87% CISOs say CEOs breach protocol: Study

On the brighter side, more Indian companies are encrypting their cloud data than the global average

Eighty seven per cent of chief information security officers (CISOs) surveyed in India believe their chief executive officers (CEOs) have breached information security protocols, says a new Symantec study. On a brighter note, more Indian companies are encrypting their cloud data than the global average, said the report.
 
The survey covered 100 CISOs across India and 1,100 CISOs globally. Tarun Kaura, director, product management, Asia-Pacific, Symantec, says, "Tracking unsanctioned applications and the visibility of data within the cloud is a major challenge for enterprises."
 
Kaura added that WannaCry definitely wasn't the biggest attack in the recent past, ranking the Dyn network attack that crippled Netflix and Twitter as well as the cyber heist of Bangladesh's central bank last year much higher on the scale. "WannaCry came at a time when people were a lot more aware and it affected people in multiple industries, which is why it received so much focus," he said.

 

A study by Cloud Security Alliance (November 2016) mentioned lack of industry standards and ineffective costing as major deterrents to cloud adoption across industries in India. However, experts say that with Reserve Bank of India and Insurance Regulatory and Development Authority already announcing compliance requirements with respect to cloud data, one can expect more regulations to follow.
 
"The advent of smartphones has changed the way we consume data. It has also made it difficult to keep track of it as internal information technology teams cannot track what employees do with confidential data on their devices," added Kaura.
 

With an increasing number of organisations moving to adopt Internet of Things across their businesses, the number of vulnerable devices at risk will also increase.
 
Cloud-based enterprise resource planning service provider Deskera has been focusing on small-size to medium-size businesses as its target market. Deskera CEO Shashank Dixit said that the company has seen 100 per cent revenue growth over the past three years as smaller companies break free from the constraints of on-premises setups.
 
Dixit sees hacking as a major threat. "Hackers use social media sites such as Twitter and Facebook to break into computer networks and extract sensitive information. One reason people are particularly vulnerable to social hacking is because on social media sites their guard is down," said Dixit.

 
"While security is an important factor when considering cloud technology, more common concerns are around the general enterprise adoption and training. Companies want to make sure the technology they select is well-integrated into their overall systems and that their teams are well-trained to use the new technology," said Dixit.
 
Symantec's report also states that the biggest threat to cloud security in 2017 will be staff's non-compliance with security measures.
 
IBM integrated security leader Kartik Shahani says, "Security as a practice takes some experience. Teaching people to identify threats is the need of the day." IBM predicts a requirement of three million cyber security professionals across India in coming years. The company is looking at providing programmes that will start teaching security at schools and has already flagged off a similar initiative in the United States.

 
IBM has also partnered networking giant Cisco and aims to eliminate compatibility issues between security and networking applications through the collaboration.