The increasing sophistication of cybercrime and the skills gap needed to address it have made cybersecurity a key management concern.

The challenges enterprises face in cybersecurity cannot be overstated. Leaders at the Board and C-level have made cybersecurity a top-of-mind issue, and the topic dominates many high-level discussions.

Key challenges include the increasing sophistication and evolving nature of cybercrime, and the cybersecurity skill gaps that need to be bridged to address business concerns.

CybersecAsia taps into the expertise and experience of Gauri Bajaj, Tata Communications’ Director of Managed Security Services, for insights into the challenges and some possible solutions:

The breakneck speed of technological advancements uncovers many new security exploits every day, making it hard for cybersecurity professionals to stay on top. What, in your opinion, are some key ways to address this challenge?

Gauri: Enterprises need to develop a solid preventive strategy, which means having cybersecurity policies and systems that can detect potential problems before they escalate and put crucial data, applications or digital infrastructure at risk. This should be complemented by reactive systems that protect the business if a cyber-attack occurs – such as firewalls and IPS configurations to block off all known malicious IP addresses. Enterprises must also ensure that all software is updated with the latest patches.

To assess where they stand today, enterprises should conduct a security audit – this helps ensure that the security measures can fend off any threats. Tackling security exploits is becoming more and more challenging for enterprises, which is why many seek the expertise of managed security services providers to help them navigate the ever-changing security landscape.

With cybersecurity a top-of-mind concern at Board and C-level discussions, what changes would be necessary to effectively combat cybersecurity concerns in an enterprise?

Gauri: It’s encouraging that cybersecurity is now on top of the Board and C-Suite’s agenda. As a next step, C-level decision makers must ensure that their commitment to safeguarding the business against threats trickles down to their business units and teams, so that there are no chinks in the armour of the organisation. Enterprises need to increase employees’ cybersecurity awareness by conducting regular training so that they are aware of the latest threats, what policies the business has to protect itself – and crucially – the role that every employee plays in keeping the business safe.

What are the pros and cons of splitting the cybersecurity function from IT? How important is the role of a CISO within the C-suite?

Gauri: Both of these developments demonstrate importance of cyber-security for today’s enterprises, and the sheer scale of the task of protecting the business against the growing wave of cyber-threats. We’re seeing more and more businesses dedicate specific teams to cyber-security, headed up by the CISO, and complement their internal security team with the expertise of a managed security services provider. The CISO plays a central role in educating the rest of the C-Suite, so that they don’t lose sight of how crucial cyber-defences are to ensure the competitiveness of the business.  

There is a major gap in cybersecurity skillsets that needs to be addressed. How should organizations ensure that their IT and/or cybersecurity teams are up to the task in terms of talent acquisition and retention, as well as training programmes to keep up with the fast-evolving threat landscape?

Gauri: There are three key things that businesses should do to ensure that they’re able to keep up with – and ahead of – the evolving threat landscape. This first one is investing in training for the security or IT team to ensure that they’re up to speed on the latest threats. The second one is educating all employees about the actions they must take so that critical data and applications aren’t jeopardised. Yet, due to the increasingly sophisticated and complex nature of threats, protecting the business is becoming a mammoth task. So, the third thing businesses should do is seek the expertise of a cyber-security partner who is able to not only secure the entire organisation against threats, but also help upskill the internal security team.