According to a research done by Ponemon Institute and sponsored by IBM Security, the global average cost of a data breach in 2020 has been estimated to be $3.86 million. This shows how grave the information security concern is. Hence, threat management has become an imperative for businesses across industry verticals. To understand how threat management has been evolving and how a unified approach towards it can help enterprises, CIOReview India organized a webinarin partnership with IBM and SISL Infotech. IBM and SISL Infotech as partners have been helping enterprises safeguard their business with a unified approach towards threat management.

To discuss the topic, we had several eminent guests on the panel.

• Dr. Lopa Mudraa Basu, Ex. Global Head  Cyber Security Risk Governance & Compliance, Nissan Motor Corporation
• Tusnin Das, GM- Security, Times Internet Limited
• Anuj Singh, Head of IT at Fena Private Limited
• Vipul Anand, Practice Leader - HiTech IT, at Praxis Global Alliance
• Gagan Sugandh, Technical Sales Specialist, IBM Global Markets-Cognitive Solutions, IBM
• Asheet Makhija, Head - Global Delivery & Service Excellence, SISL Infotech

Excerpts from the discussion:

Moderator: How do you see the evolution of Threat Management in the recent past? How has the adoption of new technologies contributed to its evolution both in terms of expanding the threat landscape and empowering enterprises with new capabilities?

Dr. Lopa Mudraa Basu:

Today, the attacks have become more sophisticated, more organized, sector specific or geography specific, and there is a clear objective behind those attacks. It is a continuous process wherein enterprises need to defend themselves.The attacks are now more integrated with the business and customized. The human element is also very important which is being exploited with technology. To address this challenge, the strategy is changing.

Traditionally, we used to have a defined boundarywhich had to be monitored but today we are following a proactive approach in security operations. We are looking at the threat intel and zeroing in on the areas that might be at stake. Instead of securing the perimeter, we are now safeguarding the channel through which we are conducting the business.

 Also, it is important to focus on the basic hygiene that is patching, identifying internal technology risks and mitigating them before hosting.

Tusnin Das:

Threat landscape is a dynamic landscape and it is changing very fast. Traditionally, an attack would mean an attack on the network but then the hackers realized that it is easy to attack applications as these are most vulnerable. So, there was a shift from network to application layer.Then they realized that if they were able to exploit one of the open source components, they could affect multiple applications. So, it is always shifting with the advent of new technologies. There are several aspects to it.

 Firstly, the usage of mobile devices has significantly gone up and protecting them is a huge effort. Cloud computing is another area where we have to secure the hybrid architecture.And we are also seeing a significant development in the DevOps area and our security needs to keep up with the pace of development.

As for the advancements, we have progressed in the areas of data processing, virtualization, and threat intelligence.

Anuj Singh:

With the evolution of technology, we have moved from single system to network system and then to well-connected multi-location cloud systems and mobile devices. While the threats have evolved, the organizations have also become more awareof the cyber security concerns in terms of business and IT strategy.

The budget allocation for security has gone up considerably and businesses are actively strategizing to address the security challenges.

Vipul Anand:

We need to understand how a cyber-attack can affect an organization. An attack can either be caused by a technical fault in the security system or it could be a human error. As cyber-attacks are continuously evolving, you have to keep upgrading your security system.

 You must identify the risks as early as possible and keep growing the awareness and select the right tools to address the issues.

Gagan Sugandh:

Security today is a part of board level discussion and is no longer just the CISO’s responsibility. Security is one of the top five priorities for organizations today. The threat landscape is changing with new technology adoptions which are bringing new levels of risks that might be hidden.

Over the last couple of years, organizations have realized the need for next level of technologies which can look into threat management more seriously and beyond the traditional tasks like SIEM (SecurityInformation and Event Management). These technologies like AI/ML which were good-to-have a few years back, have now become the need of the hour.Also, the implementation of these technologies is equally important; just doing the investment would not suffice.

Continuous assessment of those technologies along with the training of the resources who are going to use those technologies is imperative.

From the threat management perspective, there are three pieces – People, Process, and Technology. We need to ensure that all three are taken care ofand that all three are aligned with the business objective of the organization.

Asheet Makhija:

We have come a long way in terms of our approach towards information security. Today, when we as system integrators talk to the customers, it is no longer an IT discussion. It is because any breach is no longer just a problem for the technology team and it can have a severe impact on the brand image of the organization.

