Cybersecurity Awareness Month: Experts emphasise on urgent action as data breaches soar

Teja Manakame, Vice President, IT, India, Dell Technologies, noted the inevitability of data breaches, emphasising the urgency of robust cybersecurity policies. He stressed the need for fostering consumer awareness to counter common threats, asserting that resilience against cyberattacks hinges on strong policies and standards.

Zero Trust principles, including vulnerability scanning, employee training, regulatory compliance, and secure development practices, are gaining ground in this shifting threat landscape.

This approach involves continuous vulnerability scanning, employee and customer training, compliance with regulatory mandates, and secure development practices. Dell Technologies, for instance, believes in being committed to helping its customers align with the Zero Trust paradigm through a network of partners and threat management solutions, as per Manakame. Manakame stressed the importance of proactively identifying and hardening attack surfaces, "addressing the time-intensive burden of remediation."

Furthermore, Mathivanan Venkatachalam, Vice-President, ManageEngine, outlined the key takeaways from data breaches in the previous year. Stolen credentials and vulnerabilities were recurring entry points for breaches, highlighting the need for strong password management policies and employee awareness.

Venkatachalam recommended a layered security approach, combining threat prevention policies with incident response mechanisms and employee awareness programs. He emphasised attack surface reduction, robust incident detection and response, and addressing the human factor as essential components of a holistic cybersecurity strategy.

To support these insights, data from the 2023 Verizon Data Breach Investigations Report was referenced, revealing that "74% of all breaches in 2022 involved a human touch — either by error, use of stolen credentials, or social engineering." This indicates the critical role of employee training and awareness.

Vivek Chudgar, Mandiant JAPAC Head of Consulting at Google Cloud, recommended implementing Two-Factor Authentication (2FA), proactive ransomware preparedness, and scalable security operations platforms to fortify defences against modern threats. Ransomware attacks in the Asia Pacific and Japan region are on the rise. “The Asia Pacific and Japan region accounted for 68% of the total of the 2.29 billion records exposed globally,” Tenable added in its report.

Finally, Mohammad Wasim, Group VP Technology, Publicis Sapient, pointed out the global financial impact of data breaches, with the average cost reaching $4.45 million in 2023. He highlighted the role of AI-driven security analytics in processing vast volumes of data and providing real-time insights.

Wasim highlighted Publicis Sapient's data security strategy, which prioritises governance and compliance, trade secrets protection, and automation for rigorous checks and balances. He also discussed the potential of Gen AI in democratising AI technology for enhanced cybersecurity.

IBM, in its “Security's annual Cost of a Data Breach” report also stated that companies with extensive use of AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organisations that have not deployed these technologies (225 days versus 378 days).

Moreover, studied organisations that extensively deployed security AI and automation saw nearly Rs 9.50 crore lower data breach costs than organisations that didn’t deploy these technologies — the biggest cost saver identified in the report.

However, 80 percent of studied organisations in India have limited (37 percent) or no use (43 percent) of AI and automation.

Vinod Jayaprakash, Cybersecurity Leader at EY GDS, also highlighted the growing sophistication of adversaries and their use of technologies like Cloud, AI, and IoT. EY's global survey identified leading organisations, "Secure Creators," as quicker in detecting and responding to incidents. These organisations emphasise simplifying cybersecurity technologies and addressing cyber risk quantification.

As cyber threats continue to evolve, organisations must adapt, staying ahead of adversaries to protect their data and safeguard their businesses and employees. Cybersecurity Awareness Month serves as a reminder of the ongoing need for vigilance and resilience in the face of digital threats.