Rajesh Dhuddu
VP & Practice Leader – Cybersecurity & Blockchain
Tech Mahindra

It was a lazy Sunday evening; I was sitting on the couch reading The Theory of Everything in my living room. Being the Head of Cybersecurity at Tech Mahindra, I enjoy my job to the point that I hardly take breaks from work. I have been fortunate enough to mix my passion for cyber security, blockchain, risk management, and so on with my profession and career.

Cybercrimes can occur anywhere and at any time

From the living room, I could see my nephew frivolously playing an interactive internet game on his PC. He was fully immersed in it when all of a sudden, he started crying. I hurriedly went there and came to know that all his virtual coins had abruptly disappeared. He didn’t know what to do; 20 hours of engaging with this game online, investing his valuable time to collect these virtual coins had been reduced to feeling helpless and emotionally wrecked.

Confused, he started throwing question at me, as his young mind was trying to fathom what had transpired. When I looked into his gaming account, I realized that the virtual coins were transferred to somewhere in South America. As I tried to get hold of the IP address, I realized that the network was heavily masked with a VPN. Then I started looking at the method to figure out how this breach had happened and found out that it was a classic case of phishing. My nephew had accidentally clicked on a popup which emerged on his screen in the middle of play. He was so into his game that he clicked on the popup like an involuntary action and boom, his credentials were stolen, and all his virtual coins were looted. Unable to do anything, I consoled him while we had dinner.

As the “new normal” of work evolves, cyber-crime rises at an all-time high

Being in the cyber security space, I could extrapolate my nephew’s problem to what a CISO faces on a regular basis. My job requires me to interact with CISOs from all over the world, where I listen to their stories of security incidents at their cloud infrastructure. The breach generally happens due to some configuration error in their cloud security controls or simply by clicking on some link propagated through mails, pop-ups, or notifications. This had become more pronounced and accelerated during the lockdown as almost 54% of the organizations started working from home, reported IBM. The report also said that it had led to an increase in the overall cost of breach by $1.07m on an average, attributed to the fact that millions of employees are working remotely in a cloud ecosystem.

There had been thousands of instances over the past years where sensitive data were breached and sold in the dark web. Business Wire had surveyed around 300 CISOs and found out that the top concern of data breaches were:

    • Security configuration errors (67%)
    • Lack of adequate visibility into access settings and activities (64%)
    • Identity and access management (IAM) and permission errors (61%)
    • No runtime security controls
    • Non monitoring of data and traffic flow between various cloud deployments

    The journey to cyber resiliency is not easy

    To stop this breach, CISOs lay cloud security frameworks to protect their data integrity. However, laying a security framework is not that easy. Organizations have to comply to several regulations when they migrate their data centers to the cloud. They also have to consult with various IT consultants to brainstorm all the latest cloud security practices, then work with many vendors together to implement a managed security service in play. They need to onboard different vendors to do different key jobs as some of the vendors will be security experts on hybrid clouds, some on private clouds , and others on public clouds. Some would be experts in protecting cloud perimeter while some would be experts in monitoring internet traffic. This creates a sense of dilemma for organizations and leads to lot of discrepancies.

    SIMPLIFY your journey to the Cloud

    While these thoughts were racing in my head, I thought what if there is a way to ensure every aspect of data security on the cloud and overall hardening of cloud security, be it compliance, protection or visibility, is taken care of as a part of one engagement. What if migrating to the cloud was as easy as installing an application or commissioning an update at the click of a button?

    That’s when it struck me that we can in fact assimilate our advisory, transformation and managed security services under one framework and SIMPLIFY cloud security for all organizations. In addition to it, whenever organizations want to move from one cloud to the other with similar controls, they will be able to do so by our “do-it-for-me” mechanism. SIMPLIFY would not only allow organizations to consult, find, and implement solutions easily and swiftly, but will also help save tons of money with everything under the same roof.

    The next morning before I started my work, I bought a new antivirus and cleared out all the cookies in my nephew’s PC. I felt sorry that he lost all his virtual coins.  He seemed adamant enough to earn them again, but before that I made sure that he is alert and aware of various phishing attempts.