With Indranil Mukherjee, Head of Cybersecurity at Tata Consultancy Service (TCS) for UK, Ireland and Europe
What areas do you think will grow in prominence from a cybersecurity perspective in the next 12 months and why?
The way we think about cyber risk has changed drastically. The recent acceleration of digital transformation, including mass cloud adoption and remote working practices following the pandemic outbreak, has introduced new threat vectors to all organizations.
A large amount of data today resides and is being processing in public cloud, which means they are physically distributed all over the world at multiple locations. This has increased the attack surface and threat vectors, meaning the number of weak entry points—or ‘nodes’, for opportunistic cybercriminals. An organization’s biggest cyber threat is its weakest ‘node’—wherever that might happen to be in the world.
Thankfully, cybersecurity has rightly gained a higher priority than just two years ago. In fact, organisations are estimated to spend 30-40% more on cloud security in the coming years. This is closely followed by enterprise vulnerability management and advanced identity and access management—a positive move for enterprises to gain better visibility and a deeper understanding of their entire landscape.
Locating any potential security vulnerability is much easier than resolving the problem itself, and the speed at which a hacker can infiltrate any system now means that companies must be even more proactive and persistent in their efforts to mitigate risk.
One way of reducing the probability of an attack is to implement a ‘Zero Trust’ policy – a framework based on the principle of ‘never trust, always verify’, applied not only to humans but also machines. As part of this, advanced identity and access management solutions are becoming more prevalent among organisations looking to strengthen their defences.
Given the current geopolitical environment, the risk of cyberattacks impacting critical national infrastructure has increased multi-fold. This type of threat protection must also include the industrial components of operational technologies and the internet of things, in addition to the typical information technologies, to ensure domestic security is strengthened.
Last but not least, the notion that “a breach can still happen” is beginning to take hold among enterprises. No measure of protection is 100% secure. Increasingly, organisations are coming to grips with that reality and are increasingly going to adopt automated managed, detect and respond, known as MDR for close monitoring and responding to security incidents.
What cybersecurity challenges are organisations in Europe currently facing and is this different when compared with organisations in other parts of the world?
In the UK, Ireland and the rest of Europe, the majority of organisations are preparing to defend a breach or ransomware attack. Except for the financial services sector and a few national critical infrastructures, companies tend to be behind on their cybersecurity and cloud maturity journeys, primarily due to less proactive investment in technology and cybersecurity skills training.
Cyber security has no tangible or visible return on investment. Making the business case for further investment can prove to be a challenge, as it is difficult to quantify the immediate financial return or any short-term benefits to justify additional spending. The cyber security focus in Europe is starting to change due to the Covid situation.
Back in 2020, the pandemic forced every organisation to adapt quickly with tactical investments in digital transformation to enable agile working. This has posed new ways of working. Organisations can no longer count on their users to be cyber security aware all the time. That is why enterprises need to reduce human dependency and build a Zero Trust model where mistakes and errors do not give away a chance for anyone to exploit.
The ongoing effect this is having on business continuity today has meant there is now more acceptance in Europe on proactive preparation, detection and protection of both people and infrastructure, with a clearer understanding that the true value of any cybersecurity investment is relatively equal to the value of the business itself.
What’s your opinion on the pool of talent with cybersecurity skills in Ireland? How should organisations and the wider industry address this?
Cybersecurity is fundamentally about having a logical mindset and organisations must consider engaging with local academic institutions to ignite interest and educate young students to pursue skills development in this area. Here in Ireland, TCS has developed great relationships with Irish technical universities and colleges and is investing in the local skills development so that we can foster the pipeline of great cybersecurity talent locally well into the future.
Besides that, there is no age limit to entering cybersecurity as a profession, and any experienced individual with an IT or risk management background possesses the required knowledge and skills to excel in this sector.
Innovative training methods, such as using ethical hacking competitions known as ‘hackathons’ and ‘hackquests’, can help to encourage anyone with an interest in IT, computational thinking and risk management to showcase their ideas and develop their cybersecurity skills. Educating, training and upskilling is one of the biggest challenges facing many global organisations today, but this can be overcome by working closely with customers, partners, stakeholders, and even competitors.
For example, TCS’ Threat Management Centre in Ireland is designed to be a one-stop-shop for security solutions so that organisations can more easily tap the cybersecurity expertise that is always up to date with both the global cyber landscape and the uniquely local requirements and regulations. As organizations grapple with continued skills shortages, especially in cybersecurity, in the digital age, they need to think beyond their organizations and as part of a cooperative, collaborative and holistic ecosystem to build and extend their cyber resilience.
Article by [author-name] (c) Irish Tech News - Read full story here.