Simplifying Cybersecurity – From Risk Assessment to Recovery

Cybersecurity can seem daunting, especially for non-security professionals. However, using everyday analogies, security leaders can demystify complex concepts, making them relatable and easier to grasp. In this interview, we discuss practical ways to simplify cybersecurity, explore the parallels between physical and digital security, and examine the crucial roles of CIOs, CISOs, and SOCs in safeguarding business environments. We also delve into the impact of cybersecurity on MSMEs and share insights on building effective security strategies.

Learn how to simplify cybersecurity for non-professionals, bridging the gap between digital safety and everyday security practices. Here is an exclusive interview between Amit Chaudhary, Vice President & Practice Head – Cloud and Security, Airtel Business and Faiz Askari, Founder and Editor of SMEStreet.

Edited excerpts: 

Q1: How can we simplify cybersecurity for non-security professionals?

Cybersecurity is often perceived as complex, making it challenging for security leaders to convey its importance to non-security professionals. However, analogies can simplify security concepts and make them more relatable. We make risk-based decisions daily, considering physical security measures like locking doors and windows, assessing travel risks due to geopolitical conditions, wearing seatbelts, and checking elevators. Interestingly, there's a strong symmetry between physical and cyber security. Most physical security decisions and risks have direct cyber counterparts. Implementing a robust cybersecurity framework like ISO, NIST, or CSF can ensure comprehensive security measures. NIST CSF offers a straightforward and quantifiable approach to assessing overall security posture.

At Airtel, we offer end-to-end security solutions along with advance analytics, network monitoring and secure device management for complete protection that ensures that no unauthorized visitors, data breaches or disruptions can hinder any business operations. 

With us, customers do need to invest in any hardware and can trust with complete security installed on-premises with firewall, including anti-spam, intrusion prevention, and content filtering. We also help end-to-end manageability with onsite installation, onsite support, change management, proactive monitoring of device health check-up, and comprehensive support from our Secure Intelligence Center.

With our solutions like Airtel WAAP, customers can also safeguard their digital assets from unauthorized access and prevent data breaches. With the proactive monitoring capabilities of Airtel SOC, businesses can also find & fix their cyber vulnerabilities. 

Q2: Can you provide an analogy that ties the cyber and physical worlds together?

Imagine you are a diamond merchant with a nice showroom displaying your products. I am sure you will agree that you will need a multi-layered approach to safeguard the valuable assets in the showroom. First, you must identify the risk, such as understanding the assets risk environment, the threat actors in the environment, and the industry risks. Then you adopt many physical measures which can be compared to the solutions you will need to deploy to protect yourself from cyber-attacks. 

As the diamond merchant, while you protect your showroom from the possible physical theft attacks, you will need to protect yourself from the cyber risks as well and implement proactive controls, such as firewalls, endpoint security tools, WAF, and other solutions. Next, you need to detect breaches using monitoring solutions, such as SIEM, logging, and correlation, and EDR solutions. You should also be prepared to respond when a breach occurs using SOAR, containment solutions, and other response measures. Finally, you need to recover, which means having a business continuity and disaster recovery plan, high availability, and cyber insurance.

Q3: What is the responsibility of CISOs, CIOs, and other security leaders in cybersecurity?

Unlike the 80’s, 90’s when the role of CIOs and CISOs were technical in nature and they were only required to maintain their internal computers, databases, and communications networks, this has evolved significantly since the 2010’s with the adoption of cloud computing, wireless communications, big-data analytics, and mobile devices. 

If they were the stewardess in 2010’s, in the 2020’s they have progressed to become the ship captain who have to steer the organization with complete safety ensuring utmost cyber health and cyber security. Given the ever evolving technology space today along with the ever increasing widespread dependence on technology, exponential increase in remote work, complexity of modern networks and proliferation of advanced threats, organizational security has become more challenging than ever before.

