As we navigate an increasingly complex, boundaryless hybrid world, cybersecurity has never been more critical. With cyberattacks growing in size, scale and sophistication, cybersecurity becomes mission-critical for protecting individuals, businesses, and governments.
Against this backdrop, and as part of Cybersecurity Awareness Month, Microsoft hosted a Future of Security curated dialogue with industry experts, on building India’s cyber resilience. Terence Gomes, Country Head – Security, Microsoft India, was in conversation with Seema Khanna, Deputy Director General, National Informatics Centre (NIC), Government of India, Rama Vedashree, Former CEO, Data Security Council of India (DSCI), and Satish Kumar Dwibhashi, SVP and CISO, InMobi, on the evolution of the cybersecurity landscape and the need for public-private partnerships to protect India at scale.
Trust in technology, need for stronger collaboration between the public and private sectors, driving consumer awareness, and the role of secure, trusted, ethical tech in driving innovation for India were some of the topics that were discussed.
Anchoring these discussions, Microsoft shared its commitment to building a trusted tech ecosystem in the country, making available the technology and threat intelligence expertise required to protect against cyberthreats.
Key excerpts from the discussion:
Trust in technology
Seema Khanna: “Trust in technology cannot work in silos, they go hand in-hand. Earning trust is easy, but we only get one shot at it. Both as government and industry, we must navigate earning the trust from users. For this, we need to have an enabling framework for services. Security must be by design and every service we provide needs to be built with trust, especially in the hybrid world.”
Satish Kumar Dwibhashi: “We are living in a digital world. So, digital trust is a necessity. It is no longer a choice, but imperative in today’s world.”
Rama Vedashree: “We need to take a step back and acknowledge how much has moved to digital now. Digital technologies are now being used for very personal, very sensitive information. This is exactly why trust in technology is receiving so much attention from government regulators and civil society. Today, the expectations of trust from consumers who are consuming digital services are extremely high – whether provisioned by a government agency, or large global cloud providers, social media platforms or even a small startup offering some service online.”
Terence Gomes: “Security is one of the topmost priority at the business level across all segments and sectors for Microsoft India. It’s also one of the fastest-growing businesses for us, so we are deeply invested in the cybersecurity space for India. Globally, Microsoft will invest $20 billion over the next five years to advance our security operations across the world. We are always trying to ensure that our tech is built not just for today, but for the future.”
Evolution of India’s cyber threat landscape
Terence Gomes: “In the last two and a half years there has been a digital explosion and transformation. However, with that, the attack surface has also significantly grown. So, while businesses have transformed, the entire visibility and control of the digital estate have also left security practitioners vulnerable. When we look at data from CERT-in, we see that more than 14 lakh cybersecurity incidents were reported in India in 2021, and almost seven lakh incidents were reported until June 2022. Attackers are not just attacking endpoints, they are attacking organizations from multiple entry points right from identity to endpoint to e-mail and now, of course, smart devices and IoT devices. So, while organizations are looking to scale up their security, attackers are really ramping up and going multi-prong to attack organizations from various levels.”
Seema Khanna: “The threat landscape has evolved in today’s world. Today, hackers are the elite force, using the best technologies available. In earlier times, people used to hack websites and take pride in doing so. These days, the hackers’ motivation and game plan has changed – they are now looking for money, selling the data and so on. As a result of this, the threat actors have evolved, and it is much more difficult to detect the persistent actors. As security professionals, we must get to the stage of being more preventive than reactive.”
Satish Kumar Dwibhashi: “The cyberthreat landscape has evolved dramatically wherein we today witness highly motivated and targeted attacks. Covid, especially, has pushed the boundaries. CISOs and CIOs could earlier draw a perimeter and secure their employees within the same. Working from anywhere has meant that while we cannot place stringent regulatory compliances that hamper businesses, we have had to learn to enable business, while correctly implementing the right security mechanisms.”
Securing India at scale
Rama Vedashree believes, “What is needed is really concerted action to mitigate the risk both at a global level as well as at a country level. In fact, even at a country level, it is important that we build capacity at a state and sector level. I think the regulators, or the nodal ministries play a key role because especially post pandemic, we have seen new sectors which were not so much at risk earlier such as healthcare and pharma now getting targeted increasingly. Today, cybercriminals are becoming extremely organized, using emerging technologies to drive attacks. As digital technologies are getting infused right at the block level across businesses and sectors, we need an integrated approach both from the government and industry.”
Seema Khanna: “As a nation we must build the future deliverers of technology – the youth. Hence, as organizations, we must advance the brilliant young minds in India. “Collectively, the youth, older generation, technology professionals, industry bodies and government need to build a common mandate to protect the nation from the threat landscape.”
Satish Kumar Dwibhashi:, “In today’s world, the attacks are highly motivated. The challenge here is to ensure security and convenience equally. India is a digital hub, and we are supporting the whole world. Covid made us more resilient, and we are now more prepared than ever to tackle attacks. As a nation, we must ensure continuity of business while enabling a secure ecosystem.”
Satish Kumar Dwibhashi:, “The weakest link in the chain is humans, which is why it is important to increase awareness amongst various stakeholders. All of us have to come together and spread awareness to avoid breaches.
Seema Khanna: “Today, we are talking about security in online websites. In the coming years, the quantum of online devices will significantly rise. To tackle this, we need to create a security framework that is idiot proof. We must predict the stupidities that an end user will do, to have ways to circumvent it.”
Microsoft Announces New Security Innovations:
Protecting a business against growing security threats is a huge priority today. Microsoft is committed to empowering businesses to maximize their security investments by focusing on five key areas: Building security in from the start, building trust fabric with flexible and secure access, decreasing insider risk and prevent sensitive data from being shared, managing securely across platforms and clouds, and protecting at machine speed.
Microsoft recently announced five new innovations to secure organizations amid hybrid work:
- Microsoft Defender for DevOps empowers security teams to unify, strengthen, and manage DevOps security, so they can minimize vulnerabilities and cloud misconfigurations and effectively prioritize and drive remediation in code across multi-pipeline environments.
- Microsoft Entra Identity Governance helps organizations ensure that the right people have the right access to the right resources at the right time. Microsoft Entra Identity Governance simplifies operations, supports regulatory requirements, and consolidates multiple identity point solutions.
- Microsoft Intune helps protect endpoints in the cloud, on-premises, and across device platforms by bringing together mission-critical endpoint and security management tools. The suite will include capabilities such as endpoint privilege management, intelligent automation and data insights, remote help, and automated app patching.
- Microsoft Purview Information Protection for Adobe Document Cloud which combines the power of native classification and labeling with the power of Acrobat to seamlessly secure PDFs, will now be generally available.
- Automatic attack disruption in Microsoft 365 Defender helps protect organizations at machine speed where it all comes together – in the security operations center (SOC). Using the power of Extended Detection and Response (XDR), Microsoft 365 Defender correlates trillions of signals across identities, endpoints, email, documents, cloud apps, and more to detect in-progress attacks like ransomware and financial fraud.
The information you’ve shared in this blog is very remarkable. Thanks for sharing such quality information.