NEWS

CDS 2023 raises the bar for deliberations on ChatGPT and cyber resilience

By VARINDIA - 2023-03-01

The 7th edition of cyber and data security summit 2023 was held recently that saw participation from cybersecurity leaders and subject matter experts from the judiciary, industry, and the corporate world and also senior police officers. The leaders came together to address the cybersecurity trends and threats, while also deliberating on how the coming year is going to be and how the leaders have to prioritise things for their respective organizations.

The event kick-started with the welcoming of the distinguished dignitaries and esteemed guests. Dr. Deepak Kumar Sahu, Editor-in-Chief, VARINDIA welcomed Dr. Gulshan Rai, Former Cyber Security Coordinator, Government of India; Dr. Pavan Duggal, Cyber Law Expert and Mr. Dinesh O Bareja - COO - Open Security Alliance with floral bouquets.

The event then proceeded with the lamp lighting ceremony in the presence of the august guests - Dr. Pavan Duggal, Cyber Law Expert; Mr. Dinesh O Bareja, COO - Open Security Alliance; Dr. Gulshan Rai, Former Cyber Security Coordinator, Government Of India; Mr. Parikshit Gangaher - Systems Engineering Manager – Fortinet; Dr. Harold D’costa, President –Cyber Security Corporation; Major General (Dr.) Pawan Anand, AVMS (Rtd.); Mr. Sanjay Kaushik, MD - Netrika Consulting; Dr. Deepak Kumar Sahu, Editor-in-Chief, VARINDIA and Ms. S Mohini Ratna, Editor-VARINDIA.

Dr. Deepak Kumar Sahu, Editor-in-chief- VARINDIA presented his welcome speech by touching upon some important developments taking place in the country’s economy. Welcoming everyone, he said, “The march of digitalization continues even amidst disruption, and technology providers have a leading role to play. First of all we must complement all the technologists and technology evangelists for starting their initiatives towards ‘Make in India’, which has become the cornerstone of the country’s ‘Atmanirbhar Bharat’ ambition. The PLI Scheme is a powerful engine to enable that and so the success of the PLI scheme in IT and Telecom cannot be overestimated.”

The welcome address was followed by insightful presentations, panel discussion sessions, and a Fire-side chat session, where experts delved upon the cooperative approach enterprises need to adopt, and what the future of cybersecurity is like. CDS 2023 witnessed the inaugural address from Dr. Pavan Duggal, Cyber Law Expert. Industry expert Mr. Dinesh O Bareja - COO - Open Security Alliance spoke on the theme on how to Secure Digital India. The key-note address was delivered by Dr. Gulshan Rai, Former Cyber Security Coordinator, PMO Office, Government of India.

The guests also had the privilege to listen to industry experts like Ms. Khushbu Jain, Managing Partner- Ark Legal; Mr. Parikshit Gangaher, Systems Engineering Manager – Fortinet; Mr. Mohit Puri, Country Manager India/SAARC – Sonicwall; Mr. Dinesh Kumar, Product Manager – Technobind; Mr. Krunal Patel, M.D. (India)- Safebreach; Major General (Dr) Dilawar Singh, Chief Advisor-Indian Centre for Inter Disciplinary Studies in Science & Technology & Advisor – DRDO; and Mr. Ravish Shridhar, Regional Sales Manager – Varonis.

In the evening session Lt. Gen Rajesh Pant, PVSM, AVSM, VSM (Retd.), National Cybersecurity Coordinator, Prime Minister’s Office. Govt. of India offered the Keynote address and Mr. Rajaendra Kumar Pillai, Founder, President- AIIPL Tech addressed the delegates with his thoughts on the current state of cybersecurity in the country, while As part of the corporate presentations, Mr. Navin Mehra, Regional Leader (Cyber Security) - Cisco India & SAARC shared his company’s vision and roadmap.

