What we do
Cyber Security
Data and Cybersecurity to Fight off Cyberattacks
Highlights
- Despite ongoing efforts to improve security measures, business leaders remain concerned about cyberattacks, and a paradigm shift in approach is needed to strengthen resilience. That was the view of an expert panel that met in London mid-2024 to discuss the rapidly evolving cybersecurity landscape.
- There was collective agreement on the importance of integrating cybersecurity measures across all aspects of the organisation.
- Participants also stressed the need to prioritise the human elements of cybersecurity strategies, including threat management detection and response, training, and data security.
On this page
On this pageinpage
Cybersecurity: Breaking the silo mentality
Fears of cyberattacks still plague business leaders around the world, despite efforts to counteract threats—a paradigm shift in approach is needed to shore up resilience.
That is the view of a group of senior technology leaders who convened in London to discuss increasingly sophisticated and pervasive risks. They considered the rapidly evolving landscape and identified a need to integrate cybersecurity across all organisational facets, from the board down.
A siloed approach will not be sufficient in the face of widespread and ever-evolving threats. The discussion focused on the importance of innovation, the need for technical expertise and understanding at the board level, comprehensive cybersecurity training, and how regulations must be carefully implemented to mitigate disruption.
The backdrop to the discussion is an environment where most executives cite cybersecurity as a top risk. As technological advances continue to connect all aspects of our lives and daily routines, the opportunities for attacks will also increase. According to some estimates, global cybercrime costs (including loss of money, data, productivity, intellectual property, and reputation) are predicted to grow to $13.8 trillion by 2028 from $9.2 trillion in 2024.
Managing cyber risk in emerging technologies
Modern digital infrastructure that incorporates AI-ML, IoT, and hyper-scale computing is reshaping the way we think about cybersecurity defence strategies.
The panellists emphasised the need to be aware of evolving attack methods, including targeting LLMs and sophisticated jailbreaking attacks that remove restrictions on connected devices.
Staying ahead of the game involves identifying blind spots, controlling your supply chain risk, and adopting a proactive and predictive strategy. It is also vital to get to know your organisation’s attack surface and to segregate your assets.
Without proper segregation, it is almost impossible to manage vulnerabilities because you have to know which assets need protection, who owns what, and how user identities and data are protected.
How do we transform cybersecurity with AI?
The intersection of AI and cybersecurity was a focus for Dr KPS Sandhu, Head, Global Strategic Initiatives, Cybersecurity, TCS, who spoke at the event.
The rapid deployment of AI—driven by its potential to enhance revenue—is underway despite rising risks and security concerns. A TCS study showed that 80% of senior business leaders are deploying AI, even though they are aware that it introduces significant risks, including shadow AI, adversarial attacks, data loss, and adversarial prompting.
Managing AI risks hinges on increasing visibility, robust enterprise policies, security by design, and continuous monitoring, Sandhu said. While the risks of AI are well known, he sees scope for it to enhance cybersecurity, such as using methodology that labels AI-generated text to help identify deep fakes.
AI also offers powerful tools to enhance cybersecurity through automation, threat intelligence, and compliance management.
A structured approach is recommended, firstly, by identifying high-impact use cases for quick wins. This might involve improving L1/L2 efficiency or enhancing context-aware threat intelligence.
Next comes leveraging existing AI capabilities from tools such as Sentinel, IBM, and Palo Alto. Then, conducting a proof of concept to determine key use cases and developing tailored solutions, before finally integrating the developed solutions.
The unique challenges of cloud and cybersecurity
Cloud services pose several cybersecurity challenges for businesses around data privacy, confidentiality and potential breaches, and ensuring compliance with regulations.
Where businesses use cloud-based services that they do not own or manage, the division of responsibility raises challenges and can exacerbate risks. If a critical service provider experiences a breach, it could severely impact their operations.
It is not uncommon for cloud providers to be responsible for securing the underlying cloud infrastructure while customers are responsible for securing their data, applications, and access management. Misunderstandings about this division of responsibilities can lead to security gaps and unaddressed risks.
Robust security controls, thorough due diligence on cloud providers, data encryption, and incident response plans are crucial when relying on cloud services.
People, processes, and technology
Human oversight remains critical to ensure that AI operations function as intended without being compromised.
This relies on the implementation of robust governance frameworks that monitor and control the behaviour of AI systems.
Strong processes and a well-established system of checks and balances are also vital for the early detection of any compromises or malfunctions in AI systems. Given the sophisticated capabilities of AI, including the potential to develop deceptive behaviours, good governance becomes even more crucial in maintaining integrity and reliability.
The role of the chief information security officer (CISO) and the board
The CISO role now extends beyond technical responsibilities to encompass broader risk management and strategic engagement with the board of directors.
As cyber threats continue to escalate, all board members need to be educated on, and actively involved in, shaping the organisation’s cybersecurity strategy. This requires a deep understanding of the technical intricacies and the non-technical aspects of risk, such as reputational damage and regulatory implications.
Effective CISOs must align cybersecurity initiatives with overarching organisational goals and ensure continuous updates to the board on emerging threats. Regulatory measures such as those introduced by the US Securities and Exchange Commission are forcing boards to take a more proactive stance in managing cybersecurity, while the UK’s draft Code of Practice for cyber governance reinforces the need for enhanced board-level engagement and accountability.
Strategies to attract, retain, and upskill cybersecurity talent
The speakers emphasised the critical need for organisations to prioritise upskilling and retaining cybersecurity talent.
Developing a passionate and skilled cybersecurity workforce is paramount, given the significant global shortage of professionals in this area and the intense competition for talent.
This is exacerbated by regulations that create a high demand for specific skills across sectors. Investing in building cybersecurity skills and capabilities is one way to mitigate this, the panellists said, as is nurturing young talent, particularly women, who are underrepresented in cybersecurity.
Technology alone is not enough
It is no longer sufficient to simply follow standard frameworks; every business needs to tailor guidelines to fit its operational landscape.
Understanding the implications of the compromised situation of an asset and how it affects business operations and reputation is crucial to build effective cyber resilience.
The speakers also stressed the need to prioritise the human elements of cybersecurity strategies, including threat management, detection, response, training, awareness, talent development, and data security.
There was no doubt from these discussions that cyber resilience in today’s world demands a comprehensive strategy that incorporates technology, processes, and people.
By focusing on these areas and creating robust ecosystems that straddle industries and follow established standards, organisations can build strong and resilient cybersecurity capabilities that are fit for the future
Managing AI risks hinges on increasing visibility, robust enterprise policies, security by design, and continuous monitoring.
