldwide, we have implemented industry-specific strategies:
Tailored Security Solutions: We employ customized security measures that cater to the unique needs of educational institutions, including safeguarding student and faculty information, research data, and intellectual property.
Data Governance Framework: Our data governance framework ensures that student records and academic data are treated with the utmost confidentiality and compliance with educational data protection regulations.
User Training: We conduct regular training sessions for both staff and students, emphasizing the responsible use of technology and the importance of maintaining privacy and security.
Secure Online Learning: With the rise of online education, we've invested in robust e-learning platforms with secure access controls and encryption to protect the digital learning environment.
Incident Response Team: In preparation for potential security incidents, we've established a dedicated incident response team that coordinates responses to data breaches and cyber threats in a swift and organized manner.”
Proactive and comprehensive approach required to combat cyber challenges
Bohitesh Misra
CTO, Avexa Systems
“In my view, some of the challenges faced by organizations and the strategies to mitigate these threats are:
◆ Organizations hold a vast amount of sensitive data, including customer information, financial records, intellectual property, and more. Maintaining the confidentiality and integrity of this data is vital.
◆ Data breaches can severely damage an organization's reputation and erode trust with stakeholders, customers, and partners.
◆ The costs associated with data breaches, including incident response, legal fees, regulatory fines, and loss of business, can be astronomical.
◆ We need to adopt a multi-layered approach to cybersecurity and regularly update software and systems patches, conduct vulnerability assessments on a periodic basis and educate employees.
◆ mplement a cloud security strategy that includes cloud-native security tools, identity and access management controls and encryption.
◆ Develop a strong compliance framework that includes data protection regulations relevant to your industry.
The challenges posed by data growth, cyber threats and ransomware attacks require a proactive and comprehensive approach. As a CIO, I advocate for continuous monitoring, investment in advanced security technologies, employee training and collaboration with external security agencies and experts to stay ahead of evolving threats and ensure the security of our organization's digital assets.”
By implementing Cyber Security policies and Data protection measures, cyber threats can be mitigated
Yogendra Singh
Head - IT/SAP, Barista Coffee Company
“Organizations can address the concerns of growing cybercrime and data privacy by assessing cybersecurity practices of partners, prioritizing data protection measures, training employees in security principles, protecting information, computers, and networks from cyber-attacks, complying with data security requirements, establishing a cybersecurity policy, building an incident response plan, inventorying data, and strengthening reputation.
As best practices Barista implemented Cyber Security policies and Data protection measures.
◆ An incident response should be formed to take actions to handle cybersecurity incidents and mitigate their consequences
in a timely manner.
◆ Organizations must prioritize data protection measures to protect sensitive data from breaches and comply with regulations such as the GDPR and CCPA.
◆ Organizations should establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies.
◆ Protect Information, Computers, and Networks from Cyber Attacks: Organizations should implement measures to protect information, computers, and networks from cyber attacks.
◆ Implementing proper security measures can ensure compliance with data security requirements, helping organizations avoid extensive fines due to non-compliance.
◆ Organizations should establish a cybersecurity policy that creates rules governing the organization's sensitive data for the data usage policy. It should contain guidelines for employees, stakeholders, and third parties when handling data.”
Education, Refresher, Certification – The key to mitigate cyber threats
Dhananjay Rokde
CTO, Ceinsys Technology
The cost of a data breach has increased exponentially. The smallest breach can lead to nearly devastating ramifications. The world has even witnessed bankruptcy of large corporations over data breaches. The traditional role of a CISO has now drastically changed. CISOs deserve a seat in the boardroom. Information Security professionals are now responsible for keeping the organisation afloat, ensuring business continuity and minimising legal consequences. India’s cutting-edge parliamentary resolution – The Digital Data Protection Privacy Act, 2023 is a landmark Bill. This shows the world's seriousness towards sensitive matters such as data protection and privacy, of the worlds biggest Tech Economy. The levy of heavy fines to the tune of multi-crore rupees, as well as a percentile of the company’s turnover is the level of commitment shown by the Indian Government. Enhanced punitive actions against CyberCriminals and organised CyberCrime is also another indication of the value of our digital democracy and protection of every Indian Cyber Citizen.
“Education, Refresher, Certification – Repeat! There is no better mantra for reduction of Cyber crime and breach of privacy. Human beings are the weakest link in the chain of cyber events; and it is imperative that they are sufficiently empowered with knowledge. This education is enriched with a layer of strong processes. Continuously evolving processes ensure that organisation stays abreast with the latest threats, regulations and compliance requirements. Technology is the final block in this puzzle. State-of-the-art technology is NOT the answer to deterring CyberCrime or data breaches. The design of security controls as per recommended principles, architecting the overall solution and deployment of preventing and detective controls leads to an effective CyberSecurity solution. Once cannot emphasise enough on the classic principles of least privilege, multi factor authentication, privileged identity management, default-deny and continuous monitoring. These principles have been re-invented into newer Cyber jargon such as Zero-Trust or SASE etc. It is also crucial that the Board and investors are continuously sensitized on matters of security and privacy. Strong messaging from the top-down, and adherence to policies form the bottom-up leads to a successful CyberSecurity program."
Cybersecurity and data privacy are paramount in digital landscape
Jaideep Khanduja
CTO, AccioMango
“Cybersecurity and data privacy are crucial for organizations to protect sensitive information, maintain trust, and avoid legal and financial repercussions. They are paramount in today's digital landscape.
The ramifications of a data breach for corporations are increasingly serious. They can lead to financial losses, damage to reputation, legal consequences, and the loss of customer trust, making robust cybersecurity measures essential.
By implementing robust cybersecurity measures, conducting regular security assessments, providing employee training, and complying with data protection regulations like GDPR and CCPA to safeguard sensitive information.”
Cyber Insurance is a must to safeguard DATA
Tejas Shah
Head IT - Applications / Infrastructure, Prince Pipes and Fittings
“Cybersecurity and data privacy are of paramount importance for safeguarding personal information, ensuring business continuity, maintaining trust, complying with regulations, protecting intellectual property, upholding organization security, preventing financial losses, preserving personal autonomy, ensuring public safety from external threat actors, and fostering technological innovation.
As technology continues to advance, the importance of these concepts will only grow and accordingly need to keep working and innovating the support and internal user awareness.
We need to have a well-planned structured objective in concurrence with the management team. Preventing data breaches in corporations is essential to safeguard sensitive information and maintain trust. Below are some To-DOs / Must-Dos:
◆ Risk Assessment
◆ Access Control
◆ Employee Training
◆ Security Policies and Procedures
◆ Endpoint Security / Updated Softwares / Firewalls and Intrusion
Detection/Prevention Systems / Multi-Factor Authentication (MFA)
◆ Cyber Insurance is a must to ensure safeguard.
Addressing cyber concerns by following regular security posture assessments
Dr. Makarand Sawant
VP – IT, Sahyadri Group
"We addressing the concerns of growing cybercrime and data privacy with regular security posture assessments and implementation of latest Threat Intelligence solutions and technologies like Nextgen firewalls, EDR/XDR and following some basic practices like encrypt your data.
