We spoke to Rekha Gairola, CFE, ICPS, CRT, Regional Security Advisor India & South Asia in the Aviation & Aerospace Industry on the changing role of a CSO in ensuring security for a large organization, the new set of challenges facing organizations and the role played by technologies such as AI, IoT, Machine Learning and Big Data in enhancing security of an organization.
Interviewed by Adeesh Sharma
Please dwell on the changing role of a CSO in ensuring security for an organization.
CSO- An organizations most senior executive accountable for the Security of the Organization and the perimeters. So historically, it was relatively straightforward: secure the premises by focusing on facility access, guard services, and camera surveillance. Security’s role from the very beginning remained to protect three P’s- People, place and property from potential threats.
When we talk about security today the “perimeter” is boundless. No longer can security be considered as a “premises-based” operation. With data breaches, leaks and hacking attacks regularly in the headlines, today’s threats are anything but simple or predictable, they’re complicated, potentially dangerous, and have become massively expensive.
The CSO’s role is evolving. He or she is expected to address the changing threat landscape. From policy development, resource procurement, and execution to mitigate threats, vulnerabilities, and risks in Diligence, Business, and Geopolitical Intel, Workplace Violence, Crisis intervention, intelligence, Employment Screening and Internal Investigations to now Cyber and Information protection, Data protection, Intrusion Testing, Data breach and recovery, Economic espionage, and Internal Threat Assessment. So it becomes more prudent to ensure that the CSOs have the right resource they need to address this diverse requirement. It’s equally important that the CSOs have the correct and relevant information that helps them to identify risks and at the same time should be able to focus on emerging threats. A risk based approach will definitely help to set the priorities as different industries have different risks and appetite for the risk.
What kind of security challenges do you foresee for large organizations in the near future?
There have been issues related to Geopolitical risk and threat vulnerabilities which has kept Security Professionals & Organizations busy across the globe. With the world more and more going digital, security threats have also evolved and become even more sophisticated. Cybersecurity threats are going up- Ransomware remains to be one of the deadliest cybersecurity problems, Internet-of-Things regulations; Denial-of-service attacks (DDoS) have become a threat for digital based companies in the last couple of years. This method consists of sending numerous requests to a server until they collapse and has affected e-commerce sites and gaming servers in a large scale; Protection of Company’s Proprietary Information, Social engineering, etc. It’s a most challenging environment for Security professionals and the old conventional ways of looking at and dealing with a security threat needs to be challenged and reviewed.
What role can technologies such as AI, IoT, Machine Learning and Big Data play in enhancing security of an organization?
Artificial Intelligence and Machine Learning represents the mind of the artificial world - The application of AI can be used for detecting, identifying, simplifying and solving the threats. AI can also help in categorizing the cyber-attacks according to the harm they can cause to the company. I think it’s a game-changer for cybersecurity. It can analyze massive quantities of risk data, speed response time resulting in increased capabilities of security operations and analysts and help them stay ahead of threats.
Internet and technology is ruling the world and industries, however, as I mentioned earlier the cybersecurity threats are going up. So, what technology would fit and meet the requirement and what checks one can put in place to ensure that the risks associated are identified and mitigated, is the key.
Please share your views on IFSEC India and how it can be leveraged by security professionals to enhance awareness about various products and technologies.
I think IFSEC India is doing an excellent work. It really takes a lot in terms of effort, time, resource and knowledge to bring together the latest technology, the end users who might be interested to know and buy the product, the security professionals from different industries, all under one roof.
This is the best opportunity for anyone who has even slimmest of interest in security to come and witness the way security and the technology used in the field is dominating the world.
For security professionals, it gives the opportunity to meet and discuss the latest and emerging trends across the globe. I believe this is one topic that really needs a lot of attention not just from the security professionals but from general public as well.