Geo-politics has a direct impact on cyber space

“The scenario of the technology is like an egg, when an egg hatches, cracks appear on it while breaking up into two halves. When we see weaponization of technology taking place globally, and the weaponization of inter-dependence, which some countries have resorted to, then that is where this world is splitting up into two. And this geo-politics has a direct impact on cyber space. This is something which we understand when we say that cyberspace is borderless and inter-connected, but the direction in which things are moving, this could be what we can call as splinternet. Another name given to this is the Balkanization of the internet. Russia has already practiced that. If the pipe of the internet is cut, then how the ‘.ru’ domain continues, with other countries also practicing that. India has also got a plan for it but this is something we have to bear in mind that unfortunately, that is where geo-politics is driving us. Another aspect in the international scene is that international laws and regulations are not supporting cybersecurity. Firstly, there is no international law, but a Mutual Legal Assistance Treaty (MLAT) is taking a very long time to come out with a ruling. In the United Nations, there are a group of governmental experts UNGGE which are tasked to create norms for responsible behaviour by states in cyberspace. This was created in 2002 and you will be surprised to know that it took them 20 years to come up with 11 non-binding norms which states should follow. So there are many issues when it comes to an international forum like this. There was a very good document a few years back called the Tallinn Manual (Tallinn 2.0 is also out now) which gave out very good definitions of some of the terms used in cyberspace but no one is talking about it now.”

Lt. Gen Rajesh Pant, PVSM, AVSM, VSM (Retd.),
National Cybersecurity Coordinator, Prime Minister’s Office. Govt. of India

“We have moved from Digital Transformation to transformation in the digital technology”

“Since the time we wake up in the morning till sleeping at night, all of us keep surfing the internet. Everybody is talking about ChatGPT. We are all implementing, accessing, and using the ChatGPT version 2. How many of us know the size of the data file of ChatGPT version 2? It is 50 terabyte kind of a thing. So can you imagine what the size of ChatGPT 3 is going to be? It will be a 300 terabyte file. If you look at ChatGPT, according to yesterday’s news, Google lost $100 billion in a market because their ChatGPT equivalent BARD gave an error. Data was the issue. Are we talking about Digital Transformation? So we have moved from Digital Transformation to transformation in digital technology, in my view. Now in this digital transformation the issues are altogether different. The volume of data that will come up is mind boggling. We need humans only to plan but we need machines to solve. When you talk about ChatGPT or BARD, you are not dealing with one technology but dealing with convergence of technologies. They have built AI engines, Big Data, data analytic tools, they are securing the data also because of the large size of the data file, and communication is also there as millions of users are accessing these. So issues are going to be very complex.”

Dr. Gulshan Rai
Former Cyber Security Coordinator, PMO Office, Government of India

Cyber criminals leveraging ChatGPT for innovative cyber-attacks

“There is no denying the fact that India, since the last seven years has actually seen phenomenally leapfrogging into becoming a digital nation. The Digital India program has been the significant transformative program in the history of independent India. And, now thanks to COVID that every Indian is using data in electronic form. We have some distinctions – we became the most populous nation of the world with 1.4 billion people and we have challenges because we are the biggest market. Therefore, the enclosure of globalization is on us. The Digital India program in that way has in retrospect really prepared India to come to this catapulting position where we can read the world globally as far as the entire issue of the digital ecosystem is concerned. India is known globally because of our strong focus on electronic governance. The kind of governance we have today where the governance actually knocks on your doorsteps, gives you an example of where and how the electronic ecosystem is currently going.

ChatGPT is a language program and does not have the ability to predict the future. Based on what India has done so far it can recommend a few things. So clearly if an Artificial Intelligence program can actually suggest to a country what it needs to be done then I think the time has come we really need to do far beyond what we are talking about. Criminals have started using ChatGPT for coming up with new innovative mechanisms, frauding people and they have developed a new malware strain on the darknet. Specifically in the context of ChatGPT, somewhere down the line as I need to protect Digital India I am concerned about protecting the security, sovereignty and integrity of India."

Dr. Pavan Duggal, Advocate, Supreme Court of India, Chairman, International Commission for Cyber Law, Cybercrime and Cybersecurity and President, Cyberlaws.Net

Organizations must emphasize on cyber awareness

“The three paradigms in cybersecurity are People, Process and Technology. The first problem is people. One fine day the government said that there is a scarcity of people which has climbed up to 5-10 lakhs today and it is growing. The problem which I have is what are we doing about it? For me the benchmark of Indian cybersecurity is the IT Act of 2000. Today, we are in 2023 and we are still talking about that. We are doing things but for how long? Cybersecurity is like a game and we need to be prepared for it.

