Info-tech

Security-first culture is need of the hour, says Oracle official

Amrita Nair-Ghaswalla Mumbai | Updated on May 15, 2020 Published on May 15, 2020

Greg Jensen, Senior Principal Director of Security, Oracle

Cybersecurity is endangering and placing customer trust at the heart of competition. As companies struggle to prioritise data privacy and security, an Oracle and KPMG Cloud Threat Report has found organisations’ patchwork approach, misconfigured services and confusion around new cloud security models has created a crisis of confidence. BusinessLine reached out to Greg Jensen, Senior Principal Director of Security, Oracle, to understand how companies can respond to the current challenging environment, since most have accelerated the movement of workloads and associated sensitive data, to the cloud.

How can organisations tackle the increased threat level, given that sensitive information is stored in the cloud?

Cloud is a great business enabler and innovation catalyst, and most IT leaders acknowledge that some public clouds are more secure than their traditional on-premise data centres. However, with more organisations looking to transform into digital-first businesses, hybrid and multi-cloud environments are on the rise. This adds to the complexity, driving the need for an organisation-wide, security-first culture.

This will help organisations shift mindset, from focussing on just leveraging the foundational building blocks of security, to a layered defence model of overlapping controls that covers the complete tech stack. Though not without its challenges, this change improves the overall security fabric of an organisation.

Cyber business fraud is huge and cybercriminals have diversified their attack vectors. How can it be curtailed?

With more business-critical applications moving to the public cloud, it is evident that organisations are getting more comfortable with the security posture of public cloud providers. Often, an organisation uses cloud applications from many different cloud providers, increasing complexity when these interconnect.

Take a look at the explosion in targeted phishing and business email compromise attacks. One of the key targets is the user credential. The use of these stolen credentials is often of business-critical applications to commit fraud.

When businesses implement effective identity controls, multi-factor authentication and behaviour monitoring/transaction controls, organisations are able to better control who, how and what is transacting within their service and provide preventative controls. With cloud security, there is need for more education on the shared responsibility model — what cloud providers need to ensure and what subscribers need to manage.

What are the main causes of data loss and how should companies address the issue proactively?

They are many causes, including cyber-attacks and misconfiguration of cloud services. Over half the survey respondents have shared configuration issues with cloud as top contributor to data loss. Many companies have started retooling their cloud security controls and processes with a focus on securing the human perimeter via strong identity and access management measures. This has led to the adoption of multi-factor authentication for their most critical cloud accounts.

One of the proactive steps organisations can implement to protect data is to implement proper role-based and time-bound access controls for users/accounts. Educating employees on best practices to safeguard unprotected cloud secrets such as passwords, API keys, encryption keys and account credentials is crucial.

What are the main sectors that report data loss?

Some of the industries more susceptible to data loss include financial services, healthcare and manufacturing, but there is simply no industry excluded from these attacks. Some say, attackers follow money, but they also follow the intellectual property, and the flow of information and look for ways to manipulate that for either financial gain of themselves, financial impact of others, or impact to reputation and brand.

Ransomware attacks are growing, proving to be a big challenge for organisations. With malware attackers demanding a ransom to restore access, what are companies doing to counter it?

There is strong data that shows that the ransomware risk is simply not reducing. For years, businesses have paid to retain access to their data, but there are now new laws coming online in key western countries that limit the company’s ability to legally make these payments as the laws are being structured to prevent companies from paying ransom.

Why? The idea is, every dollar a business pays today, is funding the development of malware technologies that will be used to obtain a multitude of dollars in the future. If we can prevent a company from paying $50,000 today, that may go a long way in preventing a future threat from getting $250,000. Businesses should continue to do their due diligence in building effective strategies to mitigate the risk.

Published on May 15, 2020

A letter from the Editor


Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!

Sincerely,

Support Quality Journalism
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.