Keeping software and apps up to date. Apply patches the same day vendors release them, and hackers will be much less likely to breach your system.
Regularly audit your system, cloud storage, and everything connected to your network to monitor unused apps. Uninstall them to prevent them from becoming attack vectors in the future. Uninstall software that vendors no longer support, patch, or update.
Keep a list of every computer and device authorized to connect to your network. Hackers generally don’t have access to authorized devices, so your system will block them when they try to connect.
Use access control systems to give employees access only to the apps, programs and data they need to do their job.
Stop ransomware and malware from being downloaded to your network by installing the best EDR/XDR solution. Nextgen Firewalls can detect viruses and stop malware and phishing attacks.
Use a backup service with cloud encryption to back up your database. It’s harder for a cybergang to threaten your data if you have a copy of it securely stored elsewhere.
Secure your company’s Wi-Fi network. Use secure passwords, and consider implementing an encrypted, centralized password-management system to better protect your network and terminals. Implement dual-factor authentication. Secure every item connected to your network with the same diligence you use for terminals, laptops, and mobile devices."
SMBs face serious ramifications of data breaches
Hariharan Subramanian
VP ‑ IT, Shriram Properties
“Over the last decade, with rapid digitization and the adoption of new technologies, data breaches have increased exponentially. India has witnessed close to 14 lakh cybersecurity incidents in the year 2022. This number will only keep increasing as we move through this digital world. As a recent report by IBM, the average cost of data breaches in India has reached around INR 18 Cr which is an all-time high.
Data breaches can have serious ramifications for Small and Medium-sized businesses (SMBs). A lot of SMBs have gone out of business because of data breaches. SMBs often consider cybersecurity as a cost and consider it as one of the least priorities. Hackers take advantage of this opportunity and breach the security of SMBs who are underprepared to handle cybersecurity incidents.
The impact of data breaches goes beyond immediate financial losses, extending to reputation damage, legal consequences, operational disruption, and many more. To mitigate these ramifications, organizations must prioritize cybersecurity and data privacy, investing in robust defense measures, incident response plans, and ongoing employee training to reduce the likelihood and impact of data breaches. Additionally, transparency and communication with affected parties are crucial steps in managing the fallout of a data breach effectively.”
Building Trust, Transparency, and AI-Powered Protection is the Future of Security
Jacob DePriest
VP, and Deputy Chief Security Officer, GitHub
“Trust and security are table stakes for every industry, and it’s crucial for businesses and their security teams to remain vigilant as they navigate this complex threat landscape. I firmly believe that we can continue to make significant software security gains with a focus on the following key pillars.
Security leaders should seek opportunities to build an environment where the security team is a trusted partner to the business while prioritizing open, transparent communications around security events. That partnership should also extend outside of the organization across the public-private sector, in support of shared security goals and the open-source developers behind the software we all rely on. Additionally, driving consumer and B2B awareness of the importance of good cybersecurity practices is essential.
Finally, looking ahead, we’re going to see AI ushering in a new era of security, which will fundamentally change how we prevent vulnerabilities from occurring in code. For all the talk of “shifting security left”, there’s no better way to do that than what we’re seeing with the AI-assisted pair programmer right in the IDE. While it’s early days in this space, tools like GitHub Copilot are helping to ensure the code developers are writing is safe and secure in real time, holding some of our most promising opportunities to secure code from the start.”
Dell Technologies Protecting the Digital Ecosystem for a Safer Tomorrow
Teja Manakame
Vice President (IT), Dell Technologies
“At Dell Technologies, we are proud to be at the forefront of all cybersecurity challenges and solutions for our customers and partners. In an era where data is the currency for businesses, and our personal lives are increasingly intertwined with technology, safeguarding our digital world has never been more critical.
As we embark on this journey of heightened awareness, it is essential to recognize that cybersecurity is not solely a matter of technology; it's a collective responsibility that transcends industries, borders, and backgrounds. It's about protecting our shared digital ecosystem and ensuring that it remains a force for good.
At Dell Technologies, we believe that cybersecurity is an integral part of our DNA. We are dedicated to providing cutting-edge solutions that not only protect our customers' data but also empower them to thrive in a digital world. From securing endpoints to safeguarding data in the cloud, our mission is clear: to make cybersecurity accessible and effective for all. As we navigate the ever-changing landscape of cyber threats, let us remember that the power to fortify our digital world lies within each of us. Together, we can build a safer, more resilient cyberspace.
This Cybersecurity Awareness Month, let's unite our efforts, share knowledge, and foster a culture of vigilance. In doing so, we can turn the tide against cyber threats and ensure a brighter, more secure digital future for all.”
The CIA Triad navigating Cybersecurity Challenges and Solutions
Yihao Lim
Mandiant JAPAC Lead Threat Intelligence Advisor, Google Cloud
“In cybersecurity, there is a concept of the "CIA Triad" which represents Confidentiality, Integrity, and Availability. Privacy can be categorised under the confidentiality pillar and this, along with integrity and availability of information is crucial to the operation of any organization. Any unauthorised compromise to either of the CIA elements could lead to a loss of reputation, regulatory actions against the organization or business disruption.
The success of high-profile cybercrimes could embolden more cybercriminals to conduct attacks. An example is the growing affiliate model of ransomware-as-a-service, where ransomware creators now create a platform that allows non-technically skilled cybercriminals to participate in the ransomware attacks.
Under this model, operators or affiliates do profit sharing with the original platform owners when victims pay their extortion amounts. This system allows more cybercriminals (who are non-technically skilled) to participate in the ransomware extortion scheme, and this is likely to exacerbate the growth of ransomware attacks by the sheer scale of operators using the platform to launch attacks.
Mandiant is actively working with governments and fostering partnerships to raise cybersecurity awareness, share best practices and contribute to upskilling programs. We are also committed to developing innovative solutions to help our customers proactively mitigate cybercrime threats in this rapidly changing cyber landscape.”
Managing the Combined Risks of Innovation and Security in the Era of Technology
Puneet Gupta
Vice President & Managing Director, NetApp
“Data is the most valuable (and hence vulnerable) asset for businesses today. Advanced technologies like AI and ML will help drive data-driven decisions , further accelerating business growth. That said, both end users and technology providers will need to exercise caution and look at the vulnerabilities that come with the use of these technologies.
The use of emerging technologies can be akin to two sides of the same coin. While technology providers leverage it to thwart attacks, attackers use AI to launch attacks that are harder to detect.
Today ransomware is one of the biggest threats to data security, with attacks and attackers getting more sophisticated. Recent data by SonicWall shows a 133% rise in ransomware along with a 311% increase in IoT attacks in India alone. As solution providers, we need to fortify the landscape as much as possible, and be able to anticipate evolving threats, and test our resilience against them.
