Dataquest spoke to Dr Debabrata Nayak, CSO, Huawei Telecommunications India to understand from him how the cyber security space is becoming a more critical and complex. Dr Nayak stressed on the need to have a better cyber security in place for every organization. Excerpts:
Q) What is the role that CSOs or CISOs play in managing the cyber security of enterprises?
With the rapid digitalization of functions and processes of organizations, the need for adopting secure cyber practices is becoming extremely important. Establishing a cyber security program and business continuity program for drafting various security policies is a vital role of CSOs and CISOs. These policies are Information security policy, Data governance and classification policy, Access control policy, Acceptable use of assets and asset management, Risk assessment and risk treatment methodology, Statement of Applicability, Risk management framework including third parties, Applied Cryptography, Communications security, Information Security awareness programs for all personnel.
Q) What are the key areas in cybersecurity which need focus?
Cyber security regulations improvement demand will continue to rise for security skills. Cyber security and Internet of Things (IoT) breaches will get more complicated and harder to beat. Cyber risk insurance will become more common; in fact Gartner also predicts that AI & Advanced Machine Learning, Virtual & Augmented Reality, Block chain, Adaptive Security Architecture will play major role in cyber security perspective in 2017.
Q) Do you think we need to look at cyber security in a new paradigm in view of increasing use of IoT and cloud?
In order to safeguard their digital assets, enterprises are spending a fortune and even then the world in recent times has witnessed some of the severest forms of cyber security breach. In such a scenario, we definitely need a new protection paradigm, if we can say so, which is only possible through consolidation of digital infrastructure. Since what we now need is not just security but a better cyber security. Growth in cloud solutions and Internet of Things applications, especially when there is an increased access to remote network and sensitivity of accompanying data, has the ability to result in ‘Trusted’ platform security which can be applied across industrial verticals as per need. In fact, for many organizations a private cloud will avail a greater level of security than otherwise possible. Technology- Security organizations are confident to benefit from such an industry consolidation in the near future, where most of the organization would look forward to shifting their technology dollars to fortified robust cloud domain and TPM secured devices.
Q) Which are the key sectors that are vulnerable to cyber security most in India?
Digital space transcends boundaries in order to deliver unprecedented levels of connectivity, enabling industries across the globe. India’s social and economic growth is intricately linked to the digital sphere, given the road mapped by the various government initiatives- Digital India, Make in India, e-governance, Smart Cities Mission, Green Energy Corridor etc. Hence, a proactive engagement is a must for India at the global platform too. The nature of cyber-attacks in the recent years has evolved with the latest ransomware attack shaking the core of IT infrastructure globally, and not just India. This requires a beefed up cyber safety valves and infrastructure to help cater to the ambitions of the government and its industries.
If looked at in-depth, cyber security can cater to various industrial verticals through its varied products such as- web security; Identity and access management (IdAM); messaging security; security and vulnerability management (SVM); network security and endpoint security. Since every sector is interconnected and co-dependent on the other, it becomes imperative for government and the organizations to build a robust infrastructure for Implementation; education, training, consulting and managing security services (MSS). This ways the country and its economy would be better prepared in future for the potential breaches. If we believe the industry reports, then we are moving towards such a future swiftly, where there will be a spurt of cyber security startups and millions of jobs in the country by 2025.
Q) What are the key initiatives taken by Huawei to support cyber security for enterprise, industries and other sectors?
As an organization, Huawei has zero tolerance and all the activities are being administered from the top. There is no complacency when it comes to cyber security, IT heads are forever vigilant in this regards. Yes, there is definitely a need to advance the technology level as the threat mechanisms are constantly evolving. In line with this, Huawei has established a comprehensive, ISO 28000-compliant supplier management system that can identify and minimize security risks during the end-to-end process from incoming materials to customer delivery. Huawei selects and qualifies suppliers based on their systems, processes and products, choosing those that contribute to the quality and security of the products and services procured by Huawei. Huawei continuously monitors and regularly evaluates the delivery performance of suppliers and checks the integrity of the third-party components during each of the incoming material, production and delivery processes. Huawei records the performance and establishes a visualized traceability system throughout the process.
Q) What is Huawei’s existing cyber security strategy?
Cyber security continues to be an issue of intense interest to our customers, governments, and solution providers alike; it is a focus of Huawei and cyber security assurance is one of our core company strategies. We believe it is only by working together internationally, as vendors, customers and policy and law makers will we make a substantial difference in addressing the global cyber security challenge.
Q) Do you think employees play any critical role in preventing cyber-attacks in an organization?
Employees certainly play a critical role in identifying potential breaches. As per industry reports, approximately 98% breaches were detected by the employees versus the security team. It is imperative to understand here that company officials serve as the first line of defense, and hence it is necessary for organizations to train and continuously upgrade their cyber security skills, required for a successful operational business. An advanced set of cyber security mechanism, which is capable of constant evolution and combating threats needs to be then ingrained in the organizational culture itself. In Huawei, we have new joinee program where we trained our new employees about cyber security. Also, we have extensive cyber security program for senior management level and most importantly we train vigorously our field engineers as they operate in customer environment; for example, they take three way approval before touching customer network.
Q) How do you see the recent wannacry ransomware attack? What should Indian organizations learn from the global ones?
Ransomware wannacry hit several nations recently and in some cases crippled the national schemes to the level of hurting the national sovereignty, example UK’s National Health Scheme. Other threats include human hackers, stealing/ corrupting sensitive data or simply infiltrating the system itself. Essentially, every IT operating system and database is subject to such security breaches, provided advanced tech-intervention is done from time-to-time. There is, therefore, need for constant innovation and a new paradigm in terms of increased role of cloud solutions and IoT applications. It has now become vital to provide real-time protection to systems in public and private establishments involving usage of softwares like data encryption, Next generation firewalls etc.
Cyber safety then is a dynamic idea, as the cyber attackers can leverage unrecognized vulnerabilities even as system safeties are upgraded. Government of India in this regards, we believe should partner with firms who have global expertise and have time and again proven to be an asset both in fields of technology and national interest. Huawei for instance can provide such a partnership by pitching its high-end products and services to gain holistic control on policy and production of critical software items and systems.