Express Computer
Home  »  Security  »  A CISO perspective: Important cyber security considerations

A CISO perspective: Important cyber security considerations

1 926

By Sameer Ratolikar, Executive Vice President and CISO, HDFC Bank

We are nearing two years of the pandemic followed by WFH which gave impetus to the cloud adoption especially for customer facing digital initiatives. As we are setting foot into 2022, some of the cyber security considerations from a CISO’s perspective are penned down below:

1. Agility and automation is going to be the key

Tactical and time consuming approach towards vulnerability management. Let us take the recent example of Apache log4j vulnerability. Initially, it was said that the vulnerability is only applicable for log4j version 2.10 to 2.14 . The info-security team went on to change the config setting ( no look up= true) and in parallel talked to the application vendors, ensured the upgrade is made available quickly , tested it and upgraded the application to 2.15 . In less than few days the news article in the media mentioned that even 2.15 was vulnerable and right way is to move it to 2.17 . The cycle of identifying the affected systems, and in parallel taking to the vendors continued. I strongly feel that vulnerability exposure market will grow significantly ( structurally and un-structurally) and we can’t be handling it in a non- intelligent manner like this.

I feel that we need a better intelligent way akin to SAC (Software as a Code ) available on the cloud to the on-premise setup to manage the patches and upgrades in a quickest amount of time . I am sure we will see some action in this domain in 2022

2. Run time self protection (RASP) approach towards application protection

Application security testing today works on SAST and DAST. So, every time when application undergoes an application security scan, it throws some vulnerabilities and it takes from a few days to few weeks to patch the application vulnerability depending upon the criticality.

I see this more as a reactive approach even though some of you might feel that appsec scan is a proactive mechanism to address the vulnerabilities. I strongly feel we might see more innovation here and companies offering and banks adopting run time application self protection (some thing like sensors to fix the vulnerabilities in real-time there by minimising the time-to-fix) . Another use case is for customer transactions. The banking industry is seeing a few frauds wherein fraudsters are luring gullible customers to install remote control apps on their mobile phone, thereby  planting a malware and taking full control of the phone to carry out fraudulent transactions. RASP will be able to address this issue significantly.

3. UEBA and AI ML adoption 

As the threat landscape is evolving and becoming more complex, it is important to monitor the user behaviour for actions initiated by a user or malware. But legacy applications mostly lags proper logs which dilutes the ability for AI ML models to detect the threats. Hence, presence of proper logs in applications is the key

– This article originally appeared on LinkedIn. This is published here with the author’s permission

Get real time updates directly on you device, subscribe now.

1 Comment
  1. Sharath says

    Really helpful cybersecurity considerations explained in this blog. Would love to know more, especially on the best DDoS protection for my website from service providers like Mazebolt or Cloudflare, which one is the best?

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image