Cyber awareness is one area which is the smallest number on your budget. It is one area which is given to your HR and Training department for which every training is a cost but it is the first thing to be axed. And it is the most important thing for the user to know how and why things go wrong and also what he should do when things go wrong. Then we talk about capacity – where will the people come from? The young generation is our hope. But what have we done to nurture our hopes and make them strong? We need a real league of young men and women. We need to nurture them and bring them up. We need the government to provide money to institutions to buy software and hardware. Next problem is Process. We have very impressive statistics as far as FIRs and reports of cyber-attacks are concerned. But as we all know, what we see is 20% of what actually happens. I do not understand why we are late as far as regulation is concerned.”
Dinesh O Bareja,
COO, Open Security Alliance

Government is doing a lot of things to address the issue of cybersecurity

“The government has done a lot of things to address the issue of cybersecurity. This includes the creation of the cybercrime Prevention against Women & Children (CCPWC) scheme, Forensic cum training laboratories, and hiring & training of junior cyber consultants. Cyber forensic cum training labs have been commissioned in 28 states. The government has also taken steps for spreading awareness about cyber-crimes by issuing alerts & advisories, capacity building, training of law enforcement personnel, prosecutors & judicial officers, and improving cyber forensic facilities. They have launched the National Cyber Crime Reporting Portal, created by CERT-In, published security tips, and issued guidelines for CISOs. All the government websites and applications are audited with respect to cybersecurity. CERT-In has empanelled 97 auditing organizations to support and audit the implementation of the information security best practices. The whole idea is to convey that a large amount of work has already been done by the government. But the one crucial thing which is very important is Intelligence. Unless and until you have the correct and complete intelligence of the people who are going to carry out these cyber-attacks, you are never going to complete your task. There is an urgent need to create both human and digital capacity for Intelligence creation which gives you the inputs well on time. For that one needs to have a cyber-strategy with a clearly laid out cyber policy and plan. Equally essential is the implementation of those strategies and close monitoring. I have seen organizations having a clear strategy or policy but somewhere the implementation waivers because they carry out the audit once in a year. The kind of era that we are living in today, the threat landscape is constantly changing. There are threats that have been designed to take place after two years or after six months. These threats have been designed to be put behind layers so that one cannot reach the original fellows behind the action.”

Major General (Dr) Dilawar Singh,
Chief Advisor-Indian Centre for Interdisciplinary Studies in Science & Technology and Advisor – DRDO

We need an ecosystem for building the future emerging leaders in cybersecurity

“In the world of technology today, what is very important is cyber expertise, to have a cyber-force and to have cyber doctors. What India along with the rest of the world will require in the coming years is a cyber-army. When the Covid attacked us three years back, because of lack of intelligence we had only the mask to shield us against this virus. But as we became intelligent on this subject, we came out with the vaccine to eventually overcome the virus. There is no difference between the covid that brought the world to a standstill and the present cyber war. We need an ecosystem for building the future emerging leaders in cybersecurity. Every organization will need many engineers, cyber professionals to build up their capacity to address the issue of cybersecurity. Unfortunately in India, there is no structured system of cyber education yet; the reason being if you are a civil engineer, you are being taught by a civil engineer, if you are a mechanical engineer, you are being taught by a mechanical engineer and so on. The education system has today gone a little haywire because of the MKS – Mouse, keyboard, screen (phrase coined by me). How can the cyber army be prepared through this MKS? It is like making someone a doctor without even touching or looking at a patient. It is the need of the hour to look at the curriculum and the education system, because the cyber world and the cyber threats are so rapidly changing. Today the world superpower is decided on the GDP or the money power of a country. But in future, the world superpower will be recognized in terms of which nation has the defence mechanism or weapons in the cyber domain.”

