In a world where everything is on the Internet, one of the most difficult tasks of security organisations is assuring the safety of our data. Ransomware, phishing assaults, malware attacks, and other cyber security concerns are rising every single moment and individuals, businesses, as well as governments, are all concerned about this threat.
According to the data analysis platform Statista, over 3.8 thousand government services were offered online in India in the fiscal year 2021, while CLSA’s report has estimated that the value of digital payments in India would more than triple, approaching $1 trillion in FY26 from $300 billion in FY21.
These numbers demonstrate the size of the cyberspace that India must protect at a time when the country is moving ahead with the Digital India campaign and the Reserve Bank of India is planning to launch Central Bank Digital Currency.
Additionally, it is noteworthy that the increased usage of the internet of things (IoT), cloud applications, digital supply chains, and remote work have led to an increase in cyber dangers for organisations around the world as well as in India.
To understand the threat level and the issues today’s organisations have been facing, News18 talked to Ranganath Sadasiva, Chief Technology Officer (CTO), Hewlett Packard Enterprise (HPE) India.
Growing Cyber Threat
According to Sadasiva, the cloud has become the cornerstone for the introduction of new technologies and innovations. As these technologies mature and are used by businesses, they will have a greater impact on cybersecurity.
He said: “The primary cause of these challenges is that today, data lives in more places than ever before. At any given point, organisations are storing huge volumes of precious information across on-premises, public cloud, private cloud, and other SaaS applications which can prove to be increasingly complex.”
“This move to the cloud and edge has created a serious challenge for IT organisations in the form of data silos which is one of the biggest obstacles to data protection. This data may become siloed because of location, data type, data owner, and many other factors,” Sadasiva further added.
While citing a global IDC study, which was sponsored by the HPE’s company Zerto, the HPE CTO stated that
organisations commonly deal with 14 to 20 different silos.
“Siloed data leads to labour inefficiencies, inconsistent data management and governance policies, redundant and costly toolsets, and greater risk of attacks on data and data loss,” he said while adding that these silos also stymie an organisation’s ability to effectively leverage data because of the data management barriers between silos.
However, the same IDC study also revealed that 56% of firms had an unrecoverable data event over the previous 3 years, 84% had been targeted by malware or ransomware in the previous 2 years, and 91% had had a technology-related business disruption.
Sadasiva said: “While these statistics are alarming, they illustrate the need for modern data protection solutions to address the increasing and evolving threats. Hence, the need of the hour is a comprehensive Cyber Protection strategy that is dynamic and always evolving for organisations who need to protect our data.”
Modernizing Data Protection
The HPE CTO stated that the volume and diversity of threat vectors (the steps that someone takes to get access to a device so they can exploit that vulnerability) rise along with the work needed to maintain regulatory compliance as digital assets become more valuable and, in some cases, essential to a company’s success.
As per Sadasiva, even though organisations now take every precaution to protect their data and make mission-critical applications highly available, hardware malfunctions, power outages, and natural disasters still cause downtime.
What makes the problems worse is the fact that there is an increasing risk of sophisticated malware and ransomware assaults.
According to him: “Despite the potentially severe consequences of data loss, IT organisations are spread too thin and are too burdened with outdated technology to meet their data protection needs,” he added.
“Therefore, it is imperative for businesses to adopt a modern approach to data protection, not only for reducing the business risk but also to accelerate IT operations that further strengthen the business,” he said.
The industry expert also noted that conventional legacy backup appliances, as well as techniques, aren’t designed for the dynamic, distributed business environment of today and they take a lot of time and money to manage.
While explaining it he said that they demand upfront CAPEX and expensive overprovisioning and are difficult to scale to meet changing needs. Additionally, they frequently lock the company’s data so that it may only be accessed in an emergency.
“Hence, to cope with the changing IT landscape, businesses must adopt modern data protection solutions that are simple, flexible and cost-effective. A robust data management system helps organisations remain compliant and gain greater visibility to defend against attacks,” Sadasiva added.
However, according to the HPE India CTO, the hybrid cloud solutions provide more options in data security as it enables enterprises to select the location of their data and workloads based on compliance, policy, or security concerns.
He further stated that businesses can store their most sensitive data in on-premise data centres that are difficult to attack by malicious actors and simultaneously, they can use public cloud storage to process and analyse less-sensitive data quickly and easily.
Additionally, the hybrid architecture enables security teams to standardise redundant cloud storage, which is critical for disaster recovery and data insurance.
As per Sadasiva: “A hybrid cloud’s centralized management makes it easier to implement strong technical security measures such as encryption, automation, access control, orchestration, and endpoint security so you can manage risk effectively.”
Ensuring Safety Amid Digitisation In India
The industry expert said: “Today’s threats and vulnerabilities require business operators to take a highly systematic and strategic approach to security.”
This, according to Sadasiva, entails identifying and prioritising the protection and defence of their most valuable assets, which include their customers, data, and revenue streams, as well as the IT infrastructure and systems that require dedicated, capable cyber defences.
“Through awareness training, organisations often check the box for a compliance requirement, however, most compliance requirements do not ask the key question: How effective is the program?”, he noted.
The HPE India CTO then stated that “Individuals have different learning preferences—traditional self-paced, web-based training; ‘listen to an expert’; ‘live action’; ‘host-led animation’; ‘interactive’; ‘gamification’; and more”.
Therefore, according to him, it’s important for organisations to deliver training that provides awareness to reflect the way the organisation looks at and deals with cybersecurity.
While talking about how HPE helps organisations to defend against and recover from cyber threats and cyberattacks, Sadasiva said that the company has the resources, information, skills, abilities, and expertise to assist organisations in developing a successful cybersecurity awareness programme.
He also stated that HPE provides cybersecurity certification courses from some of the world’s most reputable names, providing aspiring cybersecurity professionals with a thorough education on cybersecurity concepts and good foundational training.
Sadasiva believes that the current priority in India is a strategic imperative since data is essential to operate in this new digital economy.
“To effectively exploit data while protecting against data loss and ransomware threats, organisations must modernize data protection from edge to cloud — simplifying operations, aligning infrastructure to actual use, and shifting from insurance to insight,” he suggested.
According to him, companies today are heavily investing in security through money and skill, but they must still guarantee that they avoid common mistakes that lead to data breaches.
“Some very common mistakes that we have observed include poor management of access credentials, little or minimal security awareness training, reliance on silver-bullet security solutions among others,” Sadasiva noted.
He then suggested that leaders should aim to ensure that their firm has a strong and continuing security awareness training programme to assist avoid frequent security blunders.
As per Sadasiva, they should ensure that any partners that have access to their networks keep it as secure as they would want their own business to keep it.
“Lastly and most importantly, security is not a top-up. It should be integrated into the earliest stages of design and development,” he added.
Legal Architecture
However, when it comes to defence mechanisms, the government was expected to introduce India’s Data Protection bill in the parliament during the monsoon session. But then, the government decided to withdraw the bill and replace it with a new ‘comprehensive legal framework’, as well as ‘contemporary digital privacy laws’ for regulating online space.
Many industry experts, who have been waiting for four years for this bill, reportedly expressed their disappointment after they came to know about the government’s latest decision.
Meanwhile, HPE India’s CTO told News18: “While we are expecting the newer version of the Data Protection bill to be reintroduced by the government, I expect this bill to keep abreast of the current challenges and technologies to avoid an isolated and non-comprehensive approach.”
Additionally, Sadasiva said: “The revision of the Data Protection bill should ideally address concerns of individuals and businesses with regards to data management and related authority. Having said that, reviewing and reappraising the bill at regular timeframes will be key.”
Read the Latest News and Breaking News here