With growing digital transformation, enterprises across sectors are grappling with complex cyber threats. From banking and financial services to manufacturing, the need for a robust and adaptive approach to cybersecurity has never been greater. At the ETCISO Annual Conclave 2024, CISOs shed light on building effective cybersecurity strategies to tackle these challenges.

Challenges and synergies in cybersecurity

Girish Dixit, CISO of Kotak Securities, emphasized the need for a unified approach in cybersecurity strategy. “Cybersecurity challenges are sector-agnostic. Defining the strategy is important. A CISO is responsible for various factors but each function operates in silos. We need to synergize,” he noted. Dixit advocated for a shift from traditional methods toward a “fusion approach” where data from different vectors is collated, and feedback loops are created to ensure continuous improvement.

Vinod Gopinathan, CIO of Ashok Leyland, highlighted the critical issue of underinvestment in cybersecurity. “Investments in cybersecurity are bigger challenges. They are not adequate to protect the environment. There are a number of tools available. Skill gap is huge,” he remarked. Gopinathan also pointed out the challenge of leveraging tools to their full potential, emphasizing the pressing need for skilled professionals in the industry.

Building a proactive security strategy

Amol Desai, VP & DPO at SBI Life Insurance, stressed the importance of shifting from a reactive to a proactive security posture. “When we have ample tools and tech, human intervention and contextuality to deliver what we intend to is missing. Those controls need to be built,” said Desai. He emphasized the necessity of a data-centric vision and the need for human oversight to ensure the strategy aligns with organizational goals.

Sudhakar Bhagavatula, CIO at Royal Enfield, echoed these sentiments, focusing on the human element. “We do multiple things to protect, but the human is the weakest link. Awareness needs to be continuous and constant,” he stated, underscoring the need for regular training and awareness across the organization.

Aligning cybersecurity with business strategy

Atul Agarwal, Regional Vice-President and Country Manager of Okta India, emphasized that CISOs must also focus on user experience, ensuring security doesn’t hinder operations but enhances them. “CISOs are custodians of experience. Look for solutions that elevate experience, not just place guardrails,” he said.

Finally, Gopinathan urged businesses to begin with aligning cybersecurity with their broader business strategy, ensuring that risks are assessed regularly. “Start with alignment with the business strategy. Organization has to assess the current state of risk,” he concluded.