Rajendra Kumar Pillai
Founder, President- AIIPL Tech

The new Data Protection Bill is based on the nine principles of privacy

“20 years ago none of us spoke about data privacy. We as Indian citizens have never thought about data privacy. More so we wanted to be available on the internet that people should search and things should be available on the internet. But with time the way data has become important and how the usage of data became instrumental in every aspect be it for good or bad purpose is where countries across globe including India realise that there has to be a framework. Right to privacy was never considered a right in the Indian constitution. In the world where we need data and companies cannot work without data, then we realised that there has to be a framework and it has to be for both – for a person like data principle at the same time a framework that talks about for the data fiduciary for the companies who collect the data. What exactly are the nuances, what are the regulation they have to confined with when you talk about collection of data. With the judgement that came by Justice B N Srikrishna Committee, from there came the aspect of the framework and we saw the 2019 Data Protection Bill which is yet to see the light. With that Bill till 2022 we saw numerous amendments and suggestions that the Bill has gone through so much so that more than 100 amendments were made. It was more ideal that the Bill will be recalled and a new fresh Bill incorporating all the suggestions and amendments come in place. That is why in 2022 we saw that the new Digital Data Protection Bill was introduced which is yet to be passed and open for consultation. That Bill is based on the nine principles of privacy which are recognised globally.”

Khushboo Jain
Managing Partner, Arc Legal

Data moving across in the form of IoT and mobility

“We have been seeing threats, breaches, which are increasing in terms of frequency, sophistication and severity driven by high profit ransom payments. Threat perspective which has changed year on year, starting from Trozan in the 80s-90s, then sophisticated spear fishing, and now current DDoS and supply chains has been affected and it is limitless. To prepare for the unknown, we are implementing new strategies that are cyber resilient. Data is the currency of business now, data is important for a business to run. Data is moving across in the form of IoT and mobility, accessing data across wherever you are. Without data your business will be affected. If you are affected by any attacks and you are not able to access your data, then your business is affected and can shut down your operations, hefty regulatory fees and brings out losses of reputation as well. Cyber resilience empowers your business to maintain your operations and phase of evolving unending cyberattacks. I would like to bring forward our threat intelligence platform that is BrightCloud. It works on your data workloads from your endpoints perspective, servers and hyper hybrid workload prospective as well, which works on a bucket plugged into DNS production and security awareness findings are also provided with that. This is an open text security platform solution. BrightCloud 2023 Threat Report is coming soon in which few observations are mentioned that we have done in the past 12 months.”

Dinesh Kumar
Product Manager, Technobind

Every new process, technology, or change that is made should be secured

“I am very passionate about bringing innovation to India. This is my third assignment in the past 10 years that I am working with a very innovative company, which is in the cybersecurity space, and helps enterprises to be ahead of their adversaries. It is very important for us to know our enemy and one of the ways to know our enemy is to become our enemy. We have always thought to be connected with what the adversary will be thinking. That is where Safebreach can be a very helpful platform for you. The company was founded in 2014 out of Israel, by Guy Bejerano and Itzik Kotler. They set out on a journey to find answers to a very first principle question “How risk free we are”. With this principle thinking they set on a journey to create a product where we would leverage a hackers’ mindset or a hackers’ tool to basically reinforce our cyber defence.”

Enterprises across the board, whether it is India or anywhere in the world where industry leaders have common challenges when it comes to cybersecurity. The first and the number one enemy, which you find on a day to day basis, is not hacker, it is actually its complexity. The complexity that is getting added because the attack surface is increasing and digital transformation is at its peak. Every new process, technology, or change that you make, requires being secure and gaining visibility across the board or the entire security posture becomes the number one challenge.”

Krunal Patel
M.D.(India), Safebreach

Sonicwall’s contribution in reducing Dwell Time is intriguing

“There had been a lot of challenges during the pandemic; there was proliferation of devices, pervasive clouds, sensors everywhere and the threat landscape expanded. There were a lot of startups which came up and which did not have appropriate cybersecurity in place. Obviously, those organizations were easy targets for the hackers and the dark web. They were all struggling and we had a big problem in our supply chain. People were working in remote offices. All the problems were there but the best part is we defended it well and we are getting stronger and stronger day by day to face the challenges.

