Cyber security is turning out to be a huge challenge for organizations in India and globally. The risks emerging from within and outside the enterprise are immense in scale as they are keeping CIOs/IT managers always on their toes. In such a scenario, the role of a CISO (Chief Information Security Officer) comes under spotlight and becomes utterly significant. However, many organizations have still not appointed a dedicated CISO and the role is being handled by CIOs. It puts them at a greater risk. Having a dedicated CISO gives an organization an edge against hackers. Dataquest stole a candid moment with Debabrata Nayak, Chief Security Officer, Huawei Telecommunications India, to understand the dynamics of cyber security landscape and how it affects organizations.
Debabrata Nayak, Chief Security Officer, Huawei Telecommunication India
How complex and important is the cyber security space for enterprises? What are the difficulties that they are facing in handling cyber security challenges?
Cyber security continues to be an issue of intense interest to our customers, governments, and solution providers alike; it is a focus of Huawei. We believe that we must share knowledge and understanding of what works and what does not work to reduce the risk of people using technology for purposes never intended. However, the sheer fact that the world continues to evolve in this digital era, many cyber security challenges need to be overcome unremittingly.
As a global leading telecom solutions provider, we are fully aware of the importance of cyber security and understands the concerns about security. Huawei has long been dedicated to adopting feasible and effective measures to improve the security of its products and services, thus helping customers to reduce and avoid security risks and building trust and confidence in Huawei’s business.
How do enterprises increase their security standards and what are the immediate steps required to safeguard networks when a hacking attack happens?
With scientific and technological development, cyberspace has penetrated into all aspects of our daily life especially when you consider the technology adoption amongst enterprises. With the advent of IoT and other technological advancements, we at Huawei take a built-in approach to embed into our end-to-end business processes, the cyber security requirements such as security threat analysis and security scanning of source code, etc.
How can an organization build trust in their customers? How would they know that whatever they are doing would remain secured with them?
ICT systems have become more complex as society becomes more networked. The safety, security and reliability of these systems is increasingly critical. Widespread disruption to daily living, economy and even national security could result from failure of these systems.
Industries like BFSI are affected by the mounting challenges of cybersecurity, where customers are demanding the convenience of direct access to their data using their mobile devices. Banks are revamping their IT infrastructure in order to launch self-service applications for opening new accounts, applying for loan, mortgages and other retail banking functions.
Huawei has committed itself to taking steps to drive demonstrable progress in reducing cyber security risk, including that of collaborating so as to reach an agreement on principles, laws, standards, best practices, norms of conduct, and protocols – with recognition that trust has to be earned and continuously validated.
What is the importance of end point security, especially in the IoT age where they are mushrooming at a rapid pace? What are the steps needed to secure these end points?
The Internet of Things (IoT) is slowly transforming the way we operate and function in our day-to-day lives. From healthcare to smart homes to now smart cities, there are different sectors that are being touched by the IoT wave.
India’s number of connected devices is expected to increase from around 200 million to over 2.7 billion by 2020. At this pace, India is on to become the world’s second largest Internet population with 402 million users. The Indian government is heavily investing to create a $15bn IoT market by 2020, not only to enhance the lives of consumers with smart refrigerators, self-driving automobiles and wearable fitness trackers but to devote at least half of overall IoT investment into industrial, commercial applications and machine to machine (M2M) applications.
IoT, at present represents the pinnacle of our current ICT ambitions. Huawei is one of the global leaders in IoT research and implementation, and we have always known that the Internet of Things is likely to have a staggering impact on our daily lives and become an inherent part of businesses.
While banking and insurance companies have appointed CISOs, many organizations are still not having a dedicated CISO? How does it impact security in such organizations? Why is it so important to have a CISO?
Daily occurrences demonstrate the risk posed by cyber attackers—from individual, opportunistic hackers, to professionals, and organized groups of cyber criminals with strategies for systematically stealing intellectual property and disrupting business. The management of any organization faces the task of ensuring that its organization understands the risks and sets the right priorities. This is no easy task in the light of the technical jargon involved. Focusing on technology alone to address these issues is not enough. Effectively managing cyber risk means putting in place the right governance and the right supporting processes, along with the right technology. Company management across the world is taking control of allocating resources to deal with cyber security.
Our national cyber security policy was published in 2013. It clearly states that all critical information and infrastructure must have a CISO and the CISO must be an Indian. So these things were clearly underlined. They also make mandatory CISO of a particular organization like Huawei or any other organization but he must be an Indian national. Then there is a valid reason behind it. Government has put a lot of thought on it that they give this kind of information because they feel cyber security is a specialized subject.
Why is it dangerous for organizations to tame a sense of complacency about possible cyber attacks?
At Huawei, we have zero tolerance and all the activities are being monitored by our management. There is no complacency when it comes to cyber security and you have to keep your eyes open 24*7. No CISO or IT head should take things for granted. We need to advance our technology level because the threat mechanisms are changing continuously and it’s different from the traditional mechanism.
In line with this, Huawei has established a comprehensive, ISO 28000-compliant supplier management system that can identify and minimize security risks during the end-to-end process from incoming materials to customer delivery. Huawei selects and qualifies suppliers based on their systems, processes and products, choosing those that contribute to the quality and security of the products and services procured by Huawei. We continuously monitor and regularly evaluate the delivery performance of suppliers and check the integrity of the third-party components during each of the incoming material, production and delivery processes. Huawei records the performance and establishes a visualized traceability system throughout the process.