The role played by CISOs in addressing cybersecurity challenges: Akshay Aggarwal, Oracle India

DQ. What are the top security challenges faced by CISOs?

In the digital economy, given the data explosion, organizations are faced with an enormous challenge of safeguarding their data from cyber-theft. Industry research pegs the global average cost of a data breach at $3.92 million - a 12 percent increase since 2014. While much of the responsibility falls into the ambit of the CISO, it’s important to understand that an organization-wide approach to safeguarding data, driven by a security-first culture, has become a business prerequisite.

Hacks are increasing in complexity, variety and impact, so a CISO can’t afford to let his/her guard down even for one second - because the attack surface has expanded unimaginably spanning multiple threat vectors. Add to this the shortage of top-quality cyber-talent, and increasing regulatory/compliance requirements - you have the CISO literally in the hot seat at any given point in time.

From a role itself, CISO will become a much more strategic enabler to business success, coming to the forefront and even stepping out to meet customers and educate them about why security is everyone’s responsibility in today’s world.

DQ. How important is it for businesses to have a robust cyber defence system in the Industry 4.0 era?

It’s super important, so much so that one small instance of negligence can undo decades of great business success. Recognizing that data is the new currency in the digital economy, hackers are getting smarter and are deploying advanced technologies to attack and access data beyond their reach. In such a scenario, adding more people to the equation to counter machines isn’t going to work. Organizations ought to leverage the very same technologies or more advanced ones – just adding more humans to the equation will not work. It’s got to be a (good) machines v/s (bad) machines combat.

To create a cyber-resilient and always-prepared organization, it is important for every CISO to have a scalable plan to manage the risk. An autonomous cyber-defense system, one that comes with self-driving, self-securing and self-repairing capabilities, is the need of the hour for businesses.

DQ. How can CISOs future-proof their organization’s information security fabric?

CISOs can start by investing in threat intelligence programs, which can help them understand the existing and potential hazards targeting valuable assets. They also need to combine the IT security and business risk management, which can, therefore, support the overall objective of the business. A report by Accenture shows that only 40% of CISOs communicate with their CEOs/boards proposing an integrated security approach. This percentage is pretty staggering and should improve in the upcoming years.

DQ. How does Oracle’s autonomous approach to data management make organizations more secure against data thefts?

Oracle’s approach to security is built on 40 years’ experience in protecting the world’s most sensitive data. Oracle Gen 2 Cloud has put the security of critical workloads at the forefront of its cloud design. For customers running security-sensitive workloads such as financial applications or citizen data accessibility, Oracle Cloud Infrastructure (OCI) has built a cloud with technology to reduce risk by isolating customers from the parts of the cloud-controlled by other tenants and even Oracle personnel. The security-first design approach led to innovations like isolated network virtualization and pristine physical host deployment which give customers a higher level of security than first-generation clouds.

Oracle Autonomous Database is a generational innovation that redefines data management. It automatically encrypts all data whether it’s at rest or in flight. It also prevents any administrators from snooping on sensitive application data. From a security perspective, with self-securing capabilities, Oracle Autonomous Database ensures the automatic application of the latest security updates with no downtime, eliminating cyberattack vulnerabilities. It also offers protection from all types of downtime, including system failures, maintenance, user errors, and changes to the application data model.