A Chief 'Transformation' Officer's Perspective on Data Security in Today's Tech Landscape
In a recent conversation with Indranil Chakraborthy (Editor, Siliconindia), Sudip shared his insights on cyber- security and data privacy in today’s rapidly evolving technology landscape. Below are the excerpts from the exclusive interview –
The growing implications if Generative AI on data protection policies and strategies
The emergence of ChatGPT through Open AI has re- volutionized the way in which people look at data. Right from normal text to multimedia content or coding to help software developers, Generative AI has enabled professionals to become more productive. While Generative AI does offer a host of advantages & benefits to businesses across almost every industry, there is also a disturbing side for this disruptive technology. For instance, the content being generated using this technology can be used for both good and bad things. As a result, Generative AI in the hands of wrong people can have destructive consequences. For example, earlier phishing emails were easier to detect because of bad grammar, or the way they were articulated, but now with GenAI, such emails seem human created.
Banning the use of Generative AI is a wrong decision and if the companies decide to do so, they will have to risk losing-out on today’s millennial gen-z workforce
Best practices to reduce risk and become more agile through Generative AI
Banning the use of Generative AI is a wrong decision, and if the companies decide to do so they will have to risk losing-out on today’s millennial gen-z workforce. Banning the use of Generative AI is a wrong decision and if the companies decide to do so, they will have to risk losing-out on today’s millennial gen-z workforce. Thus, it is very important for companies to give their employees access to Generative AI tools, but ensure they are used in a safe manner. In security, everything begins with having a clear visibility of all the process and function in which these Generative AI tools are being for. This can be achieved by putting-in stringent data security practices such as fingerprinting applications, access controls, and many others.
Why are cybercriminals increasingly opting for encryption-less ransomware in recent times?
The first piece of the ransomware attack is to destabilize the victim environment by encrypting data file and endpoints such as laptops, servers and others. Later, the criminals demand for ransom in return for the decryption key that will enable you unlock the files/assets and get back data. However, this method of cyberattack has transformed drastically in recent times, wherein today, criminals are targeting the data that they can gain access to instead of encrypting that data and demanding for ransom.. Additionally, encrypting a file remotely also requires a lot of coding, which can actually be avoided by acquiring data first and then blackmailing the victim. As a result, encryption-less attacks are growing at an alarming rate lately.
"Enterprises followed a closed door approach towards data, wherein they had their own on-premise data centers, applications and equipment which were all guarded by a perimeter of firewall and other technologies"
The importance of baking security in every product given the evolving threat landscape
The sheer volume and types of cyber threats that we are witnessing recently are growing in numbers larger than ever before. Earlier, enterprises followed a closed door approach towards data, wherein they had their own on-premise data centers, applications and equipment which were all guarded by a perimeter of firewall and other technologies. However today, with digital, their data is spread across various sources, including on public cloud such as AWS, Azure or Google. Also, it is now important for companies to have interfaces with other companies such as their technology partners, service provider and others. This increases those companies’ visibility on the internet and makes them a potential target for cyber criminals. As a result, businesses today look at cybersecurity as the core practice of their business function and ensure to implement stringent data security at every levels of the process cycle.