Gartner predicts that by 2024, organisations adopting robust cybersecurity architecture will reduce the financial impact of security incidents by an average of 90%. As a means of addressing such challenges, we recommend monitoring for abnormalities in the storage solutions, post which its access to the main network can be cut off while taking remedial measures.”
Redington's Comprehensive Solutions and Trusted Expertise Elevating Cybersecurity in the Digital Age
Mario Jude Praveen
General Manager - Cybersecurity, Technology Solutions Group, Redington Limited
“In recent years, the digital landscape has exposed enterprises to an uptick in both the frequency and complexity of cyberattacks. Trends like remote work, telecommuting, and the growing demand for remote access have made businesses in various sectors susceptible to a wide range of cyber threats.
In this digital age, Redington steps in as a trusted advisor that can help its partners identify and implement the right cybersecurity solutions for their customers. Our portfolio encompasses Hybrid Cloud, Network, and Enterprise Security, along with advanced technologies, a robust security system, URL redirection, ATP, and mail sandboxing for comprehensive threat protection.
To fortify our security stance, we've seamlessly integrated Behaviour-Based Security alongside Extended Detection and Response (XDR) solutions, effectively mitigating system and device-related risks. Our strategic collaborations with esteemed security agencies have empowered us to entrust our Security Operations Center (SOCS) services, guaranteeing continuous monitoring and robust Security Information and Event Management (SIEM) support.
As we navigate this digital age, let us not lose sight of the positive transformations that technology has ushered into our lives and businesses. With Redington as your steadfast partner, we remain committed to preserving the digital realm as a realm of opportunity, growth, and accessibility, where the harmony of security and progress thrives.”
Education, Investment, and Preparedness Fostering Cybersecurity Resilience
Sandeep Bhambure
Managing Director and Vice President -India & SAARC, Veeam Software
“With another Cybersecurity Awareness Month upon us, it’s a timely reminder of how important ongoing education and upskilling in the sector is - across all levels. We’ve seen several major cybersecurity incidents make waves across APJ, such as the Latitude and MOVEit data breaches, fueling ongoing conversations around how data is stored. The conversation is shifting from how a hack happened, to how organisations are protecting data, particularly how they are storing it. Data breaches are not only a threat towards reputation; attackers can also encrypt data, making it unrecoverable.
Veeam’s 2023 Ransomware Trends Report revealed an overall increase in cybersecurity investment from organisations across Asia Pacific, with cyber prevention and backup budgets increasing by 5.4% and 5.6% respectively. For organisations to fully benefit from this increased investment, it is essential that they maintain strong communication across teams within the business, such as between IT and senior management.
This ensures there is a clear and consistent cyber strategy in place with a business continuity plan to ensure efficient recovery in the case of an attack.
IT leaders need to prepare their businesses for any attack. Finding the right backup solution and storing data smartly are precautions that businesses should take in addition to ongoing education and upskilling of employees on how to evaluate new technologies. Regularly maintaining the security of users, networks and data can reduce the chances of getting hacked and minimise data recovery time in the case of a breach.”
Commvault's Innovative Approach Redefining Data Security in the Digital Era
Balaji Rao
Area Vice President, India & SAARC, Commvault
“The evolving nature of cybersecurity threats demands a paradigm shift in how organizations approach data security. To ensure a company's security, it is essential to understand that its weakest link interacting with data determines its security strength. In response, organizations must adopt innovative strategies that integrate privacy and security into the core of new digital solutions. Detecting and addressing security gaps before they are exploited by malicious actors are essential for safeguarding data assets and maintaining seamless business continuity.
Commvault is pivotal in data safety, defense, and recovery in hybrid multi-cloud environments. Our approach encompasses comprehensive data protection, proactive data defense, and advanced ransomware protection, all unified within a single, comprehensive view. We go beyond conventional security measures, employing early warning technologies, including cyber deception, to pre-emptively secure data assets, thus thwarting potential threats before they materialize.
Our robust defenses spring into action in a breach, ensuring our customers' data's swift and resilient recovery. Additionally, we continue to expand our security ecosystem. By integrating cutting-edge technologies, we bolster our customers' data defenses, enabling them to withstand current threats and adapt to emerging challenges.
Our dedication to data security empowers businesses to thrive in the digital age. Commvault stands at the forefront of
the battle against cybercrime, committed to forging a future where businesses can navigate the digital realm with confidence and resilience.”
Sophos bolstering its Digital Defences in 2023 marking 20 Years of Cybersecurity Awareness
Sunil Sharma
Vice President, Sales, Sophos India & SAARC
“This year October marks the 20th annual Cybersecurity Awareness Month with governments and industries worldwide coming together to increase awareness for cybersecurity challenges and threats. The 2023 theme for Cybersecurity Awareness Month is 'Secure Our World' – emphasizing how individuals, families and small- to-medium-sized businesses can bolster cybersecurity through simple, but critical, measures. These include setting stronger passwords, activating multi-factor authentication, recognizing and reporting phishing attacks, and regularly updating software.
The digital transformation sweeping every facet of our lives is mirrored by an ever-evolving online threat landscape. The Sophos ‘The State of Ransomware report for 2023’ reveals that 73% of organizations in India that responded to our survey have reported being hit by ransomware in 2022.
Therefore, it is critical for all businesses to implement robust cybersecurity solutions capable of detecting and responding to threats in real-time. It is also incumbent on each and every individual, in their personal and professional capacities, to maintain constant vigilance and to take precautionary measures to safeguard our collective digital sphere against malicious actors. Together, we can secure our world.”
Cisco Developing Adaptability against Changing Cyberthreats
Samir Kumar Mishra
Director, Security Business, Cisco India & SAARC
‘‘As the digital world becomes a reality, the narrative for defenders worldwide has been rewritten. Security resilience has become paramount to navigate the interconnected world and counter the expanding threat landscape. While some progress has been made, not enough businesses are cybersecurity-ready to take on the challenges that our increasingly hybrid world has created. A Cisco study indicates that only 24% of organizations in India have the mature level of readiness needed to be resilient against today's modern cybersecurity risks.
At Cisco, we strongly believe that security is a collective responsibility. By leveraging our cutting-edge technologies, industry-leading expertise, and fostering collaborative partnerships, we drive innovation and construct resilient security architectures. Additionally, we empower individuals with the knowledge and skills to safeguard themselves and their organizations from cyber risks.
As we celebrate Cybersecurity Awareness Month, cybersecurity readiness and resilience must be a priority for all. To enable effective security in a world of evolving threats, it's vital to secure the people and devices that connect to the network. If a device is connected, it needs to be protected.
Ensuring that organizations adopt an integrated platform approach to secure identity, devices, network, applications, and data with a mix of point tools and integrated platforms will help businesses achieve security resilience while reducing complexity. Together, we can build a future where trust and security thrive, empowering individuals and organizations to embrace the limitless potential of the digital era."
Effective digital attack surface management begins with the right tool
Sharda Tickoo
Technical Director, India & SAARC, Trend Micro
“In this digital age where virtually every facet of our lives is online, cybersecurity and data privacy are central to any organization's operations. With the emergence of Generative AI and the increasing sophistication of cyberattacks, organizations face an ever-growing need to reinforce their data protection measures.
