Companies need to assess their cyber risks on a quarterly basis owing to immense technological advancements, a senior executive at Deloitte India said on Tuesday.
Deloitte India Risk Advisory Partner Digvijaysinh Chudasama said companies and citizens alike should impose self-guidelines for cyber protection, and be aware of implications of sharing sensitive data, online.
"Primarily to be protected from enterprise point or government point, if companies maintain the right and complete audit and compliances on a regular basis, because this is... very important, instead of doing something on a yearly basis, if they start looking at it now because the technology and perceptions are changing.
"(Companies) should start doing these audits and assessments of cybersecurity for their enterprises, applications, data centers and networks on a quarterly basis, rather than yearly basis," he told PTI.
This is also important as hackers are now launching sophisticated attacks.
Chudasama also recommended that companies should embark on their cybersecurity journey, now that the Digital Personal Data Protection Act (DPDP) 2023 has been approved by the Parliament, although the government has not yet specified any governance timeline for the same yet.
More From This Section
"Normally they would give one year, two year's time... I recommend that companies and organisations should immediately do a study to give them a maturity assessment of where they are in their current cybersecurity journey, or for compliance to current data," he said.
Enterprises should start working on policies, to protect the interest of their own organisation, and their data, he added. Further, they should understand the implication of data or its loss as they mature in this practice of compliance, he added.
Deloitte India released its 2023 Point of View (POV) document in August this year titled 'CERT-In guidelines on information security practices for government entities' which highlights the recently-issued guidelines on information security practices for government entities.
These guidelines by the Indian Computer Emergency Response Team (CERT-In) aim to protect Information and Communication Technologies (ICT) against cyber threats.
Both internal and external ecosystems are taken into consideration for providing standard cybersecurity coverage, across emerging technological trends like protecting cloud, third parties and vendors, and social media.