Today, they have the complete ownership and responsibility to not only ensure current safety but to also predict the future of computer technology trends and the preparation needed for these future trends that the company will need to leverage for their business advantage. 

As security leaders, they are also responsible to design and tailor the organization’s security measures holistically and closely work the business leadership and teams on all the critical aspects of cybersecurity.

Q4: What role does the Security Operations Center (SOC) play in cybersecurity?

In today’s technology times, SOCs are an imperative core for any organization’s security intelligence that operates like the central nerve of the IT backbone with an arsenal of security solutions that helps the organization to stay ahead of security threats.

Our state-of-the-art SOC for example act like the smart vigilant guards who patrol the digital landscapes 24X7, scrutinizing network and technology backend of every customer for weak security spots or threats. The minute anything is found amiss, they get into action mode before any harm is done. Technology systems in any modern organization today run 24/7 and so SOCs function around the clock in shifts to ensure a rapid response to any emerging threats and help businesses to stay ahead of any cyber-attacks. 

SOCs protect organizations by monitoring, detecting, analyzing, and investigating cyber threats across networks, servers, computers, endpoint devices, operating systems, applications and databases for vulnerabilities.

Q5: What are the key factors that define the success of an SOC?

The key factors that define the success of an SOC include:

• Platform: The success of an SOC largely depends on the platform it uses. Most platforms are mature and integrate well with all types of technologies. However, it is essential to choose a platform that meets your organization’s specific requirements and can be customized to fit your needs.

• Automation: The platform used by the SOC should have automation capabilities to reduce the overall impact on your teams. Automation can help reduce response times, streamline workflows, and allow analysts to focus on higher-level tasks.

• Onboarding: It is crucial to onboard all your devices into the SOC. This gives you the right information and ability to correlate the data across the environment. Onboarding also enables the SOC to identify potential security risks, ensure compliance, and provide a unified view of your security posture.

• Analysts: The SOC needs analysts who can provide relevant information that is useful and actionable. Analysts should be able to quickly identify potential security incidents, analyze them, and provide appropriate responses to mitigate the risk.

• Threat intelligence: The SOC should be equipped with the latest threat intelligence to identify and mitigate security risks. Threat intelligence provides insights into potential threats and helps the SOC to identify new attack vectors and vulnerabilities.

• Partnership: The SOC should work closely with internal teams, external partners, and vendors to ensure a comprehensive security posture. A strong partnership between the SOC and its partners is essential to ensure that all parties are working toward a common goal of protecting the organization’s assets and data.

Q6: How is cybersecurity impacting MSMEs?

Cyber-threats are a genuine concern and are becoming increasingly advanced in the way they operate. While most big and established companies have the right security checks in place to counter threats such as malware and data breaches, cybersecurity threats are higher for small businesses due to limited resources thus, rendering them more susceptible. A large proportion of all cyber-attacks are today targeted at small businesses, startups and SMEs.  A significant portion of these companies that get attacked often find it very difficult to recover from these cyber-attacks. All businesses should therefore be cognizant of the potential cyber- threats and should plan an effective strategy to counter such attacks. Effective cybersecurity measures can help MSMEs to protect their data, ensure business continuity, and also build trust with customers and partners.

Q7: How does Airtel Secure Internet function as a virtual shield for a company's digital ecosystem, and what are the key benefits?

Think of Airtel Secure Internet as a virtual shield for your company's digital ecosystem, ensuring that unauthorized visitors, data breaches, and disruptions do not hinder your business operations. This service eliminates the need for businesses to invest in hardware, securing sensitive business and customer data while fortifying your internet infrastructure against malicious attacks.

Airtel Secure Internet offers comprehensive security with on-premises firewall protection, including anti-spam, intrusion prevention, and content filtering. Additionally, it provides flexible deployment models, integrating enterprise-grade internet with firewall or DDoS appliances that are pre-configured to match your required bandwidth and appliance size. This ensures robust and tailored protection for your business.