In an increasingly digital world, technology is disrupting businesses in various forms such as digital transformation initiatives, cloud computing, and remote working. Technology is a driving factor in making life easy and easy doing business, globally connected companies with substantial investments are made in assets and value expressed in digital form. As a result, cyber threats and risky incidents have increased significantly worldwide. Cyber threats have evolved to adapt to defense and become sophisticated.
While the CISO role has matured considerably since its inception, it has yet to stand the test of time like other traditional roles such as CEO or CFO. Fortunately, corporate boards have begun to recognize the importance of the CISO role. They understand that a successful cyberattack can cripple a company’s ability to operate, retain customers, and maintain a strong brand reputation. There is an increasing risk of cyber threats affecting IT networks, systems and data, which can negatively impact business operations and result in significant costs.
Government regulators around the world have begun to take cyber risk seriously and work towards setting standards for organizations to build and maintain secure infrastructure while collecting, manage and retrieve valuable data from organizations. Globally, cybersecurity standards vary widely. While countries like the United States have relatively superior cybersecurity standards, other countries are still drafting policies and guidelines.
The Indian Computer Emergency Response Team (CERT-In) regulations are changing over time, but we still have a long way to go. The latest CERT-In directives are on the right track. They discuss rigorous licensing processes, threat advice, and support for regulators like CERT-In, MoD, and RBI. The new directives cover the following key aspects to standardize collection, storage, and retrieval processes for all service providers, intermediaries, data centers, corporate bodies and organizations government office:
1. Synchronize the ICT system clock;
2. Mandatory reporting of network problems to CERT-In;
3. Activate and maintain logs of all ICT systems;
4. Customer subscription/subscription details by data center, Virtual Private Server (VPS) provider, VPN service provider, cloud service provider; and
5. KYC standards and practices of virtual asset service providers, virtual asset exchange providers and custodial wallet providers.
India is strengthening its statutory cybersecurity framework to help businesses combat the evolving threat landscape. The government has extended the deadline from June 27 to September 25 to give these businesses a reasonable time to build capacity and carry out these activities.
Disclaimer
The views expressed above are the author’s own.
END THE POST
