CISOs: Prepare for Emerging Tech RisksKPMG's Vijay Subramanyam on Intelligence Gathering and Incident Response
A recent report from KPMG reveals that around 72 percent of Indian companies surveyed have faced some form of a cyberattack in the past year. A majority of these attacks were targeted at the CXOs, senior management or the board members. Still, fewer than half of those organizations actually had security on the board agenda. (See: CISOs Playing a Larger Role).
With the advent of emerging technologies, especially mobile devices and applications, CISOs must prepare to deal with new set of challenges, and security should become a board priority, says Vijay Subramanyam, partner with KPMG's IT Risk Consulting Practice.
"It's important for organizations to apply a standard set of policies across the devices used by employees and have a clear strategy around MDM and DLP to ensure that the corporate data does not get into the wrong hands," he says. "Data leakage and device containerization are the two big areas of concern for CISOs when it comes to BYOD and COPE." (See: Combining MDM and BYOD: The Best of Both Worlds).
With new kinds of risks awaiting to be tackled, enterprises must constantly re-skill their existing staff on the new technologies, strategies and response mechanisms as the attackers are always a step ahead, he adds. CISOs and their teams should start self-developing certain tools to search the dark web and identify malicious content. Red teaming is going to be critical in the coming days, Subramanyam emphasizes. (See: Fraud Prevention: The Red Team Approach)
In this exclusive interview with Information Security Media Group (see audio player below photo), Subramanyam talks in detail about emerging technology risks and the challenges faced by the CISOs in identifying and mitigating those risks. He sheds more light on:
- How organizations can prepare for future threats around BYOD and COPE;
- The technologies and strategies to be adopted by enterprises to mitigate emerging risks;
- The importance of an adaptive framework for cybersecurity that evolves with the threat scenario;
Subramanyam has been with KPMG for the past 16 years and specializes in cybersecurity, IT governance, IT lead business transformation and IT risk management across industry verticals. He is responsible for the IT risk consulting business for KPMG in southern India. He is currently a member of the IT panel of CII-Karnataka and formerly was a co-anchor for the Data Security Council of India's Bangalore Chapter.