India’s top CISOs unpack the state of the threat landscape – ET CISO
https://etimg.etb2bimg.com/thumb/msid-113519477,imgsize-150330,width-1200,height=765,overlay-etciso/ciso-strategies/indias-top-cisos-unpack-the-state-of-the-threat-landscape.jpg
With the current threat landscape, cloud risk has emerged as a significant challenge, often bringing compliance issues to the forefront. Organizations are under pressure to manage these risks while navigating an increasingly complex digital environment. CISOs discuss the strategies around it at the ETCISO Annual Conclave 2024, held in Vizag.
Kalpesh Doshi, CISO & DPO at HDFC Life, highlights the urgency of the situation: “There is a digital rush, and it is a question of survival. Challenges are common. The hygiene doesn’t change. Attack surface increases.” According to Doshi, the solution lies in simplifying security practices and strengthening cloud security posture. “Simplify and ensure you have a robust cloud security posture. Have visibility, observability, and monitoring. Use AI to make sense of the data for decision-making.”
The convergence of IT and OT further complicates the threat landscape, expanding the attack surface. Anindya Sundar Ghosh, CISO at Vedanta & Hindustan Zinc, acknowledges this challenge, stating, “The next revolution—digital adoption, convergence—is in manufacturing and OT. The manufacturing unit and IT were air-gapped; convergence points to the adoption of cloud, AI, IoT. These are risk introducers.” Ghosh emphasizes that while cyber risks need mitigation, operational safety and efficiency cannot be compromised.
He calls for greater collaboration in threat intelligence: “More cyber threat intel sharing has to happen. Governments should share strategic threat intel so we are better prepared to tackle cyber threats.”
With the high cost of data breaches and reputational risks at stake, organizations need to enhance their security posture. Hilal Ahmad Lone, CISO at Razorpay, points out that identity access management is often the most targeted area. “With zero trust, we are getting better at it.”
Doshi adds, “We need to evolve as security teams. It should be active risk management. With businesses becoming dynamic, define metrics and thresholds. There is no silver bullet—tools will do a part of it; the rest has to be managed by organizations themselves.”
The CISOs highlight the complex balancing act organizations must perform—securing their digital assets while fostering growth and innovation in the current threat landscape.