India Insights with Geetha Nandikotkur

Data Breach , Education , Governance

Lessons on How to Respond to Data Breaches Security Practitioners Sought Advice on Breach Response Plans
Lessons on How to Respond to Data Breaches
Data Breach Summit Asia 2016, Bengaluru

In the face of increasing targeted attacks, cyber extortion and growing threat to critical infrastructure, as well as the high-profile breaches the industry is witnessing - and at a time when the government is really only beginning to consider serious questions of privacy and security governance - security practitioners are under pressure to protect their enterprises against future breaches.

See Also: Faster Payments, Faster Fraud?

Such pressures only put them in a tight spot to do a retrospection of their capabilities, insufficiencies and their approaches in responding to incidents. Beyond doubt, they face serious questions about whether they have the right policies crafted, have right controls and even the right skills to respond to breaches. So, what's missing?

A key focus of the session was to enable the participants to understand the various pieces of the enterprise framework that needed to be tied into as they set upon their journey to manage data breaches. 

It's constant learning. ISMG's second edition of Data Breach Summit Asia 2016 which just concluded on March 16 in Bengaluru, came up with the objective to help security practitioners seek answers and learn lessons on how to resolve the jigsaw puzzle of responding to future breaches.

Mission Accomplished

I would say the objective of the Summit was met in educating the information security fraternity about potential breaches invading their enterprises, conveying lessons on preparedness to tackle future breaches and sharing of the best practices by security stalwarts on how to prevent, detect and work on mitigation techniques with a strategic approach.

There were 100 delegates at the Summit representing IT/ITeS, manufacturing, government, banking and insurance, among others. The keynote for the Summit set the right context with Dr. A.S. Ramasastri, Director, IDRBT, throwing light on "Managing Data Breaches: Assembling the Jigsaw Puzzle."

A key focus of the session was to enable the participants to understand the various pieces of the enterprise framework that needed to be tied into as they set upon their journey to manage data breaches.

"It is important to assemble the right pieces including governance, policy, skills, solutions, systems and technology in appropriate places to create a perfect cybersecurity ecosystem," Ramasastri said.

The Summit delved deep into the critical aspects of security imperative for building an effective breach response model to detect future breaches, if not prevent them, through its keynote, exclusive spotlight sessions and plenary sessions.

There is a critical need to develop a cyber resilience framework for enterprises to fight the new challenges. This was clearly articulated by Preet Paramjit Singh, Delivery Lead-Special Projects & Cyber Resilience-ESRM, at Tata Consultancy Services Ltd, in his session on "Building Cyber Resilience." Says Singh, "It is important to identify gaps in cyber-attack response policies, plans and procedures and provide a road map outlining how to reduce risks, strengthen security posture and fortify the response plan."

Practitioners resonated with the challenges of coping with the new wave of threats from attackers who compromise critical systems and attempt a series of attempted cyber extortions, including targeted DDoS and delivery of ransomware.

They express such trends have reinforced the need to recognize and respond to these growing threats. According to the delegates that ISMG spoke with, the sessions reinforced their confidence in dealing with the situation and provided guidance on taking the right steps.

One of the new trends regarding payments innovation and its associated challenges also had them talking on how new technologies had a ripple effect on the security framework.

The session on "Payments - Mitigating New and Emerging Threat Vector" by Shivakumar Sriraman, chief risk officer, India & South Asia, VISA, helped delegates learn lessons on the cyberattack chain and draw a line between wishful thinking versus effective security controls, while setting about taking the right steps.

It was obvious that the practitioners face the challenge of convincing the board on a risk-based approach or in enabling them to understand the nuances of growing threats.

They acknowledged that the session on "Lead Your Board from Compliance to Risk-Based Security" by Sethu S Raman, chief risk officer at Mphasis Ltd, would help them assess the complexity of the business and apply the right framework of compliance and risk which are key ingredients to the business's success.

The lessons and insights on tackling data breaches through the day ensured the delegates had some takeaways.

Key Lessons

So, what's the impact? What do they need to do differently? I think the key message from the eminent speakers was to change the mindset.

The debate on securing critical infrastructure and building a public and private partnership model gave new insights on the new objectives in developing an effective cybersecurity framework which was practical and well thought out.

A handful of best practices should enable them to fight challenges:

  • Understand if technology brings in more data breach possibilities and, in parallel, provide more data breach management solutions;
  • Progress from assessing risks from an academic or a bookish point of view, dive into reality;
  • Change the flawed approach and understand that business alignment is not an academic exercise;
  • Draw the line between perceived security and real security controls;
  • Draw a road map between breach findings to security controls;
  • Importance of involving all the teams to drive innovations, which means security by design;
  • Approach for early detection of cyber-attack and identification of threat, which is critical for recovery.

With the key lessons learned at the power-packed summit, practitioners should start crafting policies and controls to respond smartly to breaches in future.

And, before signing off, do tell us a couple of things - what are the more critical issues that bother you? And what more do you expect to see in our future events?

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Around the Network