Business leaders recognised AI-powered security solutions analyse millions of threat incidences : Jyoti Prakash, Splunk

Cybersecurity policy ensures that operations and security are working in tandem to limit the possibility of a cyber-attack, and that if an attack does occur, the IT team, operations, and business executives know exactly what steps to take to limit damage. However, this can vary depending on the organisation. It can take various shapes or forms depending on the type of organisation, the nature of the business, the operational model, the scale, and so on.

The data platform company, Splunk recently released its State of Security Report 2022, which highlights an increase in cyberattacks while talent remains scarce. The report investigates the security issues that businesses face around the world. The survey included over 1,200 security leaders from around the world, including some from India.

In this interview,  Jyoti Prakash, Regional Sales Director, India & SAARC Countries, tells us more. Excerpts: 

DQ: Is it important to have a cybersecurity policy in place? How are organisations tackling security challenges with automation and analytics?

JP: Cybercrime is on the rise, where India reported over 6.07 lakh cyber security incidents during the first half of 2021, and they are showing no signs of slowing down.  In today’s fast-paced digital hybrid environment, now more than ever, businesses need to continue implementing a holistic security framework to identify, protect, detect, respond and recover from cybersecurity threats. In India,  AI-based security and customised solutions have become a priority. Business leaders have recognised that AI-powered security solutions are able to help analyse millions of threat incidences efficiently and act upon them proactively.

AI plays a crucial role in cybersecurity automation andallows companies to detect cybersecurity threats across a broad range of elements in the IT network including emails, sites, third-party applications, shared files, and more.

We act as the nerve centre for security operations and can bring in data from any system and monitor all your systems and operations in real-time. It offers a full Security Operations Suite addressing the entire security lifecycle, from threat investigation to monitoring, analysis and orchestration functions. By ingesting both machine data and any type of structured data, anomalous behaviours can easily be detected by identifying correlations between associated data points.

The platform is used extensively for security, especially with organisations modernising their Security Operations Centre (SOC). Splunk is able to cover a broad spectrum of security use cases- from advanced threat detection to orchestration, automation, and response- and provides a platform of security products that allow a firm to conduct a wide range of security activities. Our products like Enterprise Security and Phantom are some of Splunk products that come armed with hundreds of predefined scenarios that allow a firm to rapidly deploy its SOC and become effective very quickly.

A great example has been Expo 2020 Dubai. Providing security to an event of this magnitude and duration was no easy task. The Expo team was responsible for securing the diverse, dynamic and fast-evolving technology ecosystem capable of supporting hundreds of participants and millions of visitors, including VIPs from around the globe.

To tackle these challenges, Splunk provided Expo 2020 a security platform that could scale quickly, manage operational security for hundreds of different data sources and technology solutions, and be flexible enough to adapt to the evolving cybersecurity needs of the event. To protect its technology ecosystems from internal as well as external threats, Expo relied on real-time monitoring to identify any suspicious behaviour. With the ability to flag and classify any unusual activity, the Splunk platform allows the Expo team to respond to potential threats immediately and take corrective action.

DQ: Which sectors/ industries need a secured digital landscape? And how are Indian organisations faring?

JP: As hybrid working environments have become a norm across industries, it also opens doors to multiple-site breaching. 

This new normal has affected multiple industries and verticals. However, we have witnessed that it is particularly pressing for the Financial Services Industry (FSI) to have a robust, intuitive and secure security framework as the industry manages high volumes of finances and personal data. FSI  needs to reimagine existing data analytics strategies to help manage potential disruptions. Beyond security, data can help organisations improve product innovation, risk management and customer experience. This is only possible with the help of a real-time data analytics platform.

In India, we are working with one of the largest private banks, where we have deployed our cloud services to help them deliver a world-class customer experience. Through our cloud and enterprise security solutions, we are enabling them to improve their operations, cut expenses, and increase agility while maintaining security, expanding their data visibility and staying compliant with industry regulations.

DQ: What can be the solution for data breaches and costly ransomware attacks?

JP: A recent Splunk SURGe ransomware research highlighted that the median ransomware variant can encrypt nearly 100,000 files totaling 53.93GB in forty-two minutes and fifty-two seconds. A successful ransomware infection can leave organisations without access to critical IP, employee information and customer data. 

Security, by necessity, should be a part of every business process. Every project, software purchase or digital initiative has got to take security considerations into account. Additionally, data protection should start from educating your employees about the threat landscapes as a large number of phishing attacks penetrate at the employee level. The next step would be to set up strong perimeter security like firewalls. Lastly, at the endpoint, there has to be security measures deployed to prevent data breaches. This is where DevSecOps comes into the picture. DevSecOps is a broad technical framework that combines the disciplines of development, security and operations ultimately aims to make security an essential part of any agile business process, from the beginning. 

Byembracing DevSecOps, many organisations have adopted the key principle of moving security from the last step of software development to the first — bringing shared responsibility to developers. That approach can include embedding security engineers within dev teams, to ensure that security-related decisions are made during development stages

DQ: With the advent of hybrid work, several companies are ramping up their cloud operations. Do you feel that this immediate shift to the cloud is hampering security visibility? What steps should be taken?

JP: Indeed, as more and more companies ramped up their movement to the cloud to support hybrid work, it has  increased cloud  complexity and exposed  more security gaps. In fact, some cybersecurity experts predict that this rapid and unplanned move will result in a cyber-pandemic down the road.

However, these gaps can be filled easily with a robust and well thought out security strategy. Firstly, organisations can address their challenges and blindspots by working with trusted technology partners who are well-versed in cloud and data security  Any shortcomings in cloud security expose organisations to risky and expensive cloud security threats and a reliable partner with smart solutions is paramount to combat ongoing threats. 

