In an interaction with IDG India, Biju K, the Chief Information Security Head of Federal Bank since 2012, highlights the various cyber risks and steps that CISOs should follow to ensure their data security strategies.
Tell us about your role as a cybersecurity leader at Federal Bank
We at Federal Bank always try to ensure the basic hygiene as far as security is concerned. We work to better understand the environment and devise cost-efficient methods to reduce risk.
What are the unique security challenges that CISOs today face when it comes to cloud security?
Data Breaches, misuse of cloud services, insufficient security practices, auditability etc. are some of the key challenges as far cloud security is concerned.
According to you, what is the appropriate strategy for managing security among rising challenges due to technologies like cloud, IoT and mobility?
Adequate due diligence—initially and on regular intervals, to ensure that the service provider follows best security practices— really helps. Relevant certifications of the service provider also must be ensured. Regarding mobility, the enterprise having control over data is most critical. Unless this is ensured, device loss/ theft etc. can have negative impacts.
What are the key security initiatives that you have undertaken in your CISO role?
We link security strategy to the business strategy and establish collective relationships with the functional heads, specifically those who are responsible for keeping business and controls aligned. We continuously do security awareness for our employees and customers. Here we highlight the need for enterprise-wide security strategy and not limited to IT alone. The business risks are communicated regularly to management.
How do you see rising technologies like blockchain, machine learning and AI in enhancing security for digital enterprises?
The new technologies will help in strengthening the backbone as well as help in improving the detection capabilities with reduced false positives.
What lessons do you take from 2017 as far as the security strategy is concerned?
Endpoint security risk has increased significantly; Antivirus solutions are getting replaced. Zero day attacks, unknown threats have increased significantly; Attacks are evolving to incorporate fileless techniques and therefore improving detection and response capabilities are very essential.
What are your cybersecurity priorities for 2018?
Increasing security awareness across the organization; reviewing the practices at regular intervals and fine tuning to make it more effective; ensuring compliance to the guidelines, etc are prioritized. Ensuring the security standards of cloud as well as vendors will be a priority. More stress for application level, database level and endpoint level security.
How do you see the evolution of the CISO role in the coming times?
There is an increasing shift towards security as a business priority. The alignment between IT security and the business is certainly improving. The influence of CISOs on the top management is going to further increase. Along with this, the responsibilities and accountability will certainly increase.