Cyber Security Strategy : Global Challenges and Local Opportunities

Introduction

The Cyber Security challenges and surviving through the hostile environment are one and same thing or should we say these are two complimentary functions in modern day life and business. We are living in a world wherein life has become  increasingly technology dependent, more so, the information technology be it in homes, or transiting / commuting by metro/car/train/air or working in any environment, we are under its benign shelter.  Today, we can’t imagine our day to day lives without a mobile phone and associated technologies, connectivity with the globe and thus wily-nilly are exposed to the vagaries of cyber world.

The threats emanating from the Cyber world has becoming omniscient and omnipotent phenomena. The line between safe confines of homes  and work places are no more outside of it. It has engulfed both. So the safety and security planning against the threats have to encompass both the components. Businesses will and are certainly working on the challenges that are being faced by them but building necessary resilience at home and elsewhere is the responsibility of the individuals and the society at large including the governments, be it local, regional and national.

Threat Landscape & Security Framework

• The landscape:  It is vast, be it in the form of trojan or massive DDOS attacks in the enterprise levels where Cyber frauds to cyber arrests are mega challenges at the individual level. At national level, the landscape is vast and wide, be it in relation to the national critical infrastructures, information highways and telecom networks, banks and financial services, security assets (defence, police and other agencies),  and all are under severe threats and weaponisation of cyber world is a reality of life. The protection of these assets, networks  has become critical and thus need to build resilience. But the threat faced by individuals are of serious nature as it relates to ordinary people who become easy targets. But we will talk of Cyber security challenges and other issues for the Businesses or public or private organisations in this article and not dwell upon the individual issues separately.
• Security Framework for Businesses:  Organisations across the board need to have a proper security framework in layered manner. It must be built from the physical layers to decision making layers at the management level to ensure the security is not jeopardized en-masse. The advantage of structured layers will help to withstand the pressure and thwart the attack at each level depending on their resilience capability. Thus, it is fair to assume that when we talk of Cyber Security framework, it means building the organisational capability to survive through unwarranted assaults. The attacker shouldn’t be allowed to bring the whole ecosystem down. The system should be so structured that any misadventure is met with countermeasures and preserve its own sanctity and independence of operations.

Challenges of the Business Leaders

We are living in an era wherein technology is helping in doing Business smoothly and in real time manner, but it has come with own pitfalls and that is the ‘challenge’. If the business leaders are empowered to take decisions and act swiftly and the ecosystem is designed to perform against those  threats, then the organisation will reap the benefits. To exploit those opportunities, one has to be agile, thinking and proactive and remain ahead before it actually hits the door. The unwanted threats are omnipresent and one has to delve through with an uncanny aim to protect their own systems, limit the damages and save the business reputation.  The challenge is not only to survive by facing the attack vectors but also to counter no sooner than it is launched. Unfortunately, the attackers remain ahead as they have sole agenda while the victims who are engaged in many fronts for profitability and growth.

New Strategies for Combating the New Threats

• As the Chief of Defence Staff of India Gen Chauhan said recently the ‘New Age warfare cannot be won with old age weapons’ or words to that effect. Similarly new age threats coming out from unknown borders has to be met with equivalent and potent technologies. Well, at an enterprise level, we may say that cannot retaliate back as these would entail huge investment and serious resource and time. But as a developing nation, we have to ensure that the culprits do not get an easy entry through national information highways to any of the systems or networks, be it personal, private or public. It is the responsibility of the national governments to ensure  security and safety of each one of us. That does not mean that we as an individual organisation have no responsibilities. We need to follow security protocols at each of our premises, work places and the systems. There is a huge opportunity in this domain. We need to harness new technologies, systems and adopt new strategies to meet the challenges.
• Deployment of New Technologies: While accepting the fact that we need to harness new technologies, legacy systems will continue to exist and thus they need to ensure the plugs and patches are place. There is a need to have platforms which can imbibe the legacy technologies for best use of the investments that have been done in the past with latest firewalls, Threat Intelligence and Threat Protection (TI/TP) systems. The deployment of these technologies with central command and control platforms for security generally known as Security Operation Centres(SOC). These SOCs are built with latest technologies such as AI, big data and blockchains. They are deployed to monitor the security 24×7 and ensures breaches are denied or reduced, and breach happened it is detected in time and countermeasures deployed to protect the assets. It has almost become a necessity to have such technologies at each and every business or private or government facility with due convergence of both the system along with TI/TP systems.

Involvement of the Management

Today the security cannot be treated as a tertiary function and left to outsourced agencies alone. In fact, it has become a leadership function and thus one has to integrate the security protocols as part of the management function. When we talk of involvement of the Management, it means that the decision maker at the top level should have the complete picture of the security scenario and should have apparatus to handle it. The decision maker cannot delegate this responsibility of ensuring safety of not only the assets but also the people who are working in the entire organisation. In addition, it is the responsibility of organisation to protect the data and have responsible Data Protection Officer (DPO), mandated under the Law.

Conclusion

Today, the Business threats are very prominent and always on the increase in terms of ferocity and frequency. In this game, one has to remain ahead and for which one has to plan and execute the security preparations before they are struck. In addition, the type and magnitude of threats have changed in its nature and the impact is huge because of the adoption of newer technologies on the other side. In today’s world very few businesses can afford to work in silos and not connected. In fact most sensitive and secluded networks (like defence and nuclear networks) have been breached because of ignorance or human error or both. Thus, the Business survival and profitability is highly dependent on our own strategies, preparation, fortification and new technologies because the challenges may be global but they have to be addressed at local levels by harnessing all those aforementioned new technologies, processes and applied at all levels and build the resilience.