.png){kind=logo}
Challenges like IT\OT convergence, cloud migration, and web application security continue to be major concerns for security leaders as organizations in India transition to remote working environments. A study by the Data Security Council of India revealed that 58% of cybersecurity threats that organisations in India encountered were due to risks posed by emerging technologies. With digital transformation compressed into a short time during the pandemic, it's clear that the threat landscape is becoming more complex. This has often left CISOs frustrated as IT teams fast forward new technology initiatives before fully considering the security risks.
The best way for security leaders to regain control and ensure that security is weaved into the fabric of an organisation's infrastructure is to transform into a Business Aligned CISO. Less than half of the security leaders surveyed in a recent Forrester study commissioned by Tenable reported that they align business objectives to cyber risk priorities. It is a challenge for business leaders to view cybersecurity as a value driver. However, CISOs can help business leaders see value in the trust, security, and resilience that come from strong cybersecurity capabilities.
Below are practical ways that security leaders can not only secure critical new technologies but also present an effective case that they are adding value to the business.
Last year, a ransomware attack on a pharmaceutical organisation, led to a 24-hour pause in global operations across its manufacturing units. Threats such as these reinforce why the modern attack surface requires security leaders to consider vulnerabilities not just in IT networks but also in the OT environment. The previously noted Forrester study showed that 67% of cyber attacks on Indian organisations were also related to OT networks. The problem is that while adversaries are scanning all of these environments to find the easiest attack approach, legacy vulnerability management methods are limited to scanning traditional IT environments – so OT assets and risks often remain invisible.
Few organisations currently manage OT and IT with the same staff and resources. These areas have traditionally operated in different "worlds" with different priorities. The growing pains associated with bringing together the physical and digital worlds can be a challenge. The IT/OT convergence trend is not only driving the integration of IT tools with OT solutions, but it also requires alignment of strategic goals, collaboration and training; and this is only the beginning of the challenge.
IT staff are typically concerned about data confidentiality, integrity, and availability. Because IT was the front line in identifying, mitigating and reporting cyber attacks, the IT environment had to constantly evolve. In contrast, OT staff work in an operational environment where stability, safety and reliability are top priorities. More than in any other part of the business, time is money in the OT world. As an example, it is estimated that the cost of unexpected downtime of a car factory is $22,000 USD per minute.
Changes to OT such as upgrades and patches are viewed as serious business risks that will impact business continuity instead of security improvements.
To effectively gain support from the business, CISOs need to steer away from focusing on the "threats posed by IT\OT convergence" and towards a conversation about the benefits of cybersecurity for increasing reliability and improving security, with minimum downtime. This can be achieved by implementing technical solutions that not only address external threats but also monitor conditions arising from critical OT concerns like human error. Using a cybersecurity tool that can address this key vulnerability will provide major operational benefits.
DevOps and security teams have historically been known to work in silos until the end of the development process, resulting in friction between both teams. This is because security is often an afterthought in a race to roll out products and services to market, not leaving enough time to address the potential vulnerabilities that may arise. This is another pain point for CISOs in maintaining control and alignment. CISOs need to convince other executives that security is necessary for the development process and that integrating security as part of that process will not prevent DevOps teams from achieving their goals.
CISOs can change the old ways of DevOps working by "shifting left" to include security processes earlier in the application development planning process. Focusing on ongoing problem prevention, rather than late problem detection, helps both security and DevOps teams work effectively.
Using a risk-based security tool can actually accelerate the DevSecOps cycle by reducing the number of failed builds that are caused by security test failures and also reduce the number of rebuilds due to new security events. Efficiency, cooperation, and speed will win DevOps support for cybersecurity.
With increased cloud migration in India, the number of breaches and cyberattacks have increased to 696,938 in 2020 alone – making cloud security a priority. However, traditional cloud security that depends on agents, is hard to manage and activate in environments that have network micro-segmentation. This has made cloud security even more challenging for the CISO.
To achieve success, CISOs should focus on solutions that can discover and assess dynamic assets based on a licensing model adapted for what is actually in use. This provides effective cost management.
Organisations are operating in digitally sophisticated and rapidly changing environments. Nearly every business, across every vertical, now relies on technology advancements in a constantly changing environment. This reliance on technology means cyber risk now equates to business risk. It also means that modern CISO can no longer focus on just tactical security issues. Instead, security leaders must assure that security is aligned with the business strategy and goals.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance on cryptocurrencies and stocks. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. This article is provided for informational purposes and does not constitute investment advice. You are responsible for conducting your own research (DYOR) before making any investments. Read more about the financial risks involved here.