According to IBM Security’s Cost of a Data Breach Report the average cost of a data breach in India reached a record ₹17.9 crore in 2023, shooting up 28% since 2020. Concurrently, our own Mid-Year Cybersecurity Report 2023 also highlights how in the first half of 2023, sectors vital to the nation's economy, including Banking, Manufacturing, and Government, went on high alert, as they grappled with a growing wave of cyber challenges.
The current situation underscores the need for not only proactive cybersecurity strategies but also the reinforcement of our cybersecurity systems.
Effective digital attack surface management begins with the right tool: a unified cybersecurity platform that easily integrates with your current security setup and includes a wide range of third-party options. Above all, a shift towards a unified cybersecurity approach is the key.”
NTT Mastering Cybersecurity and Data Privacy in the Digital Age
Rishikesh Kamat
Senior Director - Products & Services, NTT Ltd. in India
“Cybersecurity and data privacy stand are important for every organization in today's digital age. The pervasiveness of cyber threats ranging from malicious malware to intricate phishing schemes, continually evolves, posing constant risks. These threats can lead to data breaches, financial losses, and reputational damage. Such consequences are not only financially burdensome but can erode customer trust, ultimately affecting an organization's bottom line.
Moreover, various industries are bound by stringent data protection regulations and compliance standards. Failing to meet these requirements can result in hefty fines and legal entanglements. In addition, data breaches and cyber incidents can disrupt business operations, leading to downtime, lost revenue, and recovery costs.
Looking at the cybersecurity scenario, it is evident that the threats are constantly evolving, and the security approach also needs to be fluidic in sync with the threats. We focus on secure by design application development, data encryption during storage and transit, identity and access management (IAM), AI-powered network security tools, and a host of other digital security solutions. NTT is also a prominent provider of fully managed detection and response services where you can leave the cybersecurity concerns to our experts, and focus only on business operations and growth. The solutions we have are customized to meet the needs of different user organizations, and we enable our customers to achieve compliance with all regulatory provisions in place such as the Data Protection and Privacy Bill that was recently introduced in India.”
Single agent architecture to ingest data is Imperative of Cybersecurity and Data Privacy
Jhilmil Kochar
Managing Director, CrowdStrike India
“The significance of cybersecurity and data privacy cannot be overstated for organisations in the digital world we live in. It’s critical to safeguard an organisation's most vital assets: its data and the sensitive information of its customers. Failing to protect data can lead to breaches resulting in severe consequences, such as eroding customer trust, having significant financial losses to tarnished reputation, productivity loss and legal or regulatory complications for impacted organisations.
At CrowdStrike, we believe cybersecurity has always been a data challenge, but finding the faint signal of adversary activity hidden in trillions of data points is a significant undertaking.
Solving this requires a powerful cloud-native data platform to handle massive volumes of data and single agent architecture to ingest data into the platform. It requires AI and ML built in to speed detections, quickly surface hidden threats and drive automation to simplify complex tasks. That is how we engineered and why we built the Falcon platform from the ground up.
In terms of data privacy and protection, we recently launched CrowdStrike Falcon Data Protection to consolidate data protection with a unified agent and console. It solves the challenges that organisations have in terms of managing multiple endpoint agents, poor visibility into data flows, lacking a clear understanding of where sensitive information is stored.
Falcon Data Protection classifies file data using a combination of techniques including inspection and classification, inference and integrations with third-party labels. When data leaves the endpoint, it can be tracked or blocked depending on where it came from, what it contains and the policy in place.”
Understanding the Changing Cybersecurity and Data Privacy Environment securing digital future
Subhalakshmi Ganapathy
IT security evangelist, ManageEngine
“In today's digital landscape, cybersecurity and data privacy are the bedrock of organizational resilience, fostering operational continuity, cultivating customer trust, upholding legal compliance, and safeguarding ethical integrity. The aftermath of the recent surge in technological and cloud adoption catalyzed by the pandemichas unequivocally underscored that robust security is of paramount importance. Organizations have experienced first-hand the dire consequences of insufficient safeguards. The escalating costs associated with data breaches, the spectre of highly sophisticated attacks aimed at disrupting business continuity, and data exfiltration that ends with sensitive data leaking onto the dark web—all of these loom as formidable threats that organizations now grapple with.
The ramifications of data breaches have reached unprecedented levels. According to data disclosed by India's Minister of State for Electronics and IT, 36 websites belonging to ministries and departments across central and state governments experienced hacking incidents. Furthermore, the first half of 2023 witnessed over 4.29 lakh cybersecurity incidents specifically targeting financial institutions.
The cybersecurity landscape is undergoing a radical transformation. Advanced persistent threats have emerged, allowing adversaries to infiltrate networks undetected for extended periods. Additionally, the rise of fileless malware, which is nearly impossible to detect, presents a new challenge. The evolution of data breaches is further complicated by the emergence of Ransomware-as-a-Service and Cybercrime-as-a-Service models, eliminating many entry-level barriers for attackers.
For two decades, ManageEngine has been the stalwart in the IT management industry, continually adapting to market demands. We pride ourselves on our foresight, predicting market evolution and addressing our customer's challenges with solutions that are not just simple but profoundly effective. Our cybersecurity portfolio is a testament to our commitment, encompassing a comprehensive range of offerings.”
Vinod V Jayaprakash
Consulting Cybersecurity Leader, EY GDS
Navigating the Transformative Digital Landscape through Cybersecurity and Privacy
“In the past two decades, the digital landscape has witnessed major shifts that have reshaped the way we live and work. The proliferation of smartphones and mobile technology, and the widespread adoption of cloud computing have enabled widespread connectivity and democratized access to powerful computing resources, data storage, and software applications, respectively. This has transformed how organizations manage their IT infrastructure, leading to better scalability, flexibility, and cost efficiency. However, it has also exposed an organization’s most valuable assets – data – to new attack vectors.
Cybersecurity has become very critical as it safeguards all types of sensitive data from theft and loss, including data related to personally identifiable information, intellectual property, personal information, and government and business information systems.
Cybersecurity and privacy are the key business enablers to achieve growth through protection of their biggest asset: their customers’ trust and brand value. With ever-increasing global laws and regulations, organizations have a legal and moral obligation to act swiftly and responsibly to avoid financial losses via penalties and customer liabilities. This has additionally enhanced the importance of having top security professionals for managing all forms of security systems. Importantly, this includes cyber professionals with the ability to work with real-time data to secure information systems and user identities, and ensuring proper management of cloud services, especially those containing sensitive customer data.
Securing your organization provides the confidence to lead transformational change, innovate at speed and build a better working world for stakeholders. Organizations are relying on trusted partners like EY to help them navigate the digital and cloud shifts. By working closely with CXOs, we create a robust strategy and security roadmaps.