Whenever there is an attack and people are silently getting inside the network till the time those hackers are actually detected and are revealed, that is called the dwell time. The dwell time is the moment from time you silently entered and made a hack till you are actually discovered by the cybersecurity sensor that this guy is now in the system. There was a time in 2011 that the dwell time was 416 days, which was more than a year and now of course, the latest in 2021 has come down to only 21 days, which means that cybersecurity has improved over the last one decade. SonicWALL has contributed a lot in it, which has actually reduced the dwell time from 411 days to 21 days, which is as of last to last year.”

Mohit Puri
Country Manager India & SAARC- Sonicwall

Data is the attack surface that any CISO, CIO, CTO would want to protect

“We talk about Breach prevention, endpoint security, or breach & simulation attacks. But ultimately when you look at your organization today, data democracy is something which you cannot avoid. Any user or employee in your organization needs to have unabated access to any amount of data that they need to have the right amount of business productivity. But with this the challenge that this throws back at cybersecurity professionals like us is while data democratization is needed, it should also have the right channels of protection and governance principles around it that how you can secure the entire context. Data is so important today because of its capability to get monetized for all business benefits. We have these B2B and B2C interactions where we see the R&D or the Innovation departments leveraging data. Data is today getting monetized in ways we could not have imagined earlier. But with this data monetization comes the risk of managing this data most effectively. Organizations a few years back started having on-prem file servers (like Windows, Unix), following which SAN, NAS came into the picture to store data. And then we learnt to evolve into the Cloud. If we look into the whole context of what we are trying to protect in the organization, it is actually the data. Data is the attack surface that any CISO, CIO or CTO would want to protect. All the security controls that we talk about - endpoint, WAF, SIEM, soft controls are ultimately there to protect the data. The most effective way of protecting your data is to have the protection measures at a greater scale rather than the ability of creating the data.”

Ravish Shridhar
Regional Sales Manager - Varonis

Creating a growth ecosystem while staying cyber resilient is becoming the key factor

“The fast pace of digitization has resulted in greater dependency on IT by businesses and this has necessitated the adoption of cybersecurity practices so that these businesses stay resilient. Resilience in the new world has taken up a new shape. Today organizations have become eco-systems – they have suppliers and consumers who are well connected. Their entire business is on applications. And these applications are well connected to various other applications from various other owners. Today there are a lot of disruptions in terms of macro challenges at the organizational level. Organizations have to go through a lot of compulsive adoptive changes, whether it be pricing control, retaining of talent, education of workforce, products and consumer needs in an ecosystem which is very alliance based and so on. In this perspective, to create a growth ecosystem while staying more resilient is becoming the key factor. India’s fast pace of digitization has stunned the world – with its billion people now online, its tech economy is going to reach $1 trillion by 2030. The manufacturing sector is also adopting technology in a big way, while the healthcare sector is another big accelerator in which the government is taking a lot of initiatives. On this backdrop, cyber resilience has become a key factor today for organizations. In the last two years 80% of Indian organizations have experienced a cybersecurity event. CERT-In responded to this by coming out with a very strong guideline and making reporting of cyber incidents within six hours mandatory. Well, this will go a long way in building the cyber resilience of an organization.”

Navin Mehra
Regional Leader (Cyber Security) - Cisco India & SAARC

Fortinet Security Fabric provides broad visibility of network edges

Parikshit Gangaher
Systems Engineering Manager, Fortinet

FIRE SIDE CHAT SESSION With Sanjay Kaushik MD, Netrika Consulting

Greed and fear are the reasons for data breaches and frauds

“Organizations put a lot of effort into putting up all kinds of firewalls, equipment, VLPs etc., they happily invest huge amounts of money on the capex but lack awareness. When you try to make them aware, they just pick up the box, and that is where the frauds and the data breaches happen. Generally there are two reasons, one is fear and another is greed. Due to these two things data breach or fraud is happening majorly. Awareness is an important thing which needs to be created, although the government, RBI, in fact we as a company launched a program with one of the FM channels just before the COVID to not to give the OTP or to use the public WiFi. These are very normal and simple things, especially sitting in this room where everyone is so seasoned in cybersecurity, but still people fall prey to this. During the COVID, things have changed, where computers were shipped back to employees’ homes and he/she was working in his home network.

