Demonetisation and Covid-19 have led to a surge in digital payments in India, with such transactions almost tripling over the past four years. With the amount of financial data being generated every second, and the stringent Reserve Bank of India (RBI) guidelines financial institutions have to adhere to, banks have been investing and adopting measures to keep hackers at bay and protect client and consumer data.

For example, to strengthen its internal network from multiple attempted security breaches, one of India’s largest public sector banks deployed a centralised policy server architecture to fortify its systems from unauthorised access. It picked Hewlett Packard Enterprise’s Aruba ClearPass Policy Manager to secure access for its 260,000 internal users and their connected devices.

Not just banks, the need to have a holistic cybersecurity approach for businesses has become very crucial, given the soaring cyberattacks in Indian cyberspace. According to CERT-In, the national nodal agency that responds to computer security incidents, instances of cyberattacks in Indian cyberspace have gone up from 208,456 in 2018 to 1.15 million in 2020; this year, there have been 607,220 such incidents till June. The cost of a data breach has also increased. According to IBM’s Cost of a Data Breach Report, the average total cost of a data breach was Rs 14 crore in 2020, an increase of 9.4 per cent from 2019; and the cost per lost or stolen record was Rs 5,522, 10 per cent more than 2019.

“Over the past year and a half, of the incidents that have happened, the largest is a malware attack at the infrastructure level. Unless a company reports their systems are down, nobody comes to know about this. The second largest is customer data being compromised—data breaches, which have some level of disclosure. The third is fraud, which nobody gets to know about,” says Sivarama Krishnan, partner and leader, Cyber Security, PwC India.

Cybercriminals are actively looking for vulnerabilities and finding ways to infiltrate company networks. A large chunk of cyberattacks are categorised as data breaches with the intention to either seek a ransom, sell it on the dark net, introduce frauds at the application level, shut down a company’s infrastructure, or for corporate espionage. That’s why India’s cybersecurity market—valued at nearly Rs 14,000 crore in 2019—is estimated to touch Rs 29,000 crore in 2025, according to Statista. It’s no more about enterprises deploying security solutions but a combination of three aspects—prevention, detection and response.

Preventing a breach

The IBM report says that the majority of data breaches in 2020 were caused by malicious attacks (53 per cent), followed by system glitches (26 per cent) and human error (21 per cent). Among these, the weakest link, say experts, can be employees. “In over 90 per cent of the data breach cases, the starting point is an end user,” says Krishnan.

Cybercriminals spend a lot of time identifying a weak link to break into a corporate network. That’s reason enough for the increasing adoption of the zero-trust concept, which means that devices, users and applications shouldn’t be trusted by default, even if they’re connected to a network.

Microsoft follows this concept. It assumes that any access to a Microsoft corporate resource could be a potential security threat. Be it an employee, partner, or supplier, every user who needs to access the corporate network does so through accounts synced with Azure Active Directory, Microsoft’s cloud-based identity and access management service. “We manage a wide range of devices, including Windows, Mac, Linux, iOS and Android. Because weak endpoints, especially remote devices, can become beachheads for network infiltration, we recommend a modern endpoint management approach. They work on various device types and support remote management of devices for work-from-anywhere situations,” says Irina Ghose, executive director, Cloud Solutions, Microsoft India. She explains that Microsoft identifies missing patches and open vulnerabilities, and remedies them remotely, ensuring that the devices are safe and compliant before granting access to corporate services. This approach helped Microsoft move thousands of its devices off the corporate network after Covid-19 struck.

As insights from consumer data help transform businesses, companies need to safely store what they collect. But the growing volume, velocity, variety and value of data increases the risks of storing and sharing it. As businesses move towards multiple environments like cloud, edge, data centre, etc., end-to-end encryption becomes very important. “It is highly recommended to have end-to-end encryption built in, including email, messaging and storage—including cloud,” says N.S. Nanda Kishore, CEO, Novac Technology Solutions. Enterprises must have a proper business continuity plan and a backup mechanism with protection, he adds. Initially started as the technology arm of the Shriram Group, Novac provides cloud solutions such as secured access control, storage, and business continuity.

According to Ranganath Sadasiva, Chief Technology Officer, Hybrid IT, Hewlett Packard Enterprise (HPE), India, limiting security to firewalls is no longer enough. “Server infrastructure should be the strongest defence, armed with the latest security for servers and infrastructure security innovations to guard against and recover from security attacks.” To keep pace with new cyber threats and technology, HPE’s Aruba ClearPass Policy Manager performs discovery and profiling of end devices to determine who and what is connecting to the network, access to which resource should be given, and what action to take in response to a network threat, he explains.