Today, the maturity level of organizations is far more than what it used to be. Data processing is an aspect that is of major concern and CIOs are asking about the AI/ML model behind it, and how it will improve the process over a period of time.

Although it is still not sufficient, we are seeing a much higher level of awareness amongst the employees. Today, organizations are taking steps to educate their employees. We have for example done a lot of sessions for our employees as they are working from home. With the BYOD proliferation, there is a lot of information that has to go to employees in terms of their conduct.

Moderator: How do you see the information security concerns in the automotive sector? What are the major challenges faced by CISOs in the automotive industry?

Dr. Lopa Mudraa Basu: For the automotive sector, cyber security is a high risk area because software vulnerability inside a connected car can pose threat to life. Protecting the Intellectual Property is also a major challenge as an automotive company invests heavily on R&D. Automotive industry is an extensive adopter of cloudand also robotics is used very frequently. The robotic equipment is connected through a channel with IoT which can be adversely affected by cyber threats. Then there is a security concern pertaining to the supply chain and lastly the end-point security and the human aspect of it.

Moderator: What are the major challenges in securing internet based digital products? How should information security heads strategize to address them?  

Tusnin Das: A media house needs new features every day and it has to be up to date with its technology stack. Its primary challenge is to protect the applications that are its assets. To ensure security, a cultural change is required which can only be driven in an inclusive way by being a part of the team. 

Moderator: How is the manufacturing industry coping with the information security threats? What are primary challenges in addressing them? 

Anuj Singh: Most of the manufacturing organizations are prepared with the basics such as the policies and processes like UTM and antivirus but still we have not reached the level where companies in the some of the other sectors are. After the advent of pandemic, cyber security has gained paramount importance owing to the work from home scenario. While implementing BYOD policy, ensuring privacy is a big challenge.

Moderator: As the IT Head of an advisory and consulting company, what would you say are the major information security concerns of businesses?

Vipul Anand: A lot of our clients want to know how we can make them capable of analyzing their cyber security threats by using advanced analytical tools. A lot of organizations are investing in analytical cyber security solutions. With adoption of edge computing, you are going to lose control of your compute environment in the days to come. Hence, organizations should move to analytical way of securing their organization from cyber threats.

Moderator: How the threat management challenge can be addressed by a unified approach? How can enterprises adapt to this transition?

Gagan Sugandh: Threat management is an approach to detect and respond to the threats that are emerging for an organization. They should be specific to the threat actors that are targeting the organization. The first stage is to identify those threat actors, define the use cases, define the tools and techniques that the attackers are going to use, and then build the threat management strategy around it. While building the strategy from a security operations perspective, definitely you need to have a SIEM in place which can do the collection of the logs and do multiple correlations running across it, right from the statistical up to the anomaly based correlation, in order to identify the threat patterns that are directly being given as information from the preventive technologies.

Next stage which you can’t ignore is the user piece of it. ‘People’ is going to the most critical piece of any organization and checking the behavior around those people is much more important than the preventive technologies. By using machine learning, the behavior patterns of the users can be identified. It is not just about looking into the standard patterns that have already been identified by the preventive technologies. It is about understanding how the insiders are behaving within the organization. The strategy should be to look into multiple threat patterns and to achieve a consolidation for the security analyst to have a unified view. Without a unified view, they will be hopping between different point solutions and won’t be able to make an informed decision.

Hence, the need of the hour is to have a unified solution which can look into these components, give a granular view in a centralized console mentioning the important issues that need to be addressed.The need is to look beyond the security controls that we have already adopted and leverage new technologies such as AI/ML.

Moderator: What are the major challenges in ensuring effective and end-to-end implementation of threat management solutions? How can they be addressed and how can the ROI be realized?

Asheet Makhija:The first and foremost thing to do is to set the priorities. One has to figure out the priority areas – whether it is database or applications or third party access or mobile workforce. Once the priority is set, one has to assess the current infrastructure and processes. Then one has to envision how much can be achieved in what amount of time, followed by passing on of the skills by the implementer.

Benefitting from the insights of the panelists, the attendees were able to assess the maturity of the cyber security posture of their organizations and identify several security issues within their organization that resonated with the points covered during the discussion. 

To know more about the threat management solutions provided by IBM and SISL Infotech, please visit:

IBM Security MaaS360

IBM Resilient Security Orchestration, Automation and Response (SOAR)

IBM QRadar SIEM

IBM Cloud Identity

IBM Security Guardium Data Protection

SISL Security Risk Management, Monitoring, Analysis and Reporting