Piracy is a myth, if you have a digital footprint, everything is compromised. There are only two types of companies or people in this world. One, who knows he is hacked and second, who does not know he has been hacked, as everyone is hacked. As we are innovating to safeguard the corporate data, the national data, we give the example of the AIIMS attack. There was a targeted attack on ICMR websites on a similar day where it was attacked 6000 times but there was no mention of that. Look at the robustness of that particular site and it survived 6000 attacks on the same day.

Risk management is a very beautiful term. When we talk of risk management, we shouldn't be talking of enterprise wide risk management. When we say only cyber risk management can do something, which is not true, we have to do a background check of the people who are coming to our organization. They are our first point of defence. If you are hiring the right people, then you are probably taking the first line of defence.”

Panel Discussion Session - I : Viewpoint on Digital Evidence

India records a poor conviction rate in cybercrimes

Dr. Harold D’costa
President, Cyber Security Corporation

In the last couple of years, during the COVID-19 era, we have seen a lot of cybercrimes which have taken place but most of these cybercrimes that have been registered are yet to get the criminals caught on major cases. In between 2017-2021, in five years Gujarat recorded almost 4,700 cybercrime matters, in half of them charge sheets were filed but the conviction was zero. In Karnataka almost 39,900 odd cybercrime cases have been registered in the last five years. In half of them charge sheets were filed and the conviction was only in 21 cases.

India to take some more time to become use to digital evidences

Anuj Agarwal
Chairman, Centre for Research

Digital evidence is only important in cybercrime, any crime like the so-called traditional crime or cybercrime the evidence will be digital only. If we talk about a chain snatching case then the evidence will be the CCTV footage or any passer-by has taken any kind of photo or video in the mobile. If a crime happens in a Bank then also we will search it on CCTV. Also, to locate the criminals we track their mobiles. In Europe, 60-70% of overall evidence has become digital already. In India the situation is also the same. The only problem is that our agencies as well as the judiciary will take some more time to become used to it because this is something technical and digital in nature and they are not well equipped.

Corporates must maintain log servers

Smith Gonsalves
Director & Principal consultant, Cyber Smith Secure

I see a lot of initiatives taken by the government and things done in helping organizations to quickly respond when an incident has happened. So there is the guideline of six hours reporting for any incident that happens. In corporate we are dealing with the number one attack vector that is Ransomware and in that scenario when a ransomware attack has happened the log servers are very important to know from where what has happened. The worst part is the log servers which need to be maintained by the corporates are not being maintained.

India lacks infrastructure and expertise in cybercrime and cyber forensic

Dr. Ashok Yende
Managing Partner, Yende Legal Associates

We know that in India the conviction rate is poor though the government is trying its best. There are many reasons behind poor conviction rate particularly in these digital evidence cases. In India we enact the law, pass it and then there are so many inadequacies in terms of infrastructure, expertise like there are hardly any police stations that are specialized in cyber forensic. In Tamil Nadu 46, in Maharashtra 43 specialized police stations are there and there are 11 states where there are no police stations that are specialized in cybercrime and cyber forensic.

Law enforcement agencies are not well equipped to solve cybercrimes

Srinivas Kotni
Founder, Lexport

The conviction rate is four percent in cyber offences. The reason is basically related to technology because the law enforcement agencies are not equipped enough with the technologies to unearth and try and get into the bottom of the crime. The perpetrators of the crimes are always up in their ingenious ways to compromise the systems. There is also a general lethargy in terms of grooming and training given to agencies, which is also responsible because they are trained on the conventional investigation strategies.

“Now, almost all the documents in the electronic record are admitted as electronic evidence”

Sandhya F Dokhe
Principal, Siddharth Law College

During 1950 electronic evidence was only confined to tape recording and videography. Electronic record has been submitted as evidence only after 2000 as procedure mentioned in Section 65 of the Indian Evidence Act 1872 and made a certificate under Sub-section 4 of Section 65B of Indian Evidence Act of 1872. Now, almost all the documents in the electronic record are admitted as electronic evidence such as CCTV footage, ATM receipt, Bank statement, e-form, government orders, digital signatures etc.