One of the biggest challenges faced by organizations is the shortage of skilled security workforce who can deploy strategy into action. This is an area where EY has stepped up significantly. Apart from providing advisory, consulting, and global delivery services across cyber, risk and compliance areas, EY also provides comprehensive training programs to equip their security workforce to effectively use cyber tools and technologies to continuously monitor and safeguard their organization controls.”
Mohammad Wasim
Group VP Technology, Publicis Sapient
Safeguarding the Digital Future is Imperative of Cybersecurity and Data Privacy
“The widespread adoption of digital transformation has exponentially increased the adoption of cloud technologies, generating huge volumes of data at a very high velocity that underpin every facet of business operations and drive insightful decision-making. The infrastructure and data holding critical information has elevated the need for cybersecurity and data privacy from mere checkboxes to integral components that define an organization's existence, trustworthiness, and stability.
The interconnected digital ecosystems have significantly expanded the attack surface, necessitating a robust defence. Artificial intelligence (AI) plays a critical role by enabling automatic threat, swiftly identifying, and neutralizing it.
In today's hybrid multi-cloud environment, security professionals are dealing with an abundance of data captured from various sources which necessary to mention, is highly complex. AI-driven security analytics processes vast volumes of security data, providing real-time insights and patterns that people would have not experienced or thought to look out for. Predictive analytics further enable organizations to stay one step ahead of potential threats, making their security posture far more robust.
At Publicis Sapient, we understand the critical importance of safeguarding data, not only for our clients but also for the industry as a whole.
Our strategy starts with very basic being awareness to keep a vigilant eye on data at rest, in transit or even while processing and transfer, ensuring that data remains secure at every stage and on every building block of IT infrastructure. We understand the profound effect that data breaches and theft can have on not only our clients but also the industry at large. The repercussions extend beyond financial loss and encompass customer trust, organizational competitiveness, and innovation. Therefore, having a robust and comprehensive security policy is paramount.
We place a high premium on protecting trade secrets and intellectual properties, recognizing these as vital assets for our clients. We place great emphasis on adhering to governance and compliance processes, both those set forth by our clients and our internal standards. Automation and robust processes ensure that our architectures and assets undergo rigorous checks and balances. This approach provides a 360-degree view of security.”
Srividya Kannan
Founder & CEO, Avaali Solutions
Cybersecurity, Data Privacy playing vital role in safeguarding digital assets
“The cybersecurity and data privacy aren't confined to internal practices alone - they also extend to third-party collaborations. Organisations must assess and manage the cybersecurity and encryption practices of their partners to prevent vulnerabilities within their supply chains.
This digital journey revolves around leveraging data for informed decision-making and optimising operations, thereby necessitating the assurance of its accuracy, integrity, and security. Cybersecurity measures become instrumental in ensuring operational continuity and guarding against potential disruptions caused by cyberattacks.
Therefore, the vital role of cybersecurity and data privacy in safeguarding digital assets, ensuring compliance, and building trust with customers and partners cannot be overstated. These principles are no longer separate considerations but core components of a successful business strategy, guiding organisations toward a future where data-driven innovation and secure digital ecosystems co-exist harmoniously.
Data breaches can disrupt the normal flow of business processes, including order fulfillment, customer service, and internal operations. This disruption can lead to supply chain inefficiencies, increased downtimes, operational delays, and drops in productivity.
These incidents often require extensive forensic investigations, system repairs, and enhanced security measures. The consequent business interruptions can be expensive and negatively influence an organisation's ability to deliver products and services to customers.
As businesses adopt a digital-first approach, these ramifications take on a heightened significance. Digital transformation involves the increased reliance on data for decision-making, the integration of new technologies, and an expanded online presence. In such a scenario, data breaches can disrupt ongoing business initiatives, along with an organisation's overall digital strategy.
Thus, as the digital landscape continues to evolve and organisations expand and optimise their operations, they must prioritize cybersecurity and data privacy to protect their operations, customer trust, and digital ecosystem. Proactive security measures, responsible process automation and incident response planning become fundamental to today's interconnected and data-driven business environment.”
Kartik Shahani
Country Manager, Tenable India
Tenable One Protecting Data in a Threat-Prone World
“Privacy cannot exist without a solid foundation of security. Unfortunately, the daily news is rife with stories of organisations falling prey to cybercrime, resulting in the compromise of substantial volumes of data. This regrettable trend highlights the fact that many still struggle to secure their data effectively. The underlying issue is that threat actors are well aware of the financial gain they can achieve by targeting valuable data, often operating with minimal concern about being apprehended or facing consequences.
Tenable is helping organisations in India and across the world take a preventative approach to cybersecurity with our Exposure Management platform Tenable One. What it does is bring together technologies like vulnerability management, web application security, cloud security, identity security, attack path analysis and external attack surface management under one platform to help organisations understand the full breadth and depth of its exposures and take necessary actions needed to reduce them through prioritised remediation and incident response workflows.
Cyber adversaries look for the right combination of vulnerabilities, misconfigurations and identities that can help them easily perpetrate breaches. Looking only at software vulnerabilities alone doesn’t give organisations a complete picture of the cyber risk. They need to see all software vulnerabilities, misconfigurations, understand who is using what systems and what level of access they have and how it impacts business-critical assets, regardless of whether it’s happening on a laptop, a container, or a web application.”
Bijo Chacko
Vice President & Head of Cloud & Infrastructure Delivery, Visionet
Empowering Individuals for a Secure Digital World
“As we celebrate Cyber Security Awareness Month 2023 with the theme 'Cyber Safety Starts With YOU,' we aim to draw focus towards the immense power of individuals in the realm of digital security. In this era of interconnectivity, our online choices shape our personal cybersecurity and have a ripple effect across the digital network, impacting the collective safety of the online world. At Visionet, we believe that every click, every password, and every vigilant moment matters. Empowerment starts with awareness. Simple cybersecurity practices like strong password management, cautious email handling, keeping the personal and official devices up-to-date and responsible online behaviour have a profound impact. They not only protect our data but also fortify the digital defences of organisations and society. An individual's commitment to cyber safety resonates across the digital landscape. Actions in maintaining cyber hygiene, reporting suspicious activities, and staying informed about evolving threats form the foundation of a secure online world. This year’s theme, 'Cyber Safety Starts With YOU' is more than a theme; it's a call to action. It reminds everyone that each person is a catalyst for change in the cybersecurity realm. As society navigates the digital age, let these actions light the path for others toward a more secure and resilient cyberspace. This October, people should unite to protect, educate, and empower. Together, they will make a lasting impact.”
Shailendra Shyam Sahasrabudhe
Country Manager, India, UAE and South East Asia, Cymulate
Cymulate driving Threats, Data Privacy, and Risk Management
“The operations, revenue generation, and customer/client trust that a business wishes to maintain are all bound in the data that is generated, processed, and analyzed by the business. Control of that data is a paramount requirement to control the business. Data privacy issues influence everything from maintaining control of intellectual property to ensuring that the organization does not face regulatory fines and other penalties.
