Milind G. Mungale
Executive VP & CISO
NSDL e-Governance Infrastructure

KEY PRIORITIES OF 2020
An approach for 2020 is going to be multi-pronged. Strengthening the security posture of the organisation is on the top of the list, recent incidents have also drawn attention towards the possible personal losses of the employees and their family members. Therefore certain initiatives towards the enhancement of awareness about Information / Data / Credential security in day to day life is also one of the focus areas. While we have talked about the posture, definitely it would not be sufficiently covered by just technology. Deployment and appropriate use of technology would need some changes in practice. Reviewing the current practices and mapping them to the evolving  threat landscape will be on the radar. As an outcome, wherever changes are required, the same would be institutionalised along with proper training and knowledge transfer.

COMBINING BREAKTHROUGH & FUSION APPROACH
If we carefully look at the current scenario, almost all are going through some or the other transformation with varying degrees. This is a transition phase for most of the organisations. Transition which is necessary for progress, can be handled only by disruption of old ways. However, the fact remains that moving out from old and moving in the new is not a completely “stop” “jump” “start” mechanism. One has to migrate gracefully and it takes time. As long as the approach is not adopted for the glamour of it and it suits the priorities of the organisation and provides a vehicle for smooth crossover, it can be seen as a good approach.

CYBER SECURITY
Cyber security to business is like air containing oxygen to human life. We cannot imagine human life without oxygenated air, similarly any business cannot / should not imagine their existence without cyber security equipped with appropriate technology and controls. Disagreement may be prevalent because the baseline and benchmark, to determine “most important” cyber threat, is static across the cross section of the business ecosystem regardless of the industry vertical that they belong. Disagreement will get replaced with mutual respect if the phrase “Most Important” is replaced by “Most Relevant”. This change will offer flexibility to any organisation / industry vertical, to look rationally at the cyber threats most relevant and hence most important to their business. However, any business would not be
able to thrive on its own in the ecosystem which could comprise of vendors, sub-contractors, regulators and customers. The disagreement will evaporate in thin air and mutual respect will evolve as soon as there is awareness that even though the cyber threats most important to certain stakeholders in the business ecosystem may not be directly impacting, it certainly would have indirect impact. Hence while certain cyber threats prevailing in the ecosystem may not be most important to everyone, they will be relevant to everyone in the same ecosystem. This will guarantee co-operation and support between the entities of the same ecosystem.