AI can be used to analyse the cyber behaviour of users and identify potential risks: Anirudh Gupta, CISO, GM, IT, NHPC
NHPC Limited is an Indian hydropower generation company that began its operations as a public limited organisation in the year 1986. It is one of the largest pubic sector enterprise in the field of hydro power development in the country and is considered as a Mini-Ratna Category-I Enterprise of the Government of India.
Express Computer had an opportunity to speak to Anirudh Gupta, CISO, General Manager, IT, NHPC on various topics related to multi-cloud environment, artificial intelligence and securing a remote workforce. Gupta joined NHPC in 1998 and has a vast total experience of 34 years in the IT domain.
Excerpts:
- What are some of the emerging threat vectors that enterprises need to be careful about?
The power sector has been recognised as a critical sector by the Government of India, and the Ministry of Electronics and Information Technology (Meity) has given multiple guidelines and policies to protect and secure this sector. NHPC also has taken various measures in accordance with the government mandates. One of the major threat vectors, especially in the power sector are the outdated OT (Operational Technology) infrastructure and the lack of IT (Information Technology) integration with it.
So in my opinion, it is prudent to integrate both OT and IT infrastructure for the organisation. In the current environment that we are in, the role of IT is increasing day by day, and vice versa the threats are also increasing in manifold levels.
- What are some of the best practices you recommend to protect a remote workforce?
Ever since the Covid pandemic, many people have started to adopt remote working or as commonly referred – Working From Home (WFH). And while choosing and going ahead with that option, it is already assumed that the chances of vulnerability or having cyber threats are quite high, and we should have the appropriate security tools to encrypt our critical information.
Moreover I think, data encryption has always been the best practice, and one should follow this. As most people who work remotely have to be given access to the organisation’s important information data,that needs to be regulated or should be kept confidential.
The organisation can also ensure and secure the devices that an employee is going to use while working from home. There should be identity and access management policy for employees, and they should only be granted access after using the multi-factor authentication.
- Request you to share your views on protecting multi-cloud environments? What are some of the best practices you recommend?
In my view, centralised monitoring of IT resources has to be done in multi-cloud environments, adopting the appropriate security policy and requirements across cloud providers and adjusting them according to the existing cloud model for ensuring security in multi-cloud environments.
Some of the best practices that I would recommend to protect multi-cloud environments are:
* One must make sure that the cloud is secured and up-to-date.
* The data centre where the cloud is setup should have the necessary certifications and there should be an approval by the government.
* One must also make sure that the multi-cloud vendor should provide the tools to the customer for data protection, latest software and data encryption tools.
* The service provider should also have a plan for cloud disaster recovery, configuration and prevention of data loss and cloud monitoring management.
* All necessary rules, laws and regulations must be followed.
* The service provider of the cloud should be the one where the cloud is flexible and scalable in nature.
- DNS attacks have gone up significantly. How can DNS be leveraged to improve threat resolution?
DNS monitoring can provide early signs of cyber threat in the organisation’s IT environment. And we should use multi-factor authentication for DNS authority and vendor logins. Moreover, there should be an employee to monitor DNS activity logs to quickly spot issues.
- How can AI play a vital role in improving the security posture? What are some of the possible use cases?
Artificial intelligence can be used to analyse the cyber behaviour of users, to observe an organisation’s IT behavior and identify potential cyber risks. AI can handle a significant amount of logs, data and manage cyber threats. It can also help in improving the productivity and remediation due to its ability to detect nuanced threats, heighten security, enhanced incident response and also helps in saving time to manage threats.