Cybersecurity entrepreneurship: How data protection is an emerging space for startups

“Data is the new oil” in this world of information, where “knowledge is power”. Data has now become omnipotent, with each trend in our lifestyle being stored in silos. Data, today, provides a vantage point in policy making and strategic planning whether in industry or in the military. As a crucial resource, data transgresses almost every aspect of human life, from fooding to travelling, from entertainment to perception building. In these quests, data gathering also extends to the most private aspects of an individual which may be critical not merely to his dignity as a human but also to his security as a being. Even though data provides more helpful outcomes to the consumer and enhances the ease of service delivery, it side-by-side creates a challenge to the privacy of the individual. That is recognised as a fundamental right not only in India but in the larger liberal-democratic world. As such the onus heavily relies on the important stake-holders of this data cycle. It includes customers, data fiduciaries and the government. As such we need to create a symphony in our collaboration to ensure that the beat of development plays along with protection of privacy. Moving along with these thoughts, we have with us– Ankur Ahuja– CISO and Vice President of Information Security, Fareportal. Excerpts of the interview: What is the key to successfully managing the security of critical data? In this connected world, data builds or shatters an organisation. Industrial organisations deal with thousands of customer transactions every day ensuring the security of data at each stage of its processing. To obtain this objective, the first question is “How do we protect our customer data?” Security of Information within an organisation builds up with multi-fold architecture, for which there has to be harmony between People, Process and Technology. As we define criticality of the data, we must understand any associated risk that could impact such data, as critical data is required to be preserved from external as well as internal threat actors. These risks need to be treated by implementing security controls that are aligned with the organisation’s business objectives. So, the key to successfully managing critical data security is directly proportional to the ability of an organisation in identifying risks, and the continuous support from its leadership encourages acts to mitigate these risks. What are the major challenges a country like India is facing in the Cybersecurity space, and what measures need to be taken? Today cybersecurity is a main component of a country’s overall national security and economic security strategies. With the increase of cyber-attacks, every organisation needs a full-blown security team who makes sure that their systems are secure. These teams face many challenges securing confidential data of government organisations, private organisation servers and others. Some of these challenges are: · A lack of leadership commitment, which further misaligns security expectations and business objectives. · Evolution of ransomware and new age cyber-attacks (AI/IOT based attacks). · Shortage of skilled resources and training in the cyber-security space. · Lack of data privacy and security regulations. · A lack of Government support in promoting cyber security innovation. · Slow/ No legal implications to pilferages and frauds. In India, there are many challenges related to cybersecurity. Leadership in Indian organisations need to understand the depth and impact of a cybersecurity incident. They should invest and budget cybersecurity initiatives accordingly. Though India has seen an increase in leadership and security calibration in recent years, there is still a long way to go. This calibration between leadership and security needs to evolve, and leadership should be willing to invest in cybersecurity innovations that benefit the organisation and other partners associated with it. Organisations must invest in continuously upscaling the competency of cybersecurity professionals and promoting the culture of learning and innovation. Though there has been a step-up in data protection and incident response initiatives by bodies like CERT-In, RBI and DSCI, it still requires a lot of effort to bring it to a level that will manage 1.48 million registered companies in India. The overall investments in Indian enterprise cyber security startups is not even 3 per cent to what happens in the US, that is one of the reasons many startups plan to move to the US, once they pick their portion of seed investment. Government bodies and enterprise investors need to build an ecosystem to focus on cyber security startups especially those that can be of national and enterprise interest. As an organisation, how does Fareportal keep its data secure? In Fareportal and the Online Travel Agency (OTA) world data is supreme. Our company believes that the foundation of this business is managing data through online marketing, an excellent product line, and mind-blowing analytics. Roughly 100,000 flights take off and land every day all over the globe and six million people fly to their destination every day. Now, the management of this data starts from getting potential customers on the OTA website for booking travel, to post booking support ensuring repeat travel. This information traverses from customer to an OTA (like Fareportal) and is subsequently shared with airline or hotel partners. OTA’s are becoming prime targets for external threats and fraud attempts, triggering our industry’s dedicated ongoing focus on protecting the customer’s information during its entire lifecycle. In addition to external threats, this industry has recently seen a significant rise in the number of attacks / frauds committed internally. These external, and internal threats evolve with time and hence it requires continuous planning, effort, and collaboration to reduce resulting risks. In the OTA industry, we are required to implement controls at various levels to Prevent and Detect any suspected security breach. Controls needs to be focused on some areas listed below: · Protecting online customer pilferages and leakages · Stronger cyber defence and threat hunting mechanisms · Automated security monitoring · Data security while sharing with third, fourth, fifth parties etc. · Implement security-by-design and privacy-by-design principles · Report threats and risks transparently to the leadership and board There is a never-ending list of such controls and security teams use various tools and controls to maintain the security of an organisation. All OTA’s must always remain one step ahead of the attackers eyeing our transactions and therefore we must focus on a preventive rather than a reactive approach. In this era of AI, Bots and more, how do you envision the evolution of Cybersecurity? Just like the biological process of evolution, we see technology evolving day by day, but at a much faster pace. With the introduction of artificial intelligence (AI), machine learning (ML), and other smart technologies, securing organisations from cyber threats becomes more challenging. And that’s where innovation takes over because as technology grows, so shall cybersecurity. Organisations need to expand their horizon and learn evolving technologies, to tackle threats arising from such technological enhancements (advanced BOTs, behaviorally induced ransomwares etc.). Additionally, organisations should utilise AI / ML to their advantage by building use cases to analyse data for detection of any anomalies, pilferage, and suspicious behaviour. Data engineering and analytics along with certain AI/ML algorithms, supervised and unsupervised learning models, can not only be used for threat hunting and cyber defence activities, but can help greatly reduce the level of pilferages. Which are the most vulnerable Industries that can face Cybersecurity issues? What are your recommendations for them? Attackers target organisations based on the nature of their operations and the expected financial benefits they can get from the data in question. Based on their financials, healthcare, e-commerce, travel and technology industries are some top industries that are prime targets for these attacks. To be secure from such issues, controls must be implemented at various levels in the organisation to prevent, detect and respond to any suspected breach. To remain in front of security advancements and keeping hackers at bay, a few recommendations that security leaders could follow are: · Make best use of advanced security tools and technologies available in the market. · Remain abreast with any new threats and prioritise remedial action immediately. · Be ready to change things in a shorter time span. · Keep your leadership aligned with industry developments. · Look for automation, wherever possible. · Keep training and developing talent in your cyber security teams. · Remain close to business and product developments. What prospects do Indian startups have in the field of Cybersecurity? Indian investors focus primarily on consumer products than enterprise products, there has been significant increase in investments in cyber security products from Indian and international investors. Indian government in collaboration with Ministry of IT and DSCI (Data Security Council of India) has launched N-COE (National Center of Excellence for Cyber security technology and entrepreneurship), which incubates more than 80 cyber security startups and trying to introduce new and “out of box” cyber security products in market. I, being one of the startup mentors in N-COE, believes this initiative can take a big leap in enabling investments and promoting cyber security entrepreneurship culture in India. Along with this there are multiple venture capitalists, who have shown interest in cyber security products, which can be disruptive in the market. Overall, India’s evolving cyber security startups now stand close to countries like the US and Israel, which are considered hubs of enterprise product startups. Read all the Latest News, Trending News,  Cricket News, Bollywood News, India News and Entertainment News here. Follow us on Facebook, Twitter and Instagram.