Secondly, companies nowadays have more than one cloud provider. In this case, while each cloud provider has its own security services, there are other third-party vendors providing cloud security solutions to complement and enhance each one of those cloud vendors. Business leaders need to evaluate cloud security solutions that cover the broadest range of capabilities instead of multiple solutions with narrower functionalities. This will give you a broader range of security with less to manage. 

Thirdly, with so many different applications and systems  running across multiple clouds, teams need to have centralised visibility. Implement a cloud security solution that will also provide you with broad, full-stack visibility across your environments with AI and ML capabilities will allow teams to take action on the alerts that matter. 

Finally, adopt zero trust security in every business process, networks, people, devices, data and workloads. Ensure that there are security perimeters around each of these areas and that your organisation is only giving access based on minimum permission and privilege levels.

DQ: As per the report, Indian respondents report that only 33% of their organisations’ employees are currently working remotely, lower than the average in the rest of the world (49%). Why do you think the Indian percentage is lower than the global?  Government is forming a cybersecurity strategy on data protection to promote remote/hybrid work models. Share some thoughts on the future of a secure hybrid workplace

JP: The technology landscape is rapidly shifting and data from technology is captured faster than ever before. Not just the scale or volume of data, but the sources and where we manage that data is increasingly complex. The digital transformation happening with the new hybrid working model compounds the security challenges associated with enabling them.  Studies show that 55% of employees prefer remote or hybrid work environments in the post-pandemic era. Hybrid working models are likely to stay and businesses are now only going to continually evolve into safer data houses as a business imperative.

Splunk is the only data platform that can simultaneously serve the multitude of teams tasked with driving this shift across Security, IT, Observability, and other business units. The Splunk Platform’s mission is to help our customers — both on-prem and in the cloud — understand what is happening across this complex landscape. Splunk is the data platform that powers enterprise observability, unified security and limitless custom applications in hybrid environments.

As per Splunk’s State of Security Report, Indian organisations are on the leading edge when it comes to adopting security infrastructure. 72% of Indian companies report extensive adoption versus 28% of their peers in the rest of the world. In addition to this, they have been at the forefront of integrating non-security analytics with security analytics to improve decision-making. 77% of the respondents reported significant integration versus 37% across other countries. When it comes to understanding cyberthreats, India leads in many areas.

As India goes into a digital overdrive, the cyber threat landscape will also increase. The government of India has been pushing for a big change through its National Cyber Security Policy (NCSP), to protect organisations from cyber-attacks and businesses in India will continue to prioritise cybersecurity.

DQ: Indian organisations are making security a top priority. In terms of security-based investments, 90% of respondents in India say that their organisation will increase investments significantly in the next 12-24 months versus just 45% of their peers across the globe. Does this mean that India is actually ahead of its global peers in enhancing its cybersecurity infrastructure?

JP: The onset of pandemic exposed the fragility of the current cybersecurity policy in India. Security experts observed a 500% rise in the number of cyber-attacks and security breaches and 3 to 4 times rise in the number of phishing attacks from March when the lockdown started in June. 

The government is engaging with the information security team to put a robust cybersecurity framework in place. Very recently, CERT-In also successfully conducted the ‘Black Swan – Cyber Security Breach Tabletop Exercise’, to deal with cyber crisis and incidents emerging due to COVID-19 pandemic, resulting from lowered security controls as people work from home.

Aside from the significant rise in cyber attacks that Indian businesses are facing, as a nation recognized for its Information Technology industry, it would seem as a necessity for India to take an active and proactive stance towards cybersecurity. To sustain a sound security posture in today’s digital age will require businesses to leverage on AI and machine learning to enforce data security- automating tasks on cloud and defending against real-time threats with intelligence- to stay ahead of global peers.

DQ: Security talent is always scarce. But this year, Does India have the right talent pool for an effective cybersecurity workforce, what are the employment avenues in this field?

JP: Business leaders are facing a daunting shortage in skilled security experts.  Splunk’s State of Security 2022 Report  reveals a global security talent shortage where 85% of respondents highlighted that  it has been hard to recruit and retain talent over the past 12 months, 68% of respondents report that talent shortages directly led to the failure of one or more projects. 

To enhance the cyber pool talent, we can look into changing some of our existing strategies. Upskilling or reskilling the talent pool, increasing female participation in cybersecurity, including cybersecurity in academia, also look at increasing and improving awareness of the cyber opportunities at hand across industries. To help address this talent crunch, Splunk also offers free data analytics courses, certification programs  and solutions training available to businesses to help upskill businesses' current employees. 

DQ: Considering the immense threat to the humongous data that is being produced every day by the organisations, what is the way forward on cyber security and various thoughts by the experts?

JP: In 2020, reports stated that Indian enterprises alone might have suffered losses of more than INR 1.25 lakh crore due to ransomware, malware, and other security breaches. A cyberattack, or a data breach can cost a lot, especially not only the companies’ confidential data but also the data of its stakeholders is at risk. Therefore, adoption of data management and protection solutions have become imperative.

Today, there are multiple stakeholders who are working in silos, and need to come together to efficiently tackle and manage threats. As mentioned earlier, India is at a critical juncture in its digital journey and we have yet to witness the full explosion and capabilities of emerging technology such as 5G, blockchain and metaverse to name a few. To stay ahead, thrive and innovate, businesses must start to create a robust, predictive cybersecurity framework that is able to fully utilise business data for tomorrow’s opportunities.