Becoming a top-notch cyber security professional was one of the most unlikely of things for Meetali Sharma, who is currently the leader of Risk, Compliance and Information Security at SDG Corporation. Surprisingly, Meetali started her career as an IT and Corporate Communications executive for Organic India where she managed the company’s websites.
Meetali joined Corporation as a Project Manager in 2007 and her mandate was to manage projects on different technologies. “I always aspired to do something at a corporate level. I knew it wasn’t easy. But over time, I earned the trust of the management and worked up my way to be promoted to the current role, which is a big responsibility. In my current role, I have to ensure that the company is cyber resilient and compliant to different regulations that apply on us. It isn’t easy for women to make a mark in this industry. But I am among the few who have done it successfully,” recounts Sharma.
It was in 2010-11 that Meetali shifted to the role of a Risk Leader due to her performance on the projects that she had been handling.
CISOs Need to Adopt a Risk-based Approach
Ransomware attacks such as WannaCry, NotPetya and BadRabbit have shaken the industry and repeatedly remind to have a robust, lasting, enterprise-wide cybersecurity strategy in place. Things are only going to get more complex mandating CISOs to give a fresh look at their ability to think differently, more creatively. When queried on the subject, Meetali is ready with her own checklist for CISOs on how they can help their organisations become more cyber resilient.
According to her, CISOs should start thinking of a risk-based approach and act as advisors to help executive management take right decisions at the right time. Not only should the CISOs be abreast on the latest security tools and technologies, but also, they should have a comprehensive knowledge on existing and futuristic threats. “As CISOs, we need to continuously monitor and alter (if required) our cybersecurity posture and compliance framework. Rather than just looking at the business requirements or the market trends, CISOs should play an active role in business helping C-suite take decisions based on proper risk assessment. The processes/tools/controls implemented should be based on a thorough risk assessment of the environment. They should not only enhance security but also be easily adaptable,” feels Meetali.
Instead of just implementing fancy tools or new technologies, a CISO needs to first assess the business needs for their organization and then come up with compensatory controls/innovative methods. It is important to ensure good incident response & BCP/DR plans to counter attacks (both internal as well as external).
“Being a CISO, one needs to be high on contemporary knowledge and keep building defenses for a cyber resilient organisation. Looking at rampant surge in the number of data breaches, malware attacks and changing threat landscape, building cyber resilience and implementing the right set of controls is the only path to success,” she says. Protecting data rather than storing data would continue to be of paramount importance. “In our organisation, the focus is on monitoring the incidents/security breaches and also monitoring the KPIs and KRIs to ensure that we are well-prepared to face any kind of incidents and threats.”
Meetali lays a great deal of emphasis on compliances and controls. “These should not be merely for the purpose of clearing audits. Rather, they should entail continuous monitoring and control mechanism. It is true, every employee should own information security initiatives/policies and they should be imbibed in the DNA of an organisation,” she concludes.