Information security probably doesn’t receive a lot of enterprise attention because it is seen as the responsibility of the CIO. But asserting that this is a matter for the people above the CIO, Rajendra Pawar, Chairman, NIIT Limited wondered, “Every so often, surfing the news about the latest cyber breaches elevates my blood pressure as I wonder—could that happen to me? How can it impact my business? How shall I respond to my customers and shareholders?”
So far, enterprises have sought to protect themselves through anti-virus software and limiting access to crucial company information—but this is not enough. Sahir Hidayatullah, CEO of Smokescreen Technologies said, “Every day, thousands of systems are compromised. Most frequently, they are attacked to steal information, money or corporate secrets.”
While most companies may be lax, banks are extra cautious. Paresh Sukthankar, Deputy Managing Director, HDFC Bank, said that banks are supposed to be trustworthy organizations; thus, cyber security has always been a major concern for them. “Banking is one industry that has seen technology growing rapidly and is now far more aware and better prepared for cyber-attacks,” he said.
But most organizations don’t usually give it any thought until there’s a severe incident–and then they get into damage-control mode, stated Gary Loveland, Global cyber security CoE leader, PwC. “Organizations having a reactive approach to cyber-attacks even though the question is not if a company will suffer an incident, but when,” he said.
Summing up, all the speakers felt that information security deserves full attention at the highest levels of the company.