Update

STAMFORD, Conn., August 3, 2017 View All Press Releases

Key Cybersecurity Initiatives for Indian Enterprises

With the digitalization boom in India, more Indian enterprises are upgrading their security capabilities to make their enