- OverviewPress tab for submenu items
TCS is here to make a difference through technology.
Leading the way in innovation for over 55 years, we build greater futures for businesses across multiple industries and 55 countries.
-
Industries
-
Services
-
Products and Platforms
-
Research & Innovation
Overview
Industries
expand here
Services
expand here
Products and Platforms
expand here
Research & Innovation
expand here
- OverviewPress tab for submenu items
We’re in it for good, driving positive change for the benefit of all.
Our expert, committed team put our shared beliefs into action – every day. Together, we combine innovation and collective knowledge to create the extraordinary.
-
About Us
- OverviewPress tab for submenu items
Extraordinary expertise leads to remarkable results.
We share news, insights, analysis and research – tailored to your unique interests – to help you deepen your knowledge and impact.
-
Customer Stories
-
Perspectives
-
Global studies
-
Topics
- OverviewPress tab for submenu items
Want to be a global change-maker? Join our team.
At TCS, we believe exceptional work begins with hiring, celebrating and nurturing the best people — from all walks of life.
-
India
-
Americas
-
Asia Pacific
-
Europe and UK
-
Middle East and Africa
Overview
India
expand here
Americas
expand here
Asia Pacific
expand here
Europe and UK
expand here
Middle East and Africa
expand here
- OverviewPress tab for submenu items
Find the latest news about TCS in our Newsroom
Get access to a catalog of the latest news stories from across TCS. Discover our press releases, reports, and company announcements.
-
Press releases
-
News alerts
-
Analyst recognition
Recent recognitions
View all -
Events
Upcoming events
08 Nov 2024 TCS BaNCS at CorpActions 2024, LondonView all29 Oct 2024 TCS at OpenText World 2024 -
Media kit
- OverviewPress tab for submenu items
TCS works hand in hand with world-leading investors.
Tata Consultancy Services LimitedNSE:TCSINR -
Management Commentary
-
Financials
-
News and Events
-
ESG
-
Resources
Overview
Management Commentary
expand here
Financials
expand here
News and Events
expand here
ESG
expand here
Resources
expand here
Top Results
Showing
10
01 - 07
“There are only two types of companies: Those that have been hacked and those that will be hacked. Even that is merging into one category; those that have been hacked and will be again.” This famous quote from the former FBI Director Robert Mueller is becoming more relevant than ever in the era where cyber-crime is offered as a service, e.g., ransomware-as-a-service (RaaS). Cyber offenders are operating like start-ups, and plenty of opportunities exist given the interconnectedness of the world we all live in.
Strategic insights backed by research are becoming common among these offenders to make the compromises more effective with higher return on investments, only to reinvest returns into more technical sophistication to better orchestrate future attacks. It is no more only about encryptions, rather deploying data theft tools to take a backup to use for ransom, should the companies manage to rebuild the landscape. The timing of launching such cyber-attacks is carefully looked at and such attacks are socially engineered and are targeted to match critical events like the promotion cycles to prompt an anticipating employee to click on attached promotion letters. While qualifying the targeted companies, the impact is strategically assessed by looking at the company’s complete ecosystem. The year 2020 saw some instances where companies like SolarWinds were strategically targeted to penetrate because of their deployment at multiple supply chain customers, the one with Kaseya was meant to impact their small-scale end consumers like local grocery chains.
This article explores typical cyber-security related issues that the engineering, procurement, and construction (EPC) firms face, and attempts to share a quick view of how to manage these better.
Identifying the crown jewels: EPC customers often operate in multiple lines of businesses with widespread siloed functions and teams. It is common to see such customers dealing with functions of engineering, utilities, infrastructure, logistics, transport, and facility management to managing ships or rail fleets in some unique cases. While it is important to have complete coverage of assets, prioritizing the identification of the business-critical assets can help improve the security posture. The critical areas to look out for include corporate, compliance and business-critical functions. It is important to maintain this view as the IT landscapes are ever-changing. Events like acquisitions, the addition of newer platforms, the introduction of new systems would demand alignment of the initially established business view, and efforts on such exercises should be planned and budgeted upfront.
Lack of joint ownership on information security: A cyber vigilant enterprise demands a culture change and a full-scale participation from all the IT and key business stakeholders. In certain situations, a firm’s IT infrastructure could be supported by one vendor while the IT applications could be managed by another, adding to the overall complexity. Separating the CISO function from the risk management function and enabling underlying support with the right operating model will ensure better participation on this journey. Well defined responsibilities for remediation vs communication, cross-functional teams that govern the progress, operational level agreements among moving parts of the enterprise, and so on, can incentivize the stakeholders to jointly own the agenda and collaborate better on cyber risks.
Identifying risks from the suppliers: Managing a large ecosystem of suppliers and assessing the cyber risks across is an uphill task. Prioritizing the critical and strategic suppliers can make this activity manageable. Supplier contracts should be periodically reviewed for security and data-related clauses. With cyber risks taking shape of geopolitical issues, a critical supplier must be evaluated for these risks and the contracts should provide sufficient safeguards to protect the company. Security reviews can be embedded as part of the onboarding process depending on the nature of procurement and respective risks should be mitigated through an actionable and agreed plan.
Lack of inhouse information security capabilities: Cyber-security skills are most in-demand and building capabilities in-house can be a slow and an expensive affair. Instead, a combination of in-house and IT security services providers can add scale to the capabilities rapidly, yet in a cost-effective manner. The overall consolidation of contracts towards a single strategic partner should be encouraged. In absence of the right capabilities and higher cyber debt, companies can look at cyber insurance as interim mitigation.
Conclusion
Cyber-security parlance is evolving every six months and with thin budgets, a holistic cyber-security strategy is the need of the hour. A strategy that draws strengths from existing business continuity or disaster recovery plans, configuration management database, business view of critical assets should be sharpened to reduce the ‘time to detect’ and ‘time to remediate’ instead of trying to deal with individual threat. By jointly working with the ecosystem, the right capabilities can be built lap-by-lap in a never-ending race.
About the author
Image of Tarun Bhardwaj
Tarun Bhardwaj
Client Partner, Energy, Resources and Utilities, TCS Tarun has over two decades of global sales and delivery experience and has led various programs for customers from the US, the UK, and ANZ regions. As a client partner, he has been responsible for implementing multiple large-scale and complex digital transformation initiatives for TCS’ engineering, procurement, and construction and oil and gas customers. He has played the role of an advisor to CXOs and leadership teams to help advise and shape their digital agendas.
Related reading
1/4
Blogs
Public Services
Cybersecurity: The new frontier in the digital age
Blog
|
25 Oct 2024
Opens in new tab
2/4
Blogs
Manufacturing
Transforming Space Tech Operations Using STAR and ORBIT Frameworks
Blog
|
23 Oct 2024
Opens in new tab
3/4
Europe
Sustainability Services
Susan Blesener
Understanding the EU CSRD Regulation and How TCS Can Help
Blog
|
17 Oct 2024
Opens in new tab
4/4
Blogs
Pallab Datta
TCS Pace
North America
Innovative Companion Apps: Helping Millions Achieve a Smoke-free Life
Blog
|
14 Oct 2024
Opens in new tab
What’s on your mind?
We’re here to help! Tell us what you’re looking for and we’ll get you connected to the right people.
Looking for something else?
©2024 TATA Consultancy Services Limited
©2024 TATA Consultancy Services Limited
- Privacy Notice
- Cookie Policy
- Disclaimer
- Security Policy
- California Notice at Collection
- Customize Cookies