8EXPERTSWHO HAVE REINVENTED CYBER SECURITYTHE INSIDE NEWS ON SECURING AGAINST CYBER THREATS

MEET THEFIXERS

FORBES INDIA MARQUEE A SPECIAL PRESENTATION IN ASSOCIATION WITH HP FEBRUARY 2018 3

The world in 2017 was witness to an inordinate number of cyber security meltdowns. And they weren't just your standard corporate breaches. There was ransomware, malware, viruses and full on

campaign hacking. Cyber security experts said this was just the beginning.

At home, Indian Computer Emergency Response Team (CERT-In) stated that until June 2017 alone, India witnessed more than 27,000 cyber security threats which translated to a cost of over $4 billion. At the Interpol World 2017 conference in Singapore, Russian cyber security major Kaspersky indicated that India remains highly susceptible to cyber attacks, spurred by the country’s rapid migration to digital services. In fact, over the past two years, banking, financial services and insurance have been the most vulnerable with Union Bank losing $171 million to a hack, 3.2 million debit cards infected by malware, as were seven mobile banking apps. Experts predict as more business operations get networked, losses from cyber security threats could touch $20 billion over the next ten years.

79% of Indian organisations have identified cyber security as one of their top 5 business risks, while 58% include it in their boardroom agenda. Today’s cyber threats are all pervasive and the rise of connected devices in enterprises has rendered even the ubiquitous printer to evolve into a trapdoor — after all they are also computers with memory and processor and more often than not outside the network firewall. These are challenging times indeed.

In this context, today’s CIO has assumed a far more prominent place in the strategic thinking of any business. In the following pages, Forbes Marquee in association with HP, profiles eight of the most resilient IT decision makers who not only strengthened their core security strategy, but took the road less travelled to go beyond the obvious and fix the small trapdoors. These are “The Fixers” who are reinventing security and making sure vulnerability leaves the building.

WHO IS THE FIXER?

To know more about “The Fixer” scan the code.

Cyber security is undoubtedly a global problem today. Cue in the entry of "The Fixer" — the company's safest

bet against hackers

4 FORBES INDIA MARQUEE A SPECIAL PRESENTATION IN ASSOCIATION WITH HP FEBRUARY 2018

BEATING THE HACKERSHere are some of the country’s finest “FIXERS”, who lead the way in

combating the challenges posed by cyber hackers

RAJA UKIL | PHISHING FOR SOLUTIONS

Age: 49Senior Vice-President and

Chief Information Officer, Wipro Limited

DEBASHIS SINGH | INTEGRATING SUCCESS

Age: 44Senior Vice-President and

Chief Information Officer, Mphasis Limited

A visionary and thought leader, Raja has a deep understanding of the industry and has extensive experience in business process re-imagination and enabling digital transformation through use of emerging technologies.

HOW THE FIXER STRUCK BACK"Each phishing email is drafted to be unique and designed to be polymorphic. A traditional signature-based detection technology will be unsuccessful in detecting / protecting against phishing threats and does not consider human action. This lacuna in the technology is highly exploited by attackers. We decided to augment email and web security gateways with additional layer of zero-day protection technology to detect and prevent emerging threats. Additionally, AI bots also monitor continuously for anonymous behaviour and alerts internal security function for their action. For print security, Wipro has deployed HP Access Control (HPAC) — for secure print authentication, quota setting to restrict wastage and pull printing to have zero downtime of devices."

Debashis carries an experience of more than 20 years in the IT and ITES industry. Before Mphasis, he worked as Head — Network and Systems at Satyam BPO Limited for seven years. He specializes in depth understanding of technology, systems architecture, product and systems solutions and cost and risk management.

HOW THE FIXER STRUCK BACK“Finding the right tools and technology (eg: firewall) is easy. However, it is very critical to ensure all these tools and technologies are integrated to bring out the intelligence to act on time. It is equally important to ensure people-process-technology goes hand in hand. Hence, the focus on end-user awareness to avoid phishing attacks and malware attacks is extremely critical. Protecting Wi-Fi network, printers, among others, are also essential to avoid mitigating all vulnerabilities across the enterprise network.”

Wipro has deployed HP Access Control (HPAC) — for secure print

authentication, quota setting to restrict wastage and pull printing to have zero

downtime of devices

Protecting Wi-Fi network, printers, among others, are also essential to avoid mitigating all vulnerabilities

across the enterprise network

FORBES INDIA MARQUEE A SPECIAL PRESENTATION IN ASSOCIATION WITH HP FEBRUARY 2018 5

BEATING THE HACKERS

BITHAL BHARDWAJ | NET GAINS

Age: 41 Chief Information Security Officer, GE South Asia

& Sub Sahara Africa; General Electric (GE)

Bithal is responsible to drive a cyber security strategy for the company in the region. He has led global cyber security programmes for IT, ITES & Engineering service providers, along with many other leadership roles in software product security and different domains of digital technology. He is a regular speaker at cyber security conferences.

HOW THE FIXER STRUCK BACK"GE Digital has an array of cyber security solutions built with an industrial mindset to protect industrial processes and operate control strategies. GE Digital “OpShield” technology inspects communications and commands on the OT network, providing visibility into what is happening in your controls network. This unique inspection technology lets you see and apply policy down to the command and parameter level. It lets you enforce policy across the OT network and protects control systems and assets to ensure integrity and continuity of operations. GE also has an “Achilles Test Platform” that enables device manufacturers to test for communications robustness."