Threat activity is a business, and business is booming. So long as these criminal individuals and organizations can continue to generate revenue for themselves and their stakeholders; breaches will continue to become more frequent, have deeper impact, and be more visible to concerns outside the victim organization. As these threat actors and groups ramp up their operations, the corresponding impact to individual victim organization and industry sectors as a whole will continue to get more severe. This will translate into more frequent attacks, more successful attacks, and higher ransoms demanded when an attack succeeds.
Cymulate continues to innovate in Exposure Management and Security Validation to aid companies of all sizes and in all industries in their quest to better defend their organizations. With Attack Surface Management (ASM), Breach and Attack Simulation (BAS), Continuous Automated Red-Teaming (CART), and Exposure Analytics (EA), Cymulate customers are able to better define the strengths and weaknesses of their environments, prioritize defense activities like remediation and patching, and inform businesS stakeholders on the critical business issues of exposure to risk.”
Varun Babbar
MD India and SAARC, Qlik
Qlik Empowering Data-Driven Innovation
“Cybersecurity and data privacy are always serious issues. At Qlik, we recognize the urgency of addressing these concerns. Qlik's strategy is firm on building enterprise-scale large language models (LLMs) based on an organization's proprietary data. This approach ensures the dual goals of data privacy and security while leveraging the transformative power of generative AI.
Qlik harnesses data from diverse sources, elevating its quality and establishing a secure and cutting-edge data fabric. It empowers organizations, whether corporate or government, to unlock the full potential of their data, ensuring paramount governance and security.
Data serves as the core of artificial intelligence, and we ensure that data is of a good quality with the right privacy. Beyond that, we strongly emphasize data governance and responsible data utilization, safeguarding sensitive information. This holistic approach protects against rising cyber threats and data privacy breaches. We enable organizations to harness the vast potential of data analytics effectively.
In an environment marked by evolving regulations, we remain vigilant. We constantly monitor the legal landscape, considering how it may impact our business and customers. Our privacy program, meticulously crafted to align with the stringent requirements of GDPR, sets the bar for data security. Within Qlik Cloud, we offer customers the means to meet their compliance needs. This spans control over content storage, data access permissions, retention policies, and utilizing our customer-managed key feature. With this unique feature, customers hold the encryption keys to their data, adding an extra layer of security.
We pave the way for organizations to navigate the complex data landscape, enabling them to stay at the forefront of data-driven innovation and make informed and strategic decisions.”
Satya Machiraju
Vice President IT & Information Security, Whatfix
Whatfix Transforming Cybersecurity for Enhanced Threat Detection and Data Protection
“In today's digital landscape, cyber threats loom large, demanding advanced security measures. The Indian Computer Emergency Response Team reported a 53% rise in Ransomware incidents in India, highlighting the urgency for robust security solutions.
Artificial Intelligence (AI) and Machine Learning (ML) play a pivotal role by enhancing human capabilities, automating security protocols, and enabling real-time threat detection. Their strength lies in scrutinizing vast datasets, uncovering patterns, and identifying anomalies often missed by humans. AI/ML facilitate the Cybersecurity team to crunch large quantities of data derived from network traffic, system logs, user actions and any other critical events within an organization ecosystem seamlessly and swiftly detect suspicious activities. AI can also be used to streamline incident response by implementing appropriate mitigations quickly for non critical incidents. This enables the SOC teams to focus on more critical threats, reducing response times and minimizing impact. Additionally, AI is being used to strengthen authentication and access control with advanced techniques like biometrics and behavioral analytics.
Addressing ethical and privacy considerations is imperative. Recognizing and mitigating biases in AI algorithms ensures fair and responsible use. Data privacy and protection must be upheld through responsible AI governance.
Leveraging AI and ML in cybersecurity is crucial for safeguarding data in the digital age, enhancing threat detection, automating security, and improving incident response. A comprehensive security strategy enables organizations to stay ahead of cyber threats and protect valuable data. At Whatfix, customer security is paramount, employing best-in-class technologies and processes to uphold data security and regulatory compliance.”
Venkatesh Sundar, Founder and President, Americas, Indusface
Protecting Information in a Changing Digital Environment
“The first and foremost consideration is that the data belongs to someone else and they have only given us permission to store it in exchange for a product or service. They will feel cheated if that data gets into the DarkWeb.
That said, since many organizations haven’t taken the necessary data protection initiatives, countries and industry bodies have started enacting laws such as The Digital Data Protection Bill in India, GDPR in the EU and The California Consumer Privacy Act in the US.
The frequency and complexity of attacks is increasing as technology is evolving at a rapid pace.
For example, with cheap bandwidth, it is very easy to launch DDoS attacks and use that as a cloak to launch advanced bots to probe system and application vulnerabilities to exfiltrate data. Previously these bots had to be written by coding experts, now writing this code is easy with LLM models such as ChatGPT.
Similar to a house with multiple locks to protect from theft, every organisation’s security stack should include multiple methods to protect data. A non-comprehensive list includes:
1. Secure coding practices
2. Strong authentication and authorisation practices
3. Regular security reviews and penetration testing
4. A perimeter security solution such as a WAAP/WAF
5. Regular training for employees on cybersecurity and application security”
Joy Sekhri
Vice President Cyber & Intelligence Solutions, South Asia, Mastercard
Mastercard protecting Trust in the Digital Landscape
“Cybersecurity and data privacy are of paramount importance for every organization in today's digital landscape. Protecting sensitive information, both customer and internal, is not just a legal requirement but a fundamental trust-building measure. Data breaches and cyberattacks can result in severe financial losses, damage to reputation, and legal consequences. Moreover, safeguarding data is crucial to maintain the trust of customers and business partners. Ensuring robust cybersecurity measures not only guards against data breaches but also preserves the integrity and confidentiality of an organization's operations.
In FY23, the total amount of fraud in the digital payment category was INR 276 crore in India. Investing now can save millions. Encryption, multi-factor authentication, frequent security audits, and extensive employee training programmes to raise cybersecurity awareness are essential for preventing data breaches. Working together with cybersecurity specialists, remaining up to date on new threats, and following industry best practices are also crucial. 51% of organizations are planning to increase security investments as a result of a breach, including incident response (IR) planning and testing, employee training, and threat detection and response tools, according to IBM study.
Mastercard recognizes the significant and growing impact of data breaches on corporations, both in terms of financial losses and reputational damage. We place a strong emphasis on cybersecurity and data protection as a core part of the business strategy. Through our products such as Ethoca, Ekata and RiskRecon, we have taken a significant step towards addressing any security breaches swiftly and effectively to make the business ecosystem safer. Our holistic approach reflects a steadfast commitment to cybersecurity, ensuring safety and trust of customers in an ever-evolving digital landscape.”
Chetan Jain
Founding Executive Director, and Managing Director, Inspira Enterprise
Inspira's Comprehensive Approach to Protecting Digital Assets and Privacy
“Cybersecurity and data privacy plays a key role in helping organizations safeguard their digital assets, comply with regulations, maintain customers’ trust, ensure business continuity, and succeed in today’s digitally interconnected world.
