Fortifying the Digital Frontier: International Computer Security Day 2023


Fortifying the Digital Frontier: International Computer Security Day 2023

In the ever-evolving landscape of cyberspace, where the digital realm intersects with our daily lives, the imperative to safeguard our interconnected systems has never been more critical. As we approach International Computer Security Day 2023, it is essential to reflect upon the journey that has led us to this point. The roots of this observance can be traced back to a seminal event in computing history, the emergence of the 'Morris worm' on 2 November 1988. Originating at Cornell University, this enigmatic virus rapidly propagated across various academic computer systems, sounding an early alarm on the vulnerabilities inherent in the burgeoning world of interconnected computers. In response to the Morris worm crisis, the Software Engineering Institute (SEI) at Carnegie Mellon University took a decisive step on 14 November 1988 by establishing the Computer Emergency Response Team (CERT). This pioneering initiative marked the inception of an organized, collaborative effort to address and counteract emerging cyber threats. The creation of CERT was pivotal, emphasizing the need for a coordinated approach to cybersecurity in an increasingly networked environment. Recognizing the importance of fostering awareness and dialogue surrounding computer security, it was subsequently decided that National Computer Security Day would be observed on 30 November; this dedicated day served as a catalyst for discussions, initiatives, and education on the critical subject of securing our digital infrastructure. It became a focal point for individuals, organizations, and governments to come together and strategize on fortifying the defenses against cyber threats.

The year 2003 we witnessed a significant milestone in the evolution of National Computer Security Day. In collaboration with CERT, the U.S. Department of Homeland Security launched the National Cyber Awareness System. This joint effort aimed to enhance the dissemination information about cybersecurity threats, vulnerabilities, and best practices. By combining resources and expertise, this partnership strengthened the nation's ability to respond to and mitigate cyber risks, laying the groundwork for a more resilient digital landscape. Today, we are commemorating International Computer Security Day in the year 2023. As technology advances, the cyber threat landscape is continuously changing, bringing forth new challenges and complexities that need to be addressed. From ransomware attacks to sophisticated phishing schemes, the adversaries in the digital realm are becoming increasingly formidable. This year's observance is not merely a retrospective reflection but a forward-looking endeavor to fortify our digital defenses, enhance global collaboration, and empower individuals with the knowledge and tools to navigate the digital landscape securely. International Computer Security Day 2023 serves as a reminder of the collective responsibility we bear in safeguarding the digital infrastructure that underpins our interconnected world. It is an occasion to reflect on the progress made in the realm of cybersecurity, acknowledge the challenges that lie ahead, and reaffirm our commitment to fostering a secure and resilient digital future. As we navigate the complexities of the digital age, this observance stands as a beacon, guiding us toward a future where the benefits of technology can be harnessed without compromising the security and integrity of our digital ecosystems.

Nitin Varma, Managing Director - India & SAARC, CrowdStrike

“As we commemorate International Computer Security Day 2023, it is important to take this opportunity to review our online security infrastructure and be vigilant about the growing threat of cyberattacks. In recent years, we have seen a significant rise in data leak extortion incidents, whereby threat actors attempt to hold data hostage - including personal or health information - unless they are paid. The CrowdStrike 2023 Global Threat Report highlights how adversaries have doubled down on stolen credential use as they continue to deploy identity-focused attacks. There are many reasons why adversaries pursue identity-based attacks, chief of which is their ability to bypass legacy security systems. This inability to detect credential abuse, combined with a rapid breakout time, drives higher success rates for ransomware, data exfiltration and other types of cyberattacks. The faster one can detect an attack, the faster they can respond and stop adversaries in their tracks.

Businesses most follow three key steps to strengthen their defenses. Shifting away from a siloed approach, where multiple standalone solutions are deployed, is recommended. Bringing together endpoint and identity telemetry provides full visibility across an adversary's attack path, identifying vulnerabilities, malware delivery, stolen credentials, and lateral movement attempts. Deploying a unified platform with a single agent across the environment streamlines threat assessment by reducing agent count and ensuring a comprehensive view of potential threats. Leveraging automated responses within this platform enhances real-time attack prevention.

Embracing the latest innovations in Extended Detection and Response (XDR) and Identity Data Protection (IDP) is pivotal to combatting evolving cybersecurity challenges. These solutions unify endpoint and identity telemetry, offering real-time threat correlation, automated responses, and comprehensive visibility into attack paths. These modern technologies not only bolsters security effectiveness but also optimizes operational efficiency and minimizes costs by reducing reliance on multiple security tools. The focus on generative AI, workflows, and a consolidated platform architecture also demonstrate a commitment to enhancing speed, intelligence, and overall cybersecurity efficacy.  Moreover, a multi-layered data protection approach remains indispensable, incorporating tools such as multi-factor authentication (MFA), encryption, password managers, zero trust principles, precautions against phishing attempts, data encryption on public networks, and responsible data handling practices to fortify digital assets”.

