Indian CEOs high on breaching information security protocols

Rampant adoption of Internet of Things means number of vulnerable devices at risk will also rise

Eighty three per cent Chief Information Security officers (CISO) in India believe that their CEOs have breached information security protocols, says a new Symantec survey. On a brighter note, more Indian companies are encrypting their cloud data than the global average, said the report.

The survey covered 100 CISOs across India and 1,100 CISOs globally. Tarun Kaura, Director - Product Management of Symantec (Asia Pacific) says, "Tracking unsanctioned applications and the visibility of data within the cloud is a major challenge for enterprises."

Kaura added that WannaCry definitely wasn't the biggest attack in the recent past ranking the Dyn network attack that crippled Netflix and Twitter as well as the cyber heist of Bangladesh's central bank last year much higher on the scale. "WannaCry came at a time when people were a lot more aware and it affected people in multiple industries which is why it received so much focus, " he said.

A study by the Cloud Security Alliance (2016 November) mentioned lack of industry standards and ineffective costing as the major deterrents of cloud adoption across industries in India. However, industry experts say that with RBI and IRDA already announcing compliance requirements with respect to cloud data one can expect more regulations to follow suit.

"The advent of smart phones has changed the way we consume data. It has also made it difficult to keep track of it as internal IT teams cannot track what employees do with confidential data on their devices," added Kaura.

With an increasing number of organisations moving to adopt Internet of Things across their businesses the number of vulnerable devices at risk will also increase.

Cloud-based ERP service provider Deskera has been focusing on small to medium size businesses as there target market. Deskera CEO Shashank Dixit said in a note that the company has seen 100 per cent revenue growth over the past three years as smaller companies break free from the constraints of having on-premise setups.

Dixit foresees hacking as a major threat. "Hackers use social media sites such as Twitter and Facebook to break into computer networks and extract sensitive information. One reason people are particularly vulnerable to social hacking is because they are more likely to consider themselves among friends on social media sites, so their guard is down, " said Dixit.

"While security is an important factor when considering cloud technology, more common concerns are around the general enterprise adoption and training. Companies want to make sure the technology they select is well integrated into their overall systems and that their teams are well-trained to use the new technology, "said Dixit.

Symantec's report also states that the biggest threat to cloud security in 2017 will be staff's non-compliance to security measures according to CISOs. Consequently,  the planned spending on staff compliance training has increased to 93 per cent up from a mere 39 per cent in 2016.

IBM Integrated Security Leader Kartik Shahani says," Security as a practice takes some experience. Teaching people to identify threats are the need of the day." IBM predicts a requirement of 3 million cyber security professionals across India in the coming years. The company is looking at providing programs that will start teaching security knowledge at school level in the future and has already flagged off a similar initiative in USA.

IBM has also partnered with networking giants CISCO and aim to eliminate compatibility issues between security and networking applications through the partnership.