In an age where digital innovation drives progress, the global landscape faces an escalating tide of cyber threats. Recent reports underscore the urgency of addressing these challenges, with India emerging as a prominent target for malicious activities. In this context, the Global Cybersecurity Association (GCA) stands as a stalwart advocate, committed to cultivating cybersecurity awareness and cooperation worldwide.
As part of our commitment to spotlight pivotal cybersecurity endeavors, we engaged in a conversation with Roopali Mehra, a distinguished member of the GCA's Governing Council. Mehra shares invaluable insights into the GCA's mission, its growth trajectory, and the significance of its latest initiative – the GCA Index. Join us as we explore Mehra's perspectives on fortifying cybersecurity efforts and empowering stakeholders across India and beyond.
Excerpts:
Can you share some insights into the growth trajectory of the Global Cybersecurity Association (GCA) since its inception?
Roopali: We've seen significant growth in both membership and participation. In 2020, the importance of cybersecurity became more apparent due to the COVID-19 pandemic, leading to the creation of the Global CyberSecurity Association.
Our committees, focusing on various aspects of cybersecurity, have grown from a few handfuls to over 900 members. Notably, we've recently conducted specialized training sessions in partnership with certain, attracting around 8200 participants, including representatives from governments, PSUs, and various industries.
What are the primary objectives and strategic priorities for GCA in the fiscal year 2024?
Roopali: Our focus for 2024 revolves around our core principles, which we refer to as 'ORWSA' - Organization, Regulation, Workforce, Stakeholders, and Awareness. Each of these pillars plays a crucial role in advancing cybersecurity practices and standards.
Could you elaborate on these pillars, particularly Organization and Regulation?
'Organization' refers to the need for well-defined structures within organizations to manage cybersecurity effectively. Often, there's a lack of clarity in roles and responsibilities, leading to gaps in security measures. We aim to address this by advocating for clearer organizational structures and dedicated cybersecurity teams.
'Regulation' focuses on navigating existing and upcoming regulations in cybersecurity. We aim to assist organizations in interpreting and complying with these regulations, which are increasingly crucial in today's digital landscape. Additionally, we collaborate with governments to ensure that regulatory frameworks align with industry standards and best practices.
It's clear that GCA's initiatives are essential in shaping cybersecurity practices globally. You made some excellent points about the importance of organizational structure and coordination in cybersecurity. Could you delve deeper into the significance of interdepartmental coordination and how it contributes to overall cybersecurity?
Roopali: Even if we are senior, like chief technology officers, we cannot assume roles such as chief information security officers or chief risk officers. Each of these roles requires distinct expertise and understanding. For instance, a chief information security officer must comprehend which information needs to be secured, regardless of its technological aspects. Similarly, a chief risk officer needs to grasp the various business risks, whether they involve operations, customer data, or other critical aspects. This highlights the need for different individuals to perform different roles within an organization to ensure cybersecurity.
How does this relate to cybersecurity awareness training and the role of different departments within an organization?
Roopali: Consider cybersecurity awareness training, for instance. Can you imagine a chief technology officer telling all employees to participate in phishing training? Likely not. Instead, it's the HR department that typically communicates such initiatives to employees. This underscores the necessity for interdepartmental coordination, facilitated by the board, to ensure that various functions collaborate effectively. Whether it's HR, legal, finance, or technology, each department plays a vital role in bolstering cybersecurity measures.
It seems like organizational structure plays a significant role in cybersecurity efforts. Could you outline the key aspects of organizational cybersecurity strategy?
Roopali: An effective organizational cybersecurity strategy encompasses several key aspects. Firstly, there must be clear delineation of roles and responsibilities, ensuring that each department understands its role in maintaining cybersecurity. Secondly, organizations must identify their critical assets, whether they're data, operations, or other elements, and allocate resources accordingly. Thirdly, interdepartmental coordination facilitated by the board is essential to ensure seamless collaboration and compliance with cybersecurity measures. Finally, ongoing training and awareness programs are crucial to equip employees with the necessary skills to mitigate cybersecurity threats effectively.
It's not just about plugging a solution, but understanding its capabilities. Regularly configuring and patching is crucial. These may seem like small tasks, but they are incredibly important.
Awareness is key. How do you see its importance?
Roopali: Awareness is vital, whether it's about regulations for organizations or understanding products for professionals. But general awareness is equally crucial. For instance, an 18-year-old needs to know the dos and don'ts of online activities, just as a parent needs to be aware of the risks associated with gaming apps for children.
Cybersecurity is everyone's responsibility. We must collaborate, including organizations like Dataquest, to make it a collective effort. As our digital borders expand, protecting them becomes imperative for national security.
Speaking of initiatives like the GCA Index, how do you see it benefiting Indian society amidst rising cyber threats?
Roopali: The GCA Index aims to provide a repository of solutions accessible to individuals, government agencies, and industries. By understanding available solutions tailored to specific needs, stakeholders can make informed decisions, ultimately enhancing cybersecurity measures. The GCA Index will be a searchable database, catering to various categories and use cases. Whether you're an MSME, a government entity, or an individual, the Index will offer tailored solutions, ensuring accessibility to all stakeholders.