Given the large amount of data government agencies keep and confidentiality levels of various projects, they need to adopt new data encryption capabilities designed to address the global epidemic of data breaches.
Even in the private sector, only a few percentage of data is encrypted making the vast majority of remaining data vulnerable to organised cyber crime, says Kartik Shahani, Integrated Security Leader, IBM India/South Asia.
To put that in context, the IBM X-Force Threat Intelligence Index reported that more than four billion records were leaked in 2016 (a 556 per cent increase from 2015), Shahani told BusinessLine in an interview. The Cost of Data Breach Study 2017 found that extensive use of encryption is a top factor in reducing the business impact and cost of a data breach. Excerpts:
Has coping with data security risk become a new normal for government agencies?
To be fair, a huge amount of interest and discussion has happened from the government around this. Interest in cloud adoption is increasing with the sudden rise in security breaches. It is under tremendous pressure to secure critical data, infrastructure and services.
Sectors such as public services, defence and finance have huge amount of complex data and the fears of security and data residency are well founded. The government is staying true on its decision of data residency and IBM was one of the first to work with the Tamil Nadu government to set up a local cloud data centre in Chennai in 2015.
In May, IBM has started to build a new generation Security Operations Centre for the BSE to provide them with round-the-clock security, strengthen cyber defence and safeguard stakeholder assets. It will ensure proactive monitoring of threats 24x7, detection and analysis of any suspicious change in activity, protection against emerging threats and response, while ensuring resiliency of the system.
Are the government agencies aware of the need to manage risk as an essential part of achieving optimal performance in a digital environment?
The Indian Computer Emergency Response (CERT-In) team informed Parliament that over 27,000 cyber security incidents were reported in the first six months of this year. These include phishing, website intrusions and defacements as well as ransomware attacks.
Government organisations are becoming cognizant about the emerging issues in this sector and are putting together more agile practices and stringent cyber security laws to tackle them.
Recently, IBM and Ponemon Institute released a study which said that the cost of data breach in India has risen by 12.3 per cent in 2017 where the average cost has gone up from ₹9.73 crore in 2016 to ₹11 crore in 2017.
The per capita cost of data breach increased significantly from ₹3,704 in 2016 to ₹4,210 per compromised record. The average number of breached records was 33,167.
To what extent do the government’s web applications lag behind the civilian industry with respect to securing data?
Government organisations have always taken sound security measures. Its web applications cater to different requirements of the citizens than civilian websites.
Whether internal or external, they differ in security parameters from the civilian web web applications. The government sites need to take into consideration the various levels of users, hence comparing them to civilian web applications would not be possible.
Do you recommend a layered approach, if at all, to risk management?
Given the evolving threat landscape and the importance of government data, a multi-layered security infrastructure is definitely recommended. Cloud security, for one, can be a good option which currently most of the enterprises have already started adopting.
IBM has a full stack of cloud security solutions that cover the gamut from enterprise security to mobile, government, retail, hospitality, transportation and banking, among others. It also has Watson — the industry's first augmented intelligence technology to combat security threats following rigorous education and beta testing in 2016.
IBM cloud security capabilities help:
Manage access – Enable governance and policy enforcement, strong identity and access controls, and fraud prevention
Protect data – Secure app development, protect databases, volumes and shares, and prevent internal and external threats
Anomalies, threats, activities – Monitor activities and audit trails, engage real-time threat intelligence and alerting, and check health
Gain visibility – Monitor cloud usage and utilise advanced security analytics to identify risky behaviour, potential breaches and policy violations
It is said that perimeter security is just not enough for government and its agencies. What is your prescription for optimum data protection?
Security parameters differ from sector to sector; however data protection is the common issue of government organisations.
There are multiple solutions available, each depending on the exact nature of requirement, but an optimal approach is to implement latest cloud and cognitive-enabled security solutions — from identifying and defining the most valuable data and setting security objectives to protect it.
As for best practices, look at performing a gap analysis of critical data security process and controls to help improve their security posture. Also monitor the security framework to support the management of security metrics and appropriate governance standards. Lastly, create a risk-remediation plan to prioritise and validate solutions, and implement an operational framework.
Can one still wish away the ‘insider threat’ from disgruntled employees? How do we deal with it?
Impact from insider threats can be due to lack of security monitoring or ease-of-access to sensitive data or even the lack of a robust data protection policy. The right awareness is required around the industry to be more careful towards these issues. Organisations should have:
Clear, actionable intelligence – From end-to-end mapping of the access pathways to most valuable data
Risk-based insights – Prioritise compliance and security actions
Analysis of user behaviour –Detect suspicious activities for further investigation
IBM has Identity and Access Management Services for insider threat protection that will help organisations get the right safeguards to keep their most valuable information protected, preserve brand value and customer trust, and defend against financial losses and costly interruptions.
In July 2016, IBM launched the IBM QRadar User Behaviour Analytics application, specifically designed to help security teams identify insider threats by providing unparalleled visibility into the risky and abnormal user behaviour that can signal imminent cyber threats such as opening a highly confidential document for a team they don’t support or logging in from a location where the company doesn’t have any presence
Is it possible to work across the government and private sectors and shore up collective defences?
Yes. Government bodies need to ensure that robust security practices are adopted, incident response plans are in place, regular security training given to all stakeholders of the organisations.
This can be achieved across sectors and both the government and private players can collectively join forces to tackle future challenges. There could also be other areas of collaborations such as sharing of threat vectors through threat feeds. Training is also an important element where threat hunting techniques could be shared.