the confidentiality and integrity of
information is extremely crucial to
maintain competitive advantage,”
he says, adding that his company
has doubled its budgetary allocation
towards cybersecurity measures.
Godrej points out that his
group has been focussed on having
strong cybersecurity policies even
before the recent spate of attacks
made news. “Just like we protect
our physical assets like factories,
we ensure the security of our
digital systems,” says Godrej.E
commerce enterprises are
powerhouses of data, and
any chink in the armour
can be exploited by a
hacker, as Gurugram-based food-
tech company Zomato discovered in
May this year. Its data for 17 million
users, including names, email ids and
hashed passwords, had been accessed
by an unauthorised outsider and was
available for sale at a marketplace
on the dark web (a part of the World
Wide Web only accessible through a
special software that offers anonymity
to users). The hacker had stolen the
credentials needed to access one
of Zomato’s code repositories from
a staffer, who had used the same
credentials for his personal account
on another web hosting platform that
was hacked earlier in November 2015.
However, maintaining multiple
databases (essentially splitting and
storing user information across
various places instead of one location)
helped Zomato minimise the damage.
It prevented sensitive data such as
users’ financial information from
being leaked. “We were lucky we
could get in touch with the person
(hacker) in good time. As it turned out,
the hacker was a security researcher
(ethical hacker) who had put up the
data for sale to get our attention (and/
or to teach us a lesson),” Zomato’s
founder and CEO Deepinder Goyal
wrote in a blogpost dated May 23.
“He/she only wanted us to launch
a good bug bounty programme onSource: EY Global Information Security Survey
2016-17—India ReportvulNErablE to risks
of Indian CXOs
admit they lack
confidence in their
companies’
cybersecurity
processesof respondents say their budgets to
combat cyber threats increased over
the past 12 monthsShare of respondents
whose security
operations centres
collaborate and share
data with others in
the industry75%
69%
26%
CXOs surveyed: 124HackerOne (a platform that connects
businesses with ethical hackers),
as he/she wanted to make sure that
security researchers were rewarded
well for their work.” After Zomato
accepted the hacker’s conditions,
the database was taken off the dark
web and the hacker agreed to destroy
it, according to the company. “This
incident taught us a good lesson on
the importance of security and how
we have to be paranoid about it going
forward,” Goyal wrote in his blog post.
The aviation industry is
particularly sensitive to digital
miscreants. Neelu Khatri, the
India president of Honeywell
Aerospace—a manufacturer of aviation
components—says as airplanes
evolve from being purely mechanical
to a “highly interconnected cyber-
physical system”, the transformation
creates more opportunities for
cybersecurity attacks. “All flight
systems are built with redundant
backups and, most importantly, the
flight crew always has control of the
airplane and the ability to override
flight systems,” says Khatri.
Maneesh Jaikrishna, vice
president, India and subcontinent,SITA—a global air transport IT and
communications specialist—says
his firm, along with aircraft maker
Airbus, has launched a CyberSecurity
Aviation Security Operations Center
that will help airlines and airports
identify, detect and react to cyber
threats while protecting their
company assets from attack. SITA’s
Airline IT Trends Survey 2016 shows
that 91 percent of airlines plan to
invest in dedicated cybersecurity
programmes over the next three years.W
hile CEOs need
to be “paranoid”
about digital
security, the onus
of protecting the organisation lies
with the chief information officer
(CIO) or chief technology officer. “As
customers increasingly search for
information and shop for everything,
including financial products, online, it
is the CIO’s role to ensure a digitally
secure highway for information
exchange,” says Munish Mittal,
CIO of HDFC Bank. “Otherwise,
an organisation’s ability to grow in
this digital age is constrained and
it risks losing out on business.”
But how does a company ensure
that its digital vault of information
is protected? The first step, says
Mittal, is to build awareness within
the organisation. HDFC Bank
requires each of its employees to
undergo a quiz-based certification on
cybersecurity awareness periodically.
There is a well-defined access
management policy that spells out
which employees should have access
to what information, depending on the
relevance and sensitivity of the data.
In addition to installing advanced
threat protection software, India’s
second-largest private sector bank
also conducts frequent penetration
tests on its network to scout for
vulnerabilities and remove them.
This is where entrepreneurs like
24-year-old Trishneet Arora come
in. His firm TAC Security, which he
founded in 2013, works with 50 clients InfoGraphIcs: sameer pawarAugust 4, 2017 forbes india | 31