K7 Dialogue is an initiative from K7 Security that features interaction with cybersecurity experts and thought leaders to spread awareness and share real-world insight on how businesses can combat cyberthreats.
Sandeep Bansal has over 2 decades of experience in Information Technology and Information Security, and has led these functions in various organisations. He specialises in digital transformation, team management, stakeholder management, and cost optimisation.
1. How has the Indian education sector changed its approach to cybersecurity due to the pandemic and the increase in remote learning?
We believe that education has been the most impacted vertical during the pandemic. Around the world, it has been almost 2 years since education has gone from a physical to virtual platform. The learning and teaching process has faced a lot of challenges. Neither students nor trainers were ready and equipped for this new challenge.
Institutions had to take an overnight decision to build technology capabilities in their present infrastructure. This unplanned design of IT Infrastructure at many institutions has served as an invitation to hackers and data security has become a big issue.
IT and Data Security have not been given preference and importance in educational institutions. There has been a lack of IT support staff with good knowledge of security practices in IT operations. Due to this, many institutions have become vulnerable and the education sector has been targeted with Malware, Spyware, Phishing, and Ransomware attacks. We have fought these attacks every other day by securing our firewalls, refining network policies, implementing security best practices across Physical and Cloud Infrastructure, and defining data backup policies with redundancy. We have been able to survive the nightmare of ransomware attacks that have occurred in the last couple of months.
2. The large talent deficit in cybersecurity is creating attractive opportunities. How can colleges motivate students to consider cybersecurity careers?
Cybersecurity is the most attractive career destination in the coming future. With increasing digitisation across all verticals, cybersecurity professionals will be in great demand. Colleges and Universities have been regularly conducting expert talks, hackathons, seminars, and awareness campaigns on cybersecurity.
However I strongly believe that companies like K7 should conduct regular events and hire fresh graduates, giving them internship opportunities. This will boost their confidence and build interest in the field of security. I have seen many organisations/start-ups opening internship opportunities. In many cases these opportunities are without any encouragement to the student, and secondly the basic requirement is very high. The short-term and long-term internship opportunities with Tier 1 companies will give them great exposure.
The basic requirement for a student to join any organisation for an internship is very high, due to which the turnaround is very small. In my view they need to be picked post 2nd Semester.
3. In your experience, what are the biggest cybersecurity challenges facing organisations that are embracing digital transformation?
In my view the biggest challenge in the Higher Education vertical is Internal Stakeholders. Awareness and training at each level is very important. Any security challenge and threat can be monitored to some extent. There are various use cases where alerts are found to be either false positive or ignored. Every security incident must be monitored and addressed without failure.
It has been observed in many cases that the network security team is looking for solutions after the breach/security failure. Either risk has not be identified during reviews/monitoring or it has been assumed as a small incident, hence ignored.
The end user team needs to be trained and educated to report even small security incidents or breaches. To ensure proper action, a mitigation plan must be in place. Students are the largest users of network infrastructure in many educational institutions and with a BYOD approach, security agents are missing in 90% of devices.
Secondly, during their learning process they try to breach their own institution’s firewall and security. To identify and address this internal threat, a strong security team must be built within the organisation. It will ensure that risks are identified at a primary level, and respond to them quickly.
4. As a specialist in data centres, what cybersecurity best practices do you recommend for data-dependant organisations?
Any data-dependant organisation must have a data security policy in place. A casual approach towards data security can put organisations at higher risk. Today one may recover from financial loss, but data loss can be irrecoverable. There have been cases where organisations have tried to negotiate and pay the required amount as ransom to the hackers. They could not recover their data.
Security Standards: In my view, data-centric organisations must follow security standards. Each security incident must be addressed without fail. A quarterly audit should be conducted to ensure devices are updated with security patches. 100% implementation of antivirus agent across the organisation with regular updates must be followed.
Awareness: The organisation must run regular awareness campaign to educate end users. Every security event must be reported and recorded with action taken. Any false incident/alert should be handled properly; ignoring such events can be dangerous.
Identify: The right tools for your organisation should be identified with due diligence and testing. Every tool has its own features, advantages, and benefits. There are tools that may be the best fit for the BFSI segment but may not be of much use for any other vertical. That may lead to more false positive alerts and trouble for the security team.
Training: End user teams should be trained to understand threats. It has been observed in many cases that a user has been trapped in a phishing attack by opening an impersonated email. In one incident an end user forwarded an unidentified mail attachment to the IT team without proper subject, leading to a major ransomware attack. These are avoidable security incidents that can be addressed with proper training to the end user group.
Bulletin: The data security group should publish a monthly security bulletin within the organisation. The bulletin should cover the latest security events that occurred in the last month along with action taken, and infographic representation of device updates and current threat level.