The Economic Times daily newspaper is available online now.

    Organizations need to maintain a strong security posture in 2022 and beyond

    Synopsis

    Technology providers must become more proficient at developing intrinsically more secure and resilient technology, designed with the foresight on how these devices will connect into networks that are likely crawling with hackers.

    cyber-security-agencies
    An intrinsic security approach results in technology that’s less likely to have security bugs, but also that fails with fewer consequences when vulnerabilities are inevitably discovered.
    The security landscape in India has seen a remarkable shift as the increased rate of digitization has created a potential cybersecurity vulnerability, notably as employees continue to spend more time on their devices. A recent report released by PwC, states that about 80% of Indian organisations are likely to increase their cybersecurity budget in 2022. With the rapid acceleration of digital technologies, organizations must solve these three key challenges to achieve cyber-resilience.

    Workforce gap
    As many organizations start considering cybersecurity as a key business function, there is also a need for them to have a robust team of skilled personnel. According to the World Economic Forum (WEF), globally, there is a deficit of 3 million cybersecurity professionals.

    Organizations working to fill their security hiring needs may consider transitioning interested employees from non-traditional security backgrounds like risk, IT, data analytics or engineering roles into security positions. These individuals can build upon the foundation of their existing roles with focused security training. More broadly, as a long-term strategic priority, organizations must also routinely educate their employees on the best cybersecurity practices to follow while working remotely.

    Vulnerability management
    Too many organizations also have a difficult time effectively managing their vulnerabilities. This begins with organizations having awareness of what technology they have deployed and are dependent upon to function - often via an asset inventory system - and then finding and fixing misconfigurations and other security vulnerabilities in those systems promptly. While IT governance processes such as asset inventory and patch management are simple in concept, we as an industry tend to struggle with these basics -- and hackers continue to capitalize.

    The discussion around asset inventory must extend beyond IT managed systems to anything plugged into corporate networks, as well as third-party cloud services that organizations depend upon. Further, the discussion around patching should focus on patch speed and prioritization. This has become crucial because it commonly takes weeks, if not months, for organizations to patch vulnerabilities, yet hackers commonly exploit vulnerabilities within hours or days of their publication. It’s imperative to know what technology the company has at all times in near-real-time and to find and patch vulnerabilities within hours. While this level of excellence exceeds industry standards, organizations need to practice this effectively to defend against today’s threats.

    Lack of security integrated tech designs
    At the heart of many vulnerabilities are technology systems that were not designed with security in mind. They often use inadequate design and development practices. This issue further intensifies as the number of companies developing technology explodes with the digitization of “smart” product lines across every sector – from appliance companies to watchmakers.

    Technology providers must become far more proficient at developing intrinsically more secure and resilient technology, designed with the foresight on how these devices will connect into networks that are likely crawling with hackers. An intrinsic security approach results in technology that’s less likely to have security bugs, but also that fails with fewer consequences when vulnerabilities are inevitably discovered. Additionally, with this approach, organizations can reduce the need for multiple security tools that they are forced to run.

    As we continue to navigate the highly technology-driven era, the interplay of these three fundamental security areas will help organizations realize the full potential of this opportunity.

    (The writer is Senior Director and General Manager, Client Solutions Group, Dell Technologies, India)

    (Disclaimer: The opinions expressed in this column are that of the writer. The facts and opinions expressed here do not reflect the views of www.economictimes.com.)
    SIDBI MSME Conclave 2024 |Register Now.
    ...more
    SIDBI MSME Conclave 2024 |Register Now.
    ...more
    The Economic Times

    Stories you might be interested in