Panel Discussion Session - II : ‘Challenges in Cloud Security’

The 2nd Panel Discussion was themed ‘Challenges in Cloud security’ and was moderated by S Mohini Ratna, Editor-VARINDIA. The panellists who joined the session were - Ravinder Arora, Global CISO and DPO – Infogain; Anuj Tewari, CISO- TMF Group; Seema Sharma, Global CISO- Servify; Major General (Dr.) Pawan Anand, AVMS (Retd.); and Abhishek Kumar, CEO & Founder, Cybereconn.

S Mohini Ratna, Editor VARINDIA

With the adoption of the cloud comes the need to ensure that

“Every organization has adopted cloud computing to varying degrees within their businesses. However, with this adoption of the cloud, comes the need to ensure that. The organization's cloud security strategy is capable of protecting against the top threats to cloud security. Despite everyone's best efforts, the cloud security threat continues to impact organizations. The cloud providers provide a number of advantages to organizations. However, it also comes with security threats and concerns.”

TPrivacy of data is important
Ravinder Arora
Global CISO and DPO-Infogain
“When we are moving our infrastructure applications in the cloud, it is more like giving our home keys to someone else to manage that with the stuff inside. Being a CISO, I think that is the responsibility of the cloud service provider. At the end of the day during an incident and data leakage, the accountability still stays with the organization who is the data custodian. At the end of the day we are the data custodian. One important challenge which I personally faced being a part of Infogain is that monitoring the threat landscape is very important.”

CISOs role evolved with the time
Anuj Tewari
CISO- TMF Group
“In the recent years, especially in the post pandemic years, the attack surface for us has changed historically. CISOs used to be very defensive in depth for a much layered concept when they were talking about the attack surface management. 10 years back we would be very accomplished, if we had done a pitchy on all the external IP addresses which would give us some sense of security. That era has gone completely and has evolved from our tax service management standpoint; especially since the workplace and the workforce has evolved. The way the workplace was being accessed, the whole stack has actually taken a 180 degree split.”

API security is the key challenge
Seema Sharma
Global CISO- Servify
“The misconfiguration of security settings on the cloud services is the biggest challenge. This gets compounded with the use of a multi cloud environment. Because each cloud service provider comes with an array of vendor specific security controls which not everybody is aware of. Then organization’s cloud security posture management strategies are normally not mature enough, they would lack qualified staff who know how to use these settings, while securing and configuring their workloads and hence the miss-configuration and the security oversights are bound to happen. Additionally, API security is also another challenge.”

78% of the breaches are happening while new technologies are being purchased onto the cloud
Major General (Dr.) Pawan Anand,
AVMS (Retd.)
“Cloud deployments are a very attractive opportunity for businesses. You can have a very good infrastructure which you can share with people. You can share data, or aggregate data from various sources. So it is a very attractive proposition and that self being an attractive proposition attracts a lot of people on to the platforms. Today, the CISOs who were surveyed, have said that 78% of the breaches are taking place when new technologies are being purchased on to the cloud. There are those vulnerabilities which come up and are definitely going to make them a common place for attacks.”

Everyone has to embrace the cloud
Harnath Babu
Partner & CIO-KPMG India
“Majority of the organizations are moving their workloads to the cloud, as we have already heard, some of the challenges that are there from a security point of view, most importantly when the applications are being imported, you can't simply say that I don't want to use cloud as they are not secure. You do not anymore have that option of not choosing cloud; we have to choose to get on to the cloud. The point is very clear that you have to embrace the cloud. You have to get out on the transformation journey and continue to stay secure.”

API is the most lucrative target for hackers
Abhishek Kumar
CEO & Founder, Cybereconn
If it is about cyber security data comes in between. API is software which actually converts data into understandable format which the machine can understand and inside the API control panel you can send that portion of data to a particular part of the application. This is the most lucrative target for hackers. If they are inside the control panel, they probably have the control all over the data, which is inside the cloud. If you go and search on Google the best cybersecurity skill to learn in 2022 it is ‘how to hack web API’. Very soon we will see that our API security is going to be secured.

