EDITOR’S LETTER
A famous quote from Martin Luther King goes “Nothing in all the world is more dangerous than sincere ignorance and conscientious stupidity”. A lot has been written about increasing risks due to digital and the role of a CISO in identifying and appropriately managing various risks including cyber security, data protection, information systems security etc. Many enterprises have been putting in place adequate protection against external cyber-attacks. However, with people becoming increasingly mobile and hyper-connected, one of the biggest risks emanates from within the organization in the form of insider threats. This threat is more difficult to detect today than it was a few years back. In a recent EY report, the risk of data breach or losing data as a result of insider threat represents the fastest growing risk – insider threats poses the biggest risk to organizations becoming a victim of fraud, corruption or data loss. This is especially important given the current regulatory environment and market reaction to instances of corporate fraud.
The impact from such threats are notable ranging from misuse of resources, abusing entrusted privileges to targeted and malicious threats including hacking techniques, with a significant level of concerns from third party business partners and contractors who have legitimate access to company networks in addition to internal business users. Motivation has been financial led in most cases with other reasons being personal including employment with rival organization or even a personal grudge.
Leading organizations across all sectors are looking for ways to address the evolving insider threat. A security intelligence layer is paramount, which constantly identifies new threats, highlights security deficiency, monitors user interactions to proactively identify anomalies and raise alerts. Enterprises need to put in place a risk mitigation framework that offers a consistent view of the enterprise’s risk profile and security position. Several mechanisms need to be put in place to secure data at rest as well as data in motion. Knowing where the information lies, who has access to it and conducting regular audits to review user accounts and detect any abnormal behavior is important in the execution. Importantly, mitigation of accidental incidents to whichever extent possible, is also vital in addition to malicious attacks.
How do enterprises make sense of the trust element and what can they do to mitigate this risk? This edition of Illuminar features a cover story on this topic. There is also a survey to understand your perspectives together with changing trends on how enterprises are managing this threat.
The edition also features an interview with Pratima Ram, a senior corporate professional with over three decades of experience in various industries including banking & finance, infrastructure and Oil & Gas. Pratima provides her perspectives on this topic together with good practices that are being followed by enterprises to mitigate this risk. Pratima has held various positions in her professional career including Chief General Manager and Country Head of the United States operations of State Bank of India (SBI), CEO of SBI South African operations, Group President (Finance) at Punj Loyd etc. She is currently an Independent Director on the Boards of various companies including Havells India, India Infoline, Suzlon etc.
We look forward to our continuing conversations. Thanks for your encouragement and support. Our best wishes for much success and prosperity to our friends in countries where April is the beginning of another financial year.
Click here to participate in the survey
Best Regards,
Srividya Kannan,
Editor, Illuminar
editorials@avaali.com