A unique inspection technology lets you see and apply policy down to the

command and parameter level

This year is likely to be the year of more widespread adoption of AI

powered attacks

REJO THOMAS | EXERCISING CAUTION

Age: 38 Chief Information Security Officer,

Exide Life Insurance

Rejo is a management graduate from the University of London. He is passionate about securing enterprises and looks to be hands-on in the various emerging developments in the field of cyber security. In his professional capacity, Rejo has ensured enterprise security for businesses operating from Europe, US and India. He is also an active participant of security community forums like CISO platform in India.

HOW THE FIXER STRUCK BACK"This year is likely to be the year of more widespread adoption of AI powered attacks.

Red teaming and security-portfolio-analysis exercises are two such exercises that help you with cyber security. A red teaming exercise typically involves high-level adversarial objectives that include gaining access to customer information. This also involves good amount of social engineering, which puts to test all the awareness sessions you may have invested in your employees.

A security portfolio exercise involves usage of cyber security frameworks to arrive at a maturity score for each of the categories and an overall maturity score for the organisation. This also gives an insight into whether security investments are adequate/ overdone/ inadequate in certain categories."

6 FORBES INDIA MARQUEE A SPECIAL PRESENTATION IN ASSOCIATION WITH HP FEBRUARY 2018

We have ensured all endpoints including laptops, mobiles and printers

are secured

VIJAY KANNAN| MISSION SECURITY

Age: 38 Chief Information Officer,

Hindustan Unilever Ltd & IT Director

Vijay Kannan along with Syed Waheeduddin, who is a computer science engineer with experience in enterprise applications have led the initiative for stronger cyber security.

HOW THE FIXER STRUCK BACK"Both intensity and frequency of cyber security threats have increased and we have ensured all endpoints, including laptops, mobiles and printers are secured. Unilever is deploying HPAC to overcome the challenges they have in user experience and security. Here we are integrating internal processes into our print security software — for secure print authentication, quota setting to restrict wastage, pull printing to have zero downtime of devices."

SATISH V KADIYALA | NULLIFYING THE THREAT

Age: 47 Principal Area IT Manager,

Head of Global Support – India, Microsoft

Satish is an accomplished IT leader with solid experience in developing IT strategy, designing and delivering world class IT solutions, driving innovation resulting into superior end user experience. With an MS in engineering from the US, Satish has more than 20 years of experience.

HOW THE FIXER STRUCK BACK"At Microsoft, we take a 3-pronged approach to address cyber threats➢ Protect➢ Detect➢ Respond• We continuously monitor our assets, push the security

patches, and our WAS (Windows As Service) helps us to ensure all client machines are up-to-date with latest OS updates

• We rely on our Windows Defender to constantly monitor our clients, provide alerts, mitigate risks and provide options to control access to applications

• Through identity and access management, we enable access for the right person.

Microsoft beefed up its print fleet security by standardising and consolidating its printers across locations."

Microsoft beefed up its print fleet security by standardising and

consolidating its printers across locations

FORBES INDIA MARQUEE A SPECIAL PRESENTATION IN ASSOCIATION WITH HP FEBRUARY 2018 7

PRASHANT VIJAY | SAFE STRATEGY

Age: 40 DGM- Certification Business Unit,

International Center for Automotive Technology (ICAT)

With a BTech in mechanical engineering from IIT-K, Prashant worked in Maruti Suzuki India Pvt. Ltd for six years, GM India for three and half years and has been in ICAT for more than seven years.

HOW THE FIXER STRUCK BACK"A CMVR certificate is the key document for any automotive to be sold in India. ICAT already has some security features to ensure the originality, however, it needs to be enhanced and so we are ensuring more security features with an HP-Troy system."

We are ensuring more security features for a CMVR certificate with an HP-Troy

system

BEATING THE HACKERS

RADHAKRISHNA S | CRACKING THE CODE

Age: 47 Associate Vice-President,

IT Service Support & Operations at Infosys IT

As a practice manager, he is responsible for IT support and operations relating to internal IT Services. He also owns the “Print & Scan Service” for the organisation. Radhakrishan has more than 23 years of experience in the IT service and operations field and is a certified ITIL expert.

HOW THE FIXER STRUCK BACK"In current context, the malwares are sophisticatedly developed in such a way that when we print, the job can include a small piece of code. When the job reaches the printer, the malware gets separated and stays in the printer’s memory. The user is unaware of such transfers. This malware, which is in the printer, will start scanning the network. Information like documents, passwords, will be scanned by this malware and is transferred to a server in the internet. How can the printers be secured on the network? These are a few ways.1) Job security: Securing jobs on the printer will avoid other

users collecting my printouts. This can be achieved by providing PIN / password to every job.

2) Securing printer web page: Every printer on the network offers a webpage to ease the configuration of printer. A hacker can use this portal. This can be secured by mandatorily selecting the secured https protocol and removing the regular http protocol.

3) No unauthorised changes to printer settings."

Malwares are sophisticatedly developed in such a way that when

we print, the job can include a small piece of code

DISCLAIMERThe views and opinions expressed in this magazine are not necessarily of Digital 18 Media Limited, its publishers and/or editors. Readers should treat the Forbes India Marquee media marketing initiative as the equivalent of paid-for advertisements. No Forbes India journalists were involved in creating this supplement. We (at Digital 18) do our best to verify the information published but do not take responsibility for the absolute accuracy of the information. Digital 18 does not accept responsibility for any investments or other decisions taken by the readers on the basis of information provided herein.