Joy Sekhri, Vice President of Cyber and Intelligence Solutions at Mastercard, shares insights on the critical focus areas and strategies to combat cyber threats in this interview. From harnessing AI to fortifying digital identities, Sekhri outlines a roadmap towards a safer digital future.
Can you elaborate on the top focus areas for cybersecurity leaders in India?
India is already in its techade, an age where companies are increasingly adopting digital technologies in their transformation processes. But with the increasing digitization, there also lies multiple threats to the safety of consumers online. Globally, the rate of cyber-crimes is rising, and India too is not far behind. Last year, India ranked in the top 10 nations that witnessed the most cyber-attacks.
Users should always select services that use secure payment channels. They must tokenize their card details to secure their sensitive information, encryption to protect data during transmission, and leverage solutions with fraud mitigation capabilities to detect and prevent any suspicious activity.
Cybersecurity has quickly progressed from an IT challenge to a C-Suite priority; it’s now the top digital risk businesses face today. Mastercard recently released a report titled ‘Cybersecurity: Building trust in our digital age’ in partnership with AITE-Novarica and analyzed by the Centre for Economics and Business Research (CEBR). Some of the top priorities for cybersecurity leaders as revealed by the report are:
Artificial Intelligence (AI): For Indian cybersecurity leaders, AI plays a significant role in the realm of cybersecurity, presenting both advantages and challenges. On one hand, AI has evolved into an indispensable tool for bolstering defensive strategies, especially with features like threat detection, incident response, and predictive analytics. However, the very same AI technologies can be exploited by cybercriminals in fraudulent attacks, allowing them to manipulate AI systems to evade detection or carry out sophisticated hacks against organizations. Consequently, to safeguard AI implementations within their systems from malicious threats, cybersecurity leaders are exercising caution and placing a strong emphasis on security protocols and continuous monitoring.
Digital identity: In India, the issue of digital identity security takes on paramount importance, especially with the proliferation of digital services and with the involved database of sensitive biometric and personal data. Robust authentication procedures must be firmly in place to prevent unauthorized access and fortify defenses against potential breaches. Striking the delicate balance between providing convenient yet secure digital services while safeguarding user privacy presents a challenging yet essential task for cybersecurity specialists in India.
API (Application Programming Interface) security: API security holds a crucial role in averting unauthorized access, data breaches, and potential security risks, a consensus among cybersecurity leaders. Employing proper access controls, encryption, and robust authentication techniques exemplify essential precautions for API security. APIs, due to their continual usage, remain susceptible to vulnerabilities and exploitable flaws, demanding the adoption of continuous monitoring and testing by security executives to swiftly detect and mitigate these vulnerabilities.
In what ways do you believe consumers can play a role in combating cybersecurity threats, and what measures can be taken to empower them in this regard?
Consumers can effectively combat threats by limiting access to their sensitive data and maintaining strict control over who can access their personal and financial information. Sharing such data exclusively with trusted parties and promptly revoking access when it’s no longer necessary reduces the risk of data breaches and unauthorized entry, ensuring the safety and security of their information.
Consumers should prioritize keeping their software up to date by regularly updating their devices and applications to incorporate the latest security patches and bug fixes. This proactive measure diminishes the likelihood of cybercriminals exploiting vulnerabilities associated with outdated software, thereby enhancing data security and minimizing the risk of financial losses due to cyberattacks.
Furthermore, consumers can bolster their security posture by leveraging advanced authentication methods like multifactor and biometric authentication, which are increasingly prevalent in global markets. Biometric authentication methods such as fingerprint or facial recognition offer both enhanced security and convenience, making them a secure choice for digital payment authentication. Additionally, users should always select services that use secure payment channels. They must tokenize their card details to secure their sensitive information, encryption to protect data during transmission, and leverage solutions with fraud mitigation capabilities to detect and prevent any suspicious activity.
How does innovation play a crucial role in addressing the evolving landscape of cyber threats? Could you provide specific examples or strategies?
In the ever-evolving landscape of cyber threats, innovation plays a pivotal role as cybersecurity professionals must adapt continually to safeguard their organizations. AI and ML-powered solutions are revolutionizing threat detection by analyzing vast datasets for anomalies, identifying emerging threats, and scrutinizing network traffic, user behavior, and system logs for suspicious activities, such as unusual file access patterns, unauthorized login attempts, deviations from established baselines, etc.
The Digital Personal Data Protection Bill of 2023 is a crucial milestone in advancing personal data privacy and security within the digital realm. It introduces several key elements that have the potential to shape India’s future data protection and privacy regulations.
However, at the same time, it is equally important to ensure responsible use of these new-age technologies. At Mastercard, anytime we use AI, the use case goes through a governance framework to ensure it is aligned with our data principles. To implement it responsibly, organizations need a robust AI governance framework. This will serve as a backbone to delivering efficient solutions to customers while doing right by them.
We also follow a ‘zero trust’ model that assumes no entity or user is inherently trusted, regardless of their location. Implementing a zero-trust security model ensures that every access request is rigorously authenticated, authorized, and monitored, regardless of whether it originates from inside or outside the organization’s network.