Then there’s Cashify, an ecommerce platform to buy and sell used gadgets, which uses a combination of cloud-based solutions and tools developed in-house for its cybersecurity needs. “Our infrastructure has web firewalls and DDoS protection in place to prevent malicious traffic to disrupt our services. Our software/OS are periodically patched. The data is fully encrypted,” says Pankaj Agarwal, Vice-President-Engineering, Cashify. It uses Amazon Web Services’ Web Application Firewall (AWS WAF)—a cloud-managed service for firewalls—for all public access, while the infra is secured on a virtual private cloud.

Playing Detective

Over the past few years, enterprises have focussed on building a comprehensive data security solution, which usually involves different technologies, tools and processes, says Sripathi Jagannathan, head of data engineering, UST. “Tools for discovering, cataloguing, and managing data, tools that encrypt and tokenise data, access control solutions, endpoint threat detection and response products, and security policies, all have to be brought together when implementing a comprehensive data security solution,” he says. The US-headquartered company provides a comprehensive cybersecurity platform and mitigation services through its subsidiary, Cyberproof, which serves some of the world’s largest enterprises across industry verticals through proactive detection using continuous scanning, breach and attack simulations, and red teaming (playing the role of an enemy to provide security feedback).

Other than deploying solutions internally, Microsoft has also empowered its partners to build trust with customers through security offerings, including Microsoft 365 Lighthouse that proactively helps in managing risks and improving security by quickly identifying and acting on threats, anomalous sign-ins, and device compliance alerts. Other solutions such as Microsoft Defender, prevents, detects, and responds to threats, offering coverage across identities, endpoints, cloud apps, email and docs, infrastructure, and cloud platforms; Azure Defender helps protect multi-cloud and hybrid workloads, including virtual machines, SQL, storage, containers and more. And Microsoft 365 Defender delivers extended detection and response capabilities for identities, endpoints, cloud apps, email and documents.

Responding to an attack

It’s not just the deployment of security solutions that helps companies. The response to an attack is equally important, as the average time to contain a data breach has spiked from 77 days to 83 days, says the IBM report.

While proper protection of all data on-premise, in the cloud, at the edge, or in between is a priority, it is critical to ensure that the data is secure and recoverable in case of a disaster. “Organsations require tools to constantly measure their recovery readiness state so they can expose and remediate problems, validate the recoverability of their data and business applications through automated testing, and continually harden their environment to improve their security and reduce their risk profile,” says Anshuman Rai, area vice president, India & South Asia, Commvault.

Commvault secures the data management environment using intelligent data protection and monitoring capabilities aimed explicitly against malware, including ransomware. It also lets customers monitor their environment for potential risks while offering in-line actions and recommendations to help mitigate risks. The company uses artificial intelligence and machine learning to detect and provide alerts on potential attacks as they happen for companies to respond immediately. Its solutions include Metallic (enterprise-grade SaaS data protection portfolio), Commvault HyperScale X (for scalability, security and resilience) and Commvault Complete Data Protection to ensure data availability and business continuity for all workloads across cloud and on-premise environments.

AU Small Finance Bank turned to Commvault’s HyperScale Appliance and integrated storage solution after it saw the volume of its data grow 50 per cent over two years as it transformed from a non-banking financial company to a bank. Using this solution, the bank halved the time it took to back up its data and submit audit reports to the RBI and the compliance team in a timely manner and quickly restore data. Enterprises also need to have logs to file reports for regulatory requirements.

Enterprises need to not only focus on the security of data, but also prioritise how to prevent attacks and manage vulnerabilities. “Organisations should consider leveraging technology platforms that are out of the box, on/off the shelf or native tools that provide key data protection functionality for data at rest, data in transit and data in use. Additionally, sectors like banks, insurance, ecommerce, food delivery, etc. should also emphasise maintaining a robust perimeter layer by having stringent rule sets configured on firewalls and core switches, network layer security via IDS/IPS tools [intrusion detection system/intrusion prevention system tools], security information and event management, end-to-end secure channels with transport layer security and continuous logging and reporting,” says Manish Sehgal, partner, Deloitte India. As businesses are fuelled by client and consumer data, adopting technologies to secure this precious resource demonstrates companies’ commitment to respecting their information while staying in sync with data governance and regulatory compliances.

@nidhisingal