With the unprecedented expansion and complexities of the digital landscape and the threat surface, corporations are concerned about the potential risks they can face in the event of data breaches. Risks include operational disruption, penalties, and reputational damage among others impacting an organization’s revenue pipeline. Ransomware through phishing, business email compromise, DDoS attacks, Zero-day exploits, IoT-based attacks, and Insider threats are prevalent in organizations.
With data breaches becoming frequent and leading to severe consequences, organizations should invest in advanced solutions such as AI and Machine Learning in addressing them. Automation models should be adopted to design cyber resilience so as to address cyber threats. Preventive measures such as a practical cloud governance framework are essential to keep these threats at bay. Third-party supplier risk management practices should be implemented. Employees should also be trained in security best practices. More importantly, corporations should commit to continuous improvement by applying adaptive and agile security models and processes.
Inspira is a trailblazer in the cybersecurity services domain. We provide end-to-end cybersecurity services, from device and perimeter security to sophisticated incident monitoring, threat management, and remediation. Our strategic partnerships with leading security product manufacturers allow us to offer best in class solutions to our clients at affordable pricing, making cybersecurity accessible to organizations of all sizes.
We provide educational, consultative and advisory services to organizations guiding them in the development implement and manage robust data privacy policies. We also outline strategic roadmaps for their data privacy efforts. Our team of security experts is dedicated to ensuring out customers attain comprehensive data governance and compliance. We also work with organizations to align their IT strategy with their core data privacy principles.”
Anil Nama
CIO, CtrlS Datacenters
CtrlS Datacenters Protecting Data Integrity and Business Continuity
"As modern technologies and new attack vectors are introduced, the global threat landscape is rapidly changing. As data becomes the lifeline of our society, businesses must commit to robust cybersecurity measures, encryption, and constant vigilance. They should prioritize cultivating a culture of security and exclusively collaborate with technology providers and invest in threat intelligence programs to constantly assess the level of risk involved.
As a datacenter company, safe and reliable data is a cornerstone of our organization's infrastructure. CtrlS Datacenters ensures a well-protected and uninterrupted flow of business operations, instilling confidence in its users. Our intrusion mechanisms help anticipate, manage, and repel network attacks, encompassing a wide range of threats such as DDoS attacks, port scans, and backdoor intrusions. CtrlS NextGen SOC ensures tracing the origins of attacks, providing real-time insights into the sources of threats, prioritizing security, enabling business continuity, and deploying collaboration tools effectively."
Jaganath Ram Shankar, Head - Cloud & Cybersecurity, Marlabs Inc
The Imperative of Data Security in an Era of Innovation
“In the era of data-driven innovation, safeguarding information has shifted from being optional to an absolute imperative. Our digital landscape offers unparalleled opportunities but simultaneously exposes us to unprecedented vulnerabilities. Data security is not an afterthought; it's the cornerstone upon which our entire digital ecosystem is built. Effective data security measures are essential to protect digital information from unauthorized access, corruption, or theft at every stage of its existence. This encompasses a wide array of practices, from securing physical hardware and storage devices to implementing stringent administrative controls, managing access, encrypting data in transit and at rest, fortifying applications, and adhering to organizational policies.
As our digital environment constantly evolves, our defenses must adapt to emerging threats. Additionally, the global nature of digital transformation mandates compliance with data protection regulations such as GDPR and CCPA. The repercussions of non-compliance are substantial. The foundation of data security rests on knowledge, adaptability, and collective commitment. Fostering a resilient culture is paramount. Every individual must comprehend their role in fortifying our digital defenses. By staying proactive and well-informed, we strengthen our digital foundations, preserving the trust that underpins our interconnected world.”
Aveekshith Bushan, Vice president of the APAC region, Aerospike
The Need for Data Security in an Innovative Age
"Cyber Security Awareness Month serves as a stark reminder of the ever-escalating challenges of detecting fraud in real-time. In essence, the ability to do so requires analysis of vast, diverse data forms, encompassing transaction data, user profiles, device details, geolocation, and behavioral insights. This data, whether structured or unstructured, requires meticulous examination over spans ranging from days to months to unveil anomalies very atypical of genuine transactions. It's the convergence of this data in real-time machine learning models that gauges transaction validity. As the clock ticks, detection unfolds in milliseconds, requiring powerful, multi-model real-time databases to thwart financial fraud quickly. At Aerospike, speed, availability, response times and flexibility are our key tenets in this evolving, complex battle, where every moment counts to outsmart the sophisticated tactics of fraudsters amid technological advancements."
Jehan Jeyaretnam. Director, Head of Compliance Services, Acuity Knowledge Partners
The Imperative of Cybersecurity for Sensitive Data Protection and Client Trust
“In today’s digitally driven world, the financial industry is a prime target for cyber threats. The importance of cybersecurity in this sector cannot be emphasized enough, as it plays a critical role in protecting sensitive financial data, client trust, and the overall stability of the industry. The financial sector holds a vast amount of confidential information, from customer financial records to transaction data. Cybercriminals are aware of the potential rewards, and they constantly adapt their tactics to exploit vulnerabilities. A security breach can result in more than just financial losses; it can erode trust, damage reputations, and expose institutions to regulatory penalties. To tackle these pressing challenges, financial organizations must prioritize cybersecurity and invest in robust defences. Regulatory bodies around the world have set stringent requirements to safeguard sensitive data. Compliance is not just a legal obligation; it is a fundamental step toward protection against cyber threats. However, cybersecurity goes beyond mere compliance. It demands a proactive approach that keeps up with evolving threats. To stay ahead, institutions should adopt cutting-edge technologies, strong encryption, and real-time threat detection. Training employees is equally essential because human error remains a leading cause of breaches. In conclusion, cybersecurity is an indispensable investment for the financial sector. It is not a one-time effort but an ongoing commitment that requires vigilance, compliance, and a forward-thinking approach. In a digital era where cyber threats continually evolve, safeguarding financial data and client trust is paramount. Cybersecurity is the foundation upon which financial institutions secure their future.”
Nandish Madhu, Director - Product Development - Cloud Engineering and Operations, Intuit
Fundamentals of Data Security in the Digital Age
“Data security is a critical concern for individuals and organizations in the digital age. While there are advanced processes and tools available to protect our data, it is essential to focus on the foundational aspects of data security. One of the most important foundational aspects of data security is education. Educating employees and individuals on best practices for online security can help prevent cyber-attacks. This includes avoiding suspicious emails or links, using secure networks, and regularly updating passwords.
Another crucial aspect of data security is encryption and access controls. Encryption involves converting data into a code that can only be deciphered with a specific key or password. Access controls limit access to sensitive data only to authorized individuals and ensure that proper authentication measures are in place to prevent unauthorized access. Regularly updating software and systems is also crucial for maintaining data security. This helps to ensure that any vulnerabilities or weaknesses in the system are addressed promptly, reducing the risk of cyber-attacks. This is especially crucial in an era where customer expectations regarding the protection of their personal data are high. This shift represents a fundamental change in the product development lifecycle, with constraints integrated into the design process from the outset and a strong emphasis on accountability for responsible data sharing practices ingrained in the company’s culture.