We leverage AI in securing billions of transactions, saving over US$35 billion in global fraud over the past three years, not only in cybersecurity but also in personalization and digital identity platforms. Our tech-powered innovations are geared towards addressing the next-generation challenges and empowering people with digital tools while supporting our business customers’ AI journeys. Covering more than 14 million entities, we are among the world’s largest cyber assessment solution providers, integrating AI into various modules within our fraud assessment ecosystem and pioneering work in the field of behavioral biometrics to pre-empt and prevent fraud, ensuring a safe and secure payment experience for all.
Do you believe that the current legal frameworks and regulations surrounding cybersecurity are sufficient to address the rapidly evolving nature of cyber threats? What are your thoughts on the key provisions and potential impacts of the Digital Protection Bill? How do you see it shaping the future of data privacy and security for individuals and businesses?
The cybersecurity landscape is evolving rapidly, with new risks emerging at an unprecedented pace, driving policymakers to hurriedly adopt new rules. The government is taking measures to ensure responsible business conduct and individual data protection. Recently, at the G-20 summit, India advocated for the responsible use of AI technology. Also, the Digital Personal Data Protection Bill of 2023 is a crucial milestone in advancing personal data privacy and security within the digital realm. It introduces several key elements that have the potential to shape India’s future data protection and privacy regulations.
At Mastercard, we believe, no one player can solve this problem. Collaboration is key to achieving success and addressing the challenges faced by the ecosystem today. We believe in the power of public-private partnerships and work closely with policymakers, regulators, and users to drive governance, promote consistency, and advocate for a risk-based approach. Our team of data experts engage directly with policymakers, ensuring the coherence and fitness for the purpose of these rules. In tandem, we continually enhance our controls and governance to align our technology use with all laws and uphold our data responsibility principles.
What role do you see for third-party assistance in deploying AI-powered solutions?
According to the report, more than 84% claimed they would be interested in receiving assistance from third-party experts around AI–powered cyber solutions. It is a complex field, and organizations may not have the in-house expertise required to develop and deploy technology solutions effectively. Third-party experts and specialized companies can fill this gap as they have the right expertise and manpower to address the challenges organizations face today and ensure that implementation is efficient and aligned with responsible practices.
Third-party service providers offer several advantages for organizations looking to deploy AI solutions. These providers come equipped with pre-built models, tools, and frameworks that can be tailored to an organization’s specific requirements, significantly expediting the implementation and enabling businesses to swiftly reap the benefits of AI. Moreover, many third-party providers deliver scalable solutions, allowing organizations to effortlessly expand their AI capabilities as they grow, without the need to start from scratch. This scalability is particularly advantageous for handling large datasets and complex AI algorithms.
Building AI capabilities from scratch can be both expensive and time-consuming, making third-party solutions, often cost-effective, especially for smaller to medium-sized organizations. By outsourcing AI development and deployment to third parties, organizations can focus on their core competencies.
Furthermore, building AI capabilities from scratch can be both expensive and time-consuming, making third-party solutions, often cost-effective, especially for smaller to medium-sized organizations. By outsourcing AI development and deployment to third parties, organizations can focus on their core competencies.
In your opinion, what are the most pressing cybersecurity threats that individuals and organizations should be aware of in 2024?
Considering the rising cybercrimes in the country, some of the most prominent cybersecurity threats that individuals and organizations should be aware of in 2024 are:
- BOTs and Non-Human Actors: These automated entities can execute various harmful actions, such as credential stuffing and content scraping. It is crucial to deploy bot detection and mitigation tools capable of distinguishing legitimate from harmful bot traffic and employ additional safeguards like CAPTCHAs, multi-factor authentication, and behavioral analysis to thwart automated attacks.
- Cloud Computing: Threats such as data breaches, misconfigured cloud settings, unsecured APIs, and unauthorized access can pose substantial risks. Encryption of data both in transit and at rest, enforcing strict access controls, conducting regular audits of cloud setups, and establishing a clear separation of security responsibilities between cloud service providers and clients can help address this gap.
- Internet of Things (IoT): Threats include device hijacking, data breaches, and the formation of IoT botnets for DDoS attacks. Safeguarding IoT devices demands strong passwords, regular firmware updates, and network segmentation. Implement IoT security regulations and intrusion detection systems to protect IoT networks.
- Third-Party Risk: These threats can encompass data breaches, supply chain attacks, and system vulnerabilities introduced by external partners. Mitigating these risks involves comprehensive due diligence when selecting third-party partners, robust vendor risk management procedures, clearly defined contractual agreements, and regular security audits.
- Staff Using Personal Devices: Personal devices often lack the same security safeguards as corporate assets, making them susceptible to viruses and data breaches. They can also serve as potential entry points for attackers. To counter these risks, organizations should implement mobile device management (MDM) solutions to secure work-related personal devices. Enforce robust password policies, employ encryption, and maintain the capability for remote device wiping to protect sensitive data.