Enhancing Cyber Security for Infrastructure through IoT
“Subex Secure is built for securing diverse IoT and Operational Technology deployments. The ongoing R&D backing our product focuses on securing these deployments from a range of cross-spectrum threats to business, smart cities, and government infrastructure. As of today, we run one of the largest cyber threat intelligences gathering infrastructure in the world and the quality and volume of intelligence gathered by us is not just current and relevant but also essential for protecting the deployments we are securing”, assures Kiran Zachariah, Vice President, IoT Business Solutions, Subex Limited in a conversation with Poulami Chakraborty of BW SmartCities World. Excerpts below:
Would you share with us the overall scenario of the cybersecurity market in India and its need in Indian enterprise business, BFSI sector and Government segment too?
We are witnessing a growth in interest in cybersecurity across sectors. With the increasing digitization of infrastructure and assets, the awareness of the need to secure them against all kinds of threats is growing albeit not proportionately. When you look at a segment like the BFSI, which has traditionally been a risk-aware sector, there is a growing realization that the threat environment surrounding their business and data is evolving with the addition of new actors and easy access to polymorphic malware. This awareness is leading to action is some cases while others are still working on putting in place a blueprint and a milestone laden roadmap to improve their cybersecurity posture.
With recent several incidents of cyber breach and compromise of sensitive information in BFSI, Enterprise and government segment in India, what Steps do you advise India as a country should take to secure its critical infrastructure?
We have always advocated an approach that begins with stakeholders paying attention to basics such as patching devices, applications, and firmware and improving vendor and employee awareness. Patch management is a bigger problem than we realize. Overall, a cyber resilience posture must be adopted that lays emphasis on cyber hygiene, asset discovery across locations, early detection and addressing of threats, constant evolution of cybersecurity practices, building employee sensitivity and planning and deploying a security roadmap that covers all aspects of business.
As far as securing India is concerned, we need to work towards according critical infrastructure grade security to all government programs and projects. With citizen data residing in silos across government and private sector databases, there is every possibility of a data breach exposing such data to unscrupulous elements. Just like we do fire safety drills frequently, we also need to stress systems, process, and our responses to see how we can improve our ability to secure our infrastructure and respond effectively to any threats.
What types of attacks or threats to critical infrastructure and information can India expect in the next 5 years and how can it be prevented?
We have clearly seen the increasing detection of modular malware and other types of malware variants developed and deployed specifically for India. Last quarter we registered a 22 percent growth in cyberattacks. If we base our prediction on this trend, we can safely say that the attacks will increase, and hackers will deploy more potent and harder to detect malware targeting connected infrastructure elements, smart cities, IoT deployments and OT, oil and gas plants primarily with the intent of creating disruption and grabbing headlines. Hackers are also using such attacks to gain publicity to advertise the potency of their malware so that it can attract more buyers.
The volume and quality of malware will improve with shrinking R&D cycles and more investments reaching hackers by means of better connect between malware developers and sellers through channels such as the Dark web. The onset of 5G will also lead to a spurt in hacker activity.
Other than the cyber resilience posture I spoke about earlier, we also need to create and deploy decoys to deflect and study cyberattacks. Luring hackers and malware into secure virtual environments hosting digital twins of actual devices and deployments such as honeypots and then studying them is essential. We need to leverage our academic infrastructure to do more R&D on cybersecurity.
What challenges do you face while operating in Indian market? What methods of mitigation do you adopt to address these challenges?
As India embarks on an ambitious and committed digital transformation of its economy, governance and healthcare priorities, there is a growing realization of the significance of cybersecurity. India is also turning into a key market for the Internet of Things (IoT) and is witnessing significant growth in proof of concept projects, this is the right time to intensify our focus on cybersecurity through studied interventions. The market is growing albeit slowly and we expect the pace to pick up in the next 27 months.
Please appraise us more about Subex Secure and its benefits to enterprise business or government sectors (if any) across various sectors?
Subex Secure is built for securing diverse IoT and Operational Technology deployments. The ongoing R&D backing our product focuses on securing these deployments from a range of cross-spectrum threats to business, smart cities, and government infrastructure. As of today, we run one of the largest cyber threat intelligence gathering infrastructure in the world and the quality and volume of intelligence gathered by us is not just current and relevant but also essential for protecting the deployments we are securing. This threat intelligence is what lies at the heart of our solution. Our involvement in complex and diverse projects has also helped us evolve faster to address emerging threats in addition to our R&D efforts.
Benefits include protection against existing and emerging threats, security against complex and hard to detect malware, compliance with security and risk mitigation mandates, data security and more importantly, presenting a robust and agile cybersecurity posture.
What new business strategies is Subex adopting to run in Indian market to sustain the stiff competition?
Let me tell you this, our competitors have also approached us for collaboration on various aspects. The market is big enough to sustain multiple players and we are keen on competing and collaborating as well. Our core strategy is to continue focusing on expanding our R&D efforts and in securing the deployments we are protecting while improving our ability to confront newer threats.
How are you addressing solutions to Government’s pet project like Digital India and Smart Cities or other?
Our offerings can secure all kinds of connected projects across governance initiatives. We can secure government and defense infrastructure citizen data, data centers, beneficiary projects and more. As far as smart cities are concerned, we can secure the entire connected eco-system underpinning a typical project.