The recent Global Risk Report 2019 released by the World Economic Forum (WEF) indicates that India faced the largest data breach in the world, with Aadhaar IDs of more than 1.1 billion citizens being breached.
Indians may have embraced digital transactions, but they are yet to learn the do’s and don’ts of sharing personal information, as social engineering and phishing emails are rampant. There is a dramatic correlation between adoption of mobile apps, digital payments and increasing number of financial frauds. The stakes are even higher for enterprises – government and private.
The recent Global Risk Report 2019 released by the World Economic Forum (WEF) indicates that India faced the largest data breach in the world, with Aadhaar IDs of more than 1.1 billion citizens being breached. Further, the findings of a EY survey revealed that malware, phishing and disruptive cyberattacks are the top three threats to businesses in India. The moot point is this: when integrating business systems, information technology and operational technology that enable data-driven decision-making, it is important to also remember that this can pose new security challenges. Therefore, it is imperative to ensure that security is integral, holistic and automated from the outset; rather than pieced together over time.
New approaches to security
“Security and safety measures require new approaches, as this is pervasive and not under the management of IT experts. A techno-legal approach will be a suitable way to address this concern,” says Arvind Tiwary, Chair, IoT Forum, TiE and chairperson, Cybersecurity WG, IET IoT Panel. He adds, “With the current IT laws, conducting a forensic analysis after a breach becomes difficult. Building a right framework for cybersecurity and data privacy is of foremost importance with India aiming to be a trillion-dollar digital economy.”
Web traffic encryption
According to Thales’ research, 86% of organisations feel vulnerable to data threats, and less than 30% of organisations use encryption as part of their digital transformation strategy. “The investments made in next-generation firewalls, intrusion detection and prevention systems, secure web gateways and similar devices are pointless if web traffic is not decrypted, inspected and encrypted back. Traditional firewalls and Intrusion Prevention Systems (IPS) are only as effective as the rules they are configured to enforce. Their inability to decrypt web traffic in real-time to detect bad actors also result in performance issues and concerns around the timeliness of the security solution,” says Sanjai Gangadharan, regional director, Saarc, A10 Networks.
Enterprise customers are looking for purpose-built, dedicated solutions to address the SSL blind spot without degrading the performance of the security infrastructure. He says that the organisation’s Thunder SSLi provides decryption solutions which compliments security products to scrutinise for threats, decrypt and encrypt data back again without privacy concerns.
Detailing security down to the chip
A closer look at the major trends in the IT industry today – like VR and AR, artificial and machine intelligence, deep learning, self-driving vehicles reveal that they all require vast amounts of processing power to manage the explosion of data resulting from these technology implementations. As virtualisation takes centre-stage, this processing power is being delivered through highly efficient, scale-out data centres.
“Today, both hardware and software need to provide comprehensive security. The old story of relying only on OS and application-layer security built in by the developer community, or external tools such as antivirus protection is proving to be insufficient against modern cyber threats, particularly when virtualised and cloud-based infrastructure is involved,” says Jay Hiremath, corporate vice-president, Systems Design Engineering at AMD.
He believes that chip level security is the need of the hour. Having security protection on the chipset makes it even more difficult for outsiders to find and breach a system’s defenses. Additionally, they can utilise read-only memory that may be impossible to modify. “In November, we launched the 7nm AMD Radeon Instinct MI60 and MI50 graphics accelerator – the industry’s only hardware-virtualised GPUs. They deliver the compute performance required for next-generation deep learning, HPC, cloud computing and rendering applications. These new graphics cards are based on the high-performance, flexible “Vega” architecture and are specifically designed for ML and AI, delivering higher levels of floating-point performance, greater efficiencies and new features for datacentre deployments,” he adds.
In sum total, as security and related issues continue to evolve, businesses will have to ensure that they have strong security protocols in place for both hardware and software.