Home Features The Role of a CISO in Ensuring Application Security for Employees

The Role of a CISO in Ensuring Application Security for Employees

To ensure application or app’s security, the CISO must make all efforts to ensure the board and the CEO of a company understand the positive and negative repercussions of the risks involving an application by mitigating it.

SHARE
Application Security
Read Aloud

Cybersecurity, now part of the DNA of today’s economy, is significantly about application security. Apps have become ubiquitous today, with every business wanting one. But cybercriminals are finding apps as a gateway to the riches, while global businesses and top political leaders have been speaking of greater openness, transparency, and collaboration in fighting them.

By Anil Bhasin, Former Regional Vice President, India & SAARC, Palo Alto Networks

But, standing in the way of cybercriminals is the Chief Information Security Officer or CISO. The CISOs help to keep enterprises running without compromising security or compliance, while also ensuring that there are product security and service availability built into every step of the quality management process.

New Circumstances

To ensure application or app’s security, the CISO must make all efforts to ensure the board and the CEO of a company understand the positive and negative repercussions of the risks involving an application by mitigating it.

While technology and network companies are moving rapidly to keep pace with the ever-evolving criminal elements, IT alone cannot be at the vanguard in the fight against the attackers. It is also the responsibility of everyone in the organization with access to a computer or a smart device.

COVID-19 has woken us up to this reality and has catalyzed a pivot to a transformational shift, to telecommuting on a global scale. For the first time, millions of employees are logging on remotely, often from their homes, into company servers through their home Wi-Fi network. This sudden spike in demand for bandwidth has stretched digital infrastructure beyond its limits. This opened opportunities for new attack vectors for threat actors. Within days of the onset of the pandemic, sophisticated attacks that exploit the panic over COVID-19 successfully attacked critical healthcare infrastructure and official communication channels.

Times like these call for the CISOs to make a shift in how firms previously sought to strengthen their cybersecurity posture by trying to plug the gaps. This only led to organizations investing in numerous solutions and left exposed to an ecosystem that was spread out. More professionals focused on security were needed to hold up the larger teams, which were challenging due to skills shortages.

The responsibility of CISOs is to make employees more aware of the security issues of the digital age, including malware and phishing, and encourage them to take up best practices. CISOs need to coordinate with the Chief Human Resources Officers to design and implement the information technology and security education of the workforce.

While playing catch-up with the attackers is the new norm, a reactionary approach will not do in the 2020s and beyond. Let’s look at the four developments that would define how the CISOs should prepare as we traverse the 2020s:

1. Gaps in 4G can Carry Over to 5G

The Telecom Regulatory Authority of India (TRAI) is all set to open up the 5G spectrum in 2020. Australia, Singapore, and many others have firmed up plans for 5G networks this year. With telecommuting looking more likely to become commonplace, the much-vaunted very high speed, high reliability, and low latency 5G will get the thumbs up.

While this is the potential of 5G, we are far from there. The 5G is built over the foundations of 4G, and the vulnerabilities in the 4G network may be magnified on 5G networks with more devices on it. If the existing security risks are not checked now, mobile Internet and apps could be the Achilles Heel in a cyberattack, halting all critical services.

2. IoT: A Potential Minefield

Billions of connected devices would be the hallmark of the Internet of Things (IoT). Countries are using it to empower millions through innovative and disruptive technologies; however, if left unsecured, they can leave gaps in the security systems of corporates. Not even biometric identification is safe as deep fake tech would compromise that.

Unsecured IoT devices are a potential minefield of vulnerabilities, especially in healthcare IT, where cyber hygiene, software patches, and updates may have taken a backseat due to the pressures of dealing with the pandemic – a nightmare for the CISOs.

The coming decade will need continuous retrofitting and updates of IoT devices for security, and eventually adopting a “secure by design” approach to built-in security. Karnataka, India, has taken similar steps by promoting innovations such as hackathons and accelerator programs. A case in point is Karnataka’s Centre of Excellence in Cyber Security (CySecK), which launched an accelerator program, HACK, for cybersecurity start-ups. The accelerator program has over 21 startups.

3. AI for Times Ahead

India has a massive shortfall of skilled cybersecurity professionals specialized in application security. While the need is for about 1 million cybersecurity professionals, according to the Data Security Council of India, the supply falls far short. The mismatch between expectations and needs is stark.

As attackers go hi-tech by embracing automation and Artificial Intelligence (AI), cybersecurity professionals are having to try harder to stay ahead by leveraging AI. AI-driven solutions could detect and remedy the anomalies of the network behavior faster than humans can even react. As the use of technology becomes endemic, the role of the cybersecurity expert will see fundamental skills shift.

Implementing the right AI solutions can mitigate any shortage and let smart, innovative, talented people focus on their strengths.

4. Influence on Next-gen Products

The development lifecycle of new apps would see the integration of security processes and tools. Infusing them with security from outset is the way forward as precision is key, given the hyper-connectedness of networks going forward, especially with the soaring appetite for digital financial services and e-commerce in Asia. During the app development lifecycle, everyone is responsible for security.

A 100% secure network is illusory and leaves security as a vulnerability. These germinate from the fact that cybercriminals find ways to sneak past resource-stretched systems or vulnerabilities in partner networks. The security professionals need to remember priorities must define security.

The fast-paced world needs enterprises to be ahead of the cybercriminals. The threat landscape is continuously evolving, impacting the design of the app security infrastructure. Like social distancing, vigilance in digital security should be part of our vocabulary.

This story first appeared in the October 2020 issue of CISO MAG.


About the Author

Anil Bhasin is the former Regional Vice President for the India and SAARC region at Palo Alto Networks. He has over 25 years of experience in the industry. Bhasin earlier worked at Cisco, where he spent 12 years in leadership roles including the Services business for India & SAARC region. Prior to joining Cisco, Anil had a two-year stint at Getronics (formerly known as Wang Global) in Dubai. As a National Sales Manager at Getronics, he was responsible for network integration for Cisco Systems. Anil was also a Senior Account Manager for M/s Computer World in Bahrain. During his six years tenure with M/s Computer World, he managed strategic accounts from the banking, government and manufacturing verticals, offering customized solutions and working very closely with principals such as Compaq, Acer, Microsoft, Novell Synoptics and Cisco.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.