By Saket Verma, Cybersecurity Practice Leader, Kyndryl India
Cybersecurity can mean different things to individuals, organisations, and institutions. Depending on the nature of the requirements and significance, a strong cybersecurity value chain can take myriad shapes and forms. It should be a leading C-suite agenda for enterprises looking to succeed in a competitive landscape like India. Yet, we see a fragmented, inconsistent approach to building the cybersecurity infrastructure across sectors.
In the last decade cybersecurity challenges have become more sophisticated as enterprises are increasing their reliance on technology for business growth. The World Economic Forum’s Cybersecurity Outlook report indicated that cyberattacks increased by 125% between 2021 and 2022 – and this upward trend will continue in 2023. Hence, the conceptual frameworks, management systems and technology tools for cyber defence also need improvement if we want to stay ahead of the cybercriminals. In fact, as per PwC’s 2022 Digital Trust Insights Survey, 82% of the Indian respondents predicted an increase in their cybersecurity budget in 2022.
The key considerations for the enterprise remain – identifying its most critical risk areas, monitoring the threat landscape, sustaining the defences, and responding to incidents followed by impeccable resiliency in case of a breach. Understanding and mapping the enterprise risk profile over the entire cybersecurity value chain is critical to best meet these evolving requirements. This value chain cuts across business functions and departments and straddles an organisation’s complete technology stack, operations and digital assets. An organisation’s cybersecurity posture must align with its key business goals. Each organisation must identify and craft its value chain depending on its business model and the technology intensity of the industry where it operates.
We are in the age of cloud-first enterprises going from strength to strength, especially in a fast-growing economy like India. To survive and thrive in a digital-first world, companies can incorporate the following steps to ensure long-term cybersecurity resilience.
The continuous (code) development process
Instead of buying point solutions and putting together apps using open source, companies should invest in their developers to build security into the product and its lifecycle. By setting such policies and implementing them as code, companies can also ensure shared accountability throughout the IT stack. Enabling and empowering DevSecOps can lead to a robust and intrinsically strong cybersecurity value chain.
Security Operations, including the various relevant security controls
Critical processes and systems like data loss prevention (DLP), endpoint security, and network security must be checked and kept primed to deal with potential attacks. In the heightened threat landscape due to today’s hyper-connected reality, always assume that a breach is only a matter of ‘when’ and not ‘if’. Having a well-informed view of what data might be lost, how quickly you secure the rest, downtime duration, and how you minimise the time taken to get back online can help deploy the Disaster Recovery (DR) protocol much faster. Investing in solid threat response platforms will pay huge dividends in the event of an attack.
Cyber Resiliency infrastructure
A resiliency infrastructure enables your organisation to function at the minimum essential level, even in crises. It is vital for all key executives to know baselines, such as what critical processes underpin each revenue stream, brand and products, the entire data journey, vulnerabilities, and interdependencies of the IT stack. It is where we see a lot of silos and unpreparedness. Thus, in any enterprise’s cybersecurity value chain, one must ask – which areas have full impact potential and are most prone to attacks.
● Is the organisation handling any sensitive client data? Which makes data security non-negotiable, especially in sectors like health, insurance and finance.
● Is it a case of very few employees handling sensitive data with weak compliance systems? Example – a financial behemoth or venture capitalist fund.
● Is it a retailer with 100 pc sales through digital channels? This is where lending uptime is a top imperative.
Each organisation must accordingly map its cybersecurity value chain and assign due weightage to the progressive components that the executive management envisages. The overall business goals, operations and the role of data and processes around its handling are some factors that guide the process of creating this value chain. The technology and business leaders must work together to develop the cybersecurity value chain and present the same to the board for periodic guidance and support. With buy-in from everyone sharing the cybersecurity responsibility, this value chain can unlock the potential of a burgeoning market like India.