Panel Discussion Session - III : ‘Growing Importance of Endpoint Security’

Dr. Deepak Kumar Sahu
Editor-in-chief-VARINDIA

The increase in number of endpoints has made it vulnerable to new threats

Vijay Sethi, Chairman, MentorKart said that adoption of new technology is going to change the entire threat landscape of organizations, especially at the endpoint level. The number of endpoints have increased today and many of them would be vulnerable to new threats. New concepts like ChatGPT, AI/ML are also going to change the impact on endpoint security in a big way. So like new technologies are helping organizations, they are also helping hackers in a similar way.

With new technologies, it also becomes important to do a proper risk assessment

Dinesh O Bareja - COO - Open Security Alliance said that we are all getting so stuck in the technology domain that sometimes the primacy of the end user is forgotten. The law may not be available or applicable in the country but there are geographies where you may have trouble using the endpoint technology to see what the person is doing. With the coming of new technologies, it also becomes important to have a control to understand what is moving in and what is moving out and do a proper risk assessment.

Internet of Medical Things generate a lot of data which are easily vulnerable

Sushil Kumar Meher, CIO – AIIMS (Delhi) said that in bigger organizations, the biggest vulnerability comes from the endpoint. He suggested that an education program should be started from the school level. While a million of the Indian population is today using the mobile phone, more than 80% of them are not aware that their devices are not secured. In the Healthcare sector, IOMT (Internet of Medical Things) is where most of the medical devices are connected and it generates a lot of data like imaging, laboratory etc. But these devices are easily vulnerable.

The number of people who connected to the cyber space was the highest last year

According to Harold Dcosta, President – Cyber Security Corporation, the world is getting smaller and people are getting connected to the cyber space; the number of people getting connected to the Internet has been the highest last year. So while 490 crore Indians are connected to the cyber space today, about 120 crore of them got connected last year. It is therefore becoming very important to get a proven endpoint security as vulnerabilities have also increased.

The fundamentals of security still lie around People, Processes and Technology

Navin Mehra, Regional Leader (Cyber Security) - Cisco India & SAARC was of the opinion that the fundamentals of security still lie around People, Processes and Technology. In this hybrid world, where networks are borderless, and users are on their BYOD devices, this control vector becomes very important. These devices have increased and many of them do not have even a basic anti-virus software on them. So the principle of zero trust has to be put into perspective and a continued watch becomes very necessary.

End points are the low-hanging fruits for hackers

Kapil Mehrotra, CTO - Dhanuka Group said that endpoint security becomes very important at a time when the data has become a very important asset. If you look at the user behaviour, they all need different types of access. In spite of having the best XDR and MDR tools, it is important to change the behaviour of those protections as per the work requirement. Hackers being very smart, they are already trying to study the behaviour patterns of the user and how they are accessing what data. End points are the most low-hanging fruit for hackers.

The Mentalist Nirbhik Datta

The event witnessed an exciting and interesting session with a Professional Mentalist; Nirbhik Datta, who created illusions and influenced the minds of the attendees. His tricks influenced everyone and engaged the industry leaders present in the hall. He has been doing this for over a decade and has amazed people with his mental feats. Reading people's minds is his passion. His show was based on audience participation and humour where people were left spellbound. He manipulated the human brain and showed how miracles can be created just by mental tricks. With his mesmerising feats he made people play with random numbers through which he could reveal the passcode of an ATM number, could reveal names of persons in mind etc. It was a one of its kind feat which made people glued to their seats. His whole act had mesmerized and left a lasting impact on the audience. He tested the business magnates and their presence of mind while entertaining all.

Award Winners in CDS 2023

Best company into Application Security Solution - Palo Alto Networks

Best SD-Wan Solution provider - Fortinet Technologies India Pvt. Ltd.

Best cloud security company - Cisco System India Pvt. Ltd.

Best company into EndPoint Security- Crowdstrike India private limited.

Best company into UTM - Sonicwall Technology Systems India Pvt. Ltd.

Best company into providing EDR and XDR solutions - Sentinelone India Private LTD.

Best company into Network security - TRELLIX

Best company into IoT Security - Check Point Software Technologies

Best company into DLP Security - Forcepoint India Pvt. Ltd.

Best Company into DNS Security - Infoblox

Emerging Company into Email Security ( Make in India) - Neuailes Global Technologies Pvt Ltd.

Best Identity & Access Management (IAM) solution - Micro Focus (An OpenText Company)