The cyber threat landscape is changing rapidly. The past year was full of ransomware attacks such as WannaCry, NotPetya and BadRabbit. Experts say that things are only going to get worse. The impact of cyber security lapses on business is radical. Every successful cyber-attack has the potential to cause serious damage to the company’s bottom line, as well as its business reputation and the customer’s trust. Companies also realize the impact security breaches can have on their functioning. No wonder, cyber security has the attention of organizations as they continue to face an increasing threat landscape. Therefore, as technologies continue to evolve, CISOs have a tough task cut out for them. Krantikumar Sherkhane, Chief Information Security Officer (CISO), Aditya Birla Health Insurance Company Limited speaks with Muqbil Ahmar, Executive Editor, dynamicCISO, and spells out the 5 major challenges facing CISOs today.
1) Lack of properly skilled information security resources is the biggest challenge. CISOs may have deployed a lot of technologies, such as advanced Analytics tools, Artificial Intelligence (AI), Machine Learning (ML) etc. but identifying the right skill set and getting them on board is a challenge which we are facing. We are not getting the right personnel to do the job. Until this skill gap is filled, there can’t be proper mitigation of malicious cyber-attacks.
2) The threat landscape is increasing greatly. Both internal as well as external threats are increasing dramatically. As far as the internal threats are concerned, the problem is that a lot of people are handling data. So, there are a lot of admin users who have access to the database, systems and applications. They are all internal threats.
3) Moreover, machines have access to a lot of critical data, which is sensitive. Therefore, any virus or threat which enters into the system can directly impact the servers. This is also a significant challenge for CISOs today and it would be interesting to know how they control access.
4) There is a lot of remote work going on. People are on the mobile all the time and access applications through that. Then there are BYOD policies in organizations.
5) The last challenge is for a CISO to know the exact cyber security requirements of an organization, when they join it. This is a must. They must carry out a proper risk assessment and data analysis. They will help them create a roadmap of how to best insulate the organization against cyber threats.
As the threat landscape continues to evolve, CISOs have their task cut out. They need to overcome the above mentioned challenges and take a fresh look at cyber security. Mitigating the risk quotient has its own set of hurdles. Moreover, with the General Data Protection Regulation (GDPR) coming in, privacy concerns have also assumed center stage and CISOs will have to ensure data privacy since organizations faltering on the compliance front may end up paying dearly for their lapses.