Intuit is strongly committed to data stewardship, security and responsible AI and governance. Intuit works to safeguard customer data and protects privacy using industry-leading technology and practices, and adheres to AI Principles, which guide how the company operates and scales its AI-driven expert platform responsibly, with its customers’ best interests in mind. This includes our principles of: Powering Prosperity, Enhancing Human Talent, Fairness, Accountability, Transparency, and Privacy and Security.
Overall, a comprehensive approach that includes education, encryption and access controls, and regular updates can help individuals and organizations protect their data from cyber threats. By focusing on these foundational aspects of data security, we can ensure that our sensitive information remains secure in the digital age.”
Sanjeeb Patel, Director Software Engineering, Sabre
Enhancing Cybersecurity in the Travel and Tourism Industry for a Digital Future
“The travel and tourism industry faces a growing threat from cyberattacks due to the extensive personal data it handles. The COVID-19 pandemic led to a surge in cyberattacks, highlighting the sector's vulnerability. Cyberattacks can disrupt operations, causing financial losses and inconveniences. Vulnerabilities in mobile travel apps and high-profile cyberattacks have been frequent. It is of utmost importance to establish strong cybersecurity measures to safeguard data, uphold trust, guarantee uninterrupted business operations, and comply with regulations. Embracing the latest trends and best practices, such as zero-trust security, AI-driven solutions, biometric authentication, blockchain technology, and continuous monitoring, can enhance security. Multifactor authentication and staying informed with threat intelligence are also key. Prioritizing proactive measures and industry-specific standards is essential to safeguard customer data, maintain trust, and minimize losses. In an era where trust is currency and data is gold, safeguarding the travel industry's digital future requires not just compliance but innovation in cybersecurity”.
Minatee Mishra, Director, Product Security - Security Center of Excellence, Philips Innovation Campus
A Collaborative Approach to Securing India's Digital Healthcare Ecosystem
“In today's healthcare landscape, robust cybersecurity practices are imperative. Defending our systems and data remains vital, but a proactive strategy to ensure a secure Healthcare ecosystem is equally essential. This involves having all parties in the Healthcare ecosystem having a minimum-security baseline and having clear communication channels. Among other things this primarily includes staff readiness, strategic partnerships, information sharing and a well-tested response plan. The healthcare sector is a prime target for cybercriminals due to sensitive data and evolving threats. At Philips, we embed security throughout our product development lifecycle and believe that collaborative efforts among healthcare organizations, manufacturers, infrastructure providers, and government bodies are crucial for a safer, digitally transformed healthcare landscape in India.”
Kokil Vira, Director of Solution Engineering, VMware India
VMware's Commitment to Robust Cloud Security in a Dynamic Landscape
“India's progressive economic growth, fueled by initiatives such as Make in India and Digital India, is rapidly shaping the nation's digital landscape. However, this digital transformation also brings heightened cybersecurity concerns. At VMware, we recognize that cybersecurity is an inherent necessity in safeguarding critical assets. Whether a large enterprise or a small and medium-sized business, every organization must prioritize cloud security as a cornerstone of comprehensive cybersecurity. The relentless targeting of small and medium-sized enterprises by cyber threats underscores the urgency of a strong cybersecurity framework. Such a framework not only ensures compliance but also cultivates trust among employees, partners, and consumers. In the dynamic digital landscape of India, VMware remains committed to providing cutting-edge solutions that empower organizations to thrive securely in the face of evolving cyber challenges.”
Shrikant Shitole, CEO, iValue InfoSolutions
iValue InfoSolutions' Expertise in Cybersecurity and Data Privacy
“In the modern tapestry of our digital epoch, we find ourselves amidst an unprecedented deluge of information, aptly termed the 'data explosion.' This is not just a mere influx of data points but an intricately woven matrix of interconnected bytes that breathe life into the myriad technologies we engage with daily.
With the data explosion, digital transformation, and the prevalence of personal & private data, the importance of cybersecurity and data privacy for any organization is paramount. Data privacy is crucial not only to safeguard sensitive information from potential threats but also to maintain trust with stakeholders, ensure regulatory compliance, and uphold an organization's reputation. These facets are essential for contemporary business processes for a multitude of compelling reasons.
Moreover, organizations must adhere to continually evolving legal and regulatory norms in the digital realm. A notable example is the Digital India Act, introduced as a significant update to the IT Act. This legislation works in tandem with other pivotal regulations such as the Digital Personal Data Protection Act, National Data Governance Policy, and the Indian Penal Code. Together, they establish a robust cybersecurity framework capable of remaining relevant as new technologies emerge.
iValue InfoSolutions has been recognized for its wide range of technology solutions, with consulting services forming a pivotal component of its offerings. These services are integral in guiding organizations towards optimal cybersecurity and digital transformation strategies.
We undertake meticulous evaluations of an entity's cybersecurity stance, pinpointing vulnerabilities and latent threats. Recommendations then flow from these insights, often leveraging the most sophisticated cybersecurity tools available in the market.
iValue, through its diverse solutions and consulting expertise, provides organizations with a holistic approach to risk management, addressing potential vulnerabilities from multiple angles, solutions stack and ensuring a fortified IT environment.”
Anant Deshpande, DigiCert Regional Vice President, India & ASEAN
Fostering Digital Trust and Security in India is Digicert's Commitment
“In an era defined by digital transformation, India stands at the cusp of unprecedented technological growth. The proliferation of the internet has brought immense opportunities and conveniences, but it has also ushered in an era of heightened cyber threats. At Digicert, we recognize the imperative for increased awareness surrounding internet security in India. The threat landscape in India is evolving at an alarming rate. With the rapid digitization of services, businesses, and personal data, cybercriminals are becoming increasingly sophisticated. Phishing attacks, ransomware, data breaches, and other malicious activities are on the rise. India has witnessed a surge in cybercrimes, affecting individuals, organizations, and even government bodies.
It is crucial for all stakeholders to acknowledge the gravity of this situation and take proactive measures. Awareness is the first line of defense. By educating individuals and organizations about the importance of internet security, we can mitigate the risks and build a resilient digital ecosystem. This includes implementing robust encryption, strong authentication measures, and keeping software and systems up to date.
Digicert is committed to advancing internet security in India. The underpinning of Digital Security is Digital Trust. From securing online communications, to keeping software safe, to safeguarding connected devices ,to certifying the security of digital documents, Digicert provides cutting-edge solutions across the trust lifecycle, including SSL certificates that are invaluable to establishing Digital Trust, and thereby Digital Privacy. However, our mission goes beyond technology. We actively promote awareness, empowering Indians to make informed choices and safeguard their digital lives.
In this interconnected world, collective vigilance is paramount. Together, we can navigate the complex threat landscape and create a safer, more secure digital environment for India's future.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