Krishnendu Chakrabarty, Associate Director, Platform Engineering, Ascendion

"Ensuring security is an extremely dynamic endeavor – as the threats keep changing, there is always a catching game to be played. Institutionalizing security measures through automation and a ground up cultural shift among all the stakeholders are the key factors for a sustainable security management strategy. The newer technologies like AI and Quantum computing have increased the challenge even further – continuous cycle of assessment and implementation is the way to go.

Additionally, relatively simple measures like correct management of passwords should not be overlooked, as they can prevent a very high percentage of the threats. Securing data is another important part of the security assurance process – along with technology aspects, it is also driven by different security norms which differs between geographies and industries – hence adopting right technology frameworks around these norms is important. Security audits also play a critical role in maintaining the sanctity of all the processes related to security”.

Nilesh Kulkarni, Director, Qlik India

"In an increasingly interconnected world, a comprehensive cybersecurity strategy integrating advanced threat detection, employee training programs, and leading security technologies has become imperative to counter the challenges and secure our digital future. Applying Gen AI, ML, cloud, and blockchain are pivotal in enhancing threat detection, introducing contextual understanding in security operations, and ensuring data integrity. Embracing these technologies positions organizations as leaders in cybersecurity, fortifying defenses against cyber threats.

Our emphasis extends beyond a traditional ‘lock everything down’ mindset. At Qlik, our focus on data quality and embed governance into procedures, policies, and toolsets, enables organizations to leverage data analytics securely and ensures responsible data utilization. This holistic approach protects against rising cyber threats and data privacy breaches while effectively harnessing data analytics' potential.

Security is ingrained across our operations, encompassing software development, SaaS operations, and corporate IT security. Our approach incorporates leading security technologies and modern open standards, assuring users that their data and analyses are safeguarded. Conducting vulnerability assessments proactively through collaboration with independent third parties fortifies our product portfolio's security measures, promptly identifying and resolving potential vulnerabilities”.

Maninder Bharadwaj, Global Head - Cybersecurity and Risk Management, Tech Mahindra

“Given the constant exposure to various cyber-attacks, people frequently encounter challenges such as ransomware attacks, phishing, system intrusion, confirmed data disclosure, mobile threats, and social engineering. As the frequency and complexity of cyber-attacks continue to rise, it becomes imperative to evaluate the accessibility of cybersecurity professionals and expertise. Reports reveal that less than 40% of organizations have fully addressed emerging cyber risks, emphasizing the gaps in cybersecurity preparedness. One of the prominent challenges in cybersecurity today is the shortage of skilled professionals. In early 2023, about 30% of the 40,000 cybersecurity positions remained vacant due to a lack of skilled experts. Several strategies can be employed to bridge this gap and bolster the cybersecurity workforce. Developing cybersecurity talent requires industry-wide initiatives and strategies, which are crucial. Additionally, organizations must play an active role in offering opportunities for their employees to upskill and reskill. While automation is on the rise, it will not replace cybersecurity experts but rather enhance their capabilities by automating routine tasks. Reskilling individuals with adjacent technology knowledge, such as cloud-skilled individuals becoming cloud security experts, can effectively address the skill shortage. Furthermore, collaboration between organizations and universities is key to promoting knowledge-sharing and establishing recruitment channels for new talent. This partnership can help create a continuous learning environment where cybersecurity knowledge is continually updated to keep pace with the evolving threat landscape”.

Najm Bilgrami, Senior Vice President - Financial Lines, Financial Lines Business, TATA AIG General Insurance

"On the occasion of National Computer Security Day, it is imperative that we understand it's significance in the backdrop of continuing rise of risks in the digital space. This day serves as a crucial reminder of the changing threat landscape. In today's challenging environment, the relevancy and value of cyber insurance is also increased. A pioneer in coverage for cyber exposures, TATA AIG continues to set the standard today with custom made cyber insurance solutions for individuals as well as corporates. The policy acts as more than a line of defence in the event of a cyber-attack, giving valuable insight into the cyber security posture and health of an organisation prior to the placement. As part of TATA AIG's end-to-end cybersecurity risk management, we extend a suite of risk improvement services aimed at strengthening the resilience and safeguarding the overall cyber exposure of our clients".

Conclusion: On the occasion of International Computer Security Day 2023, it is crucial to recognize our collective responsibility to protect the digital realm. With our growing dependence on technology, it is essential to have stronger cybersecurity measures in place. This day serves as a reminder that safeguarding our digital landscapes demands global cooperation, innovative solutions, and a commitment to continuous education. Let us join hands to strengthen our interconnected world by reflecting on the challenges and advancements in computer security. International Computer Security Day emphasizes the idea that a secure digital future is a shared responsibility that transcends borders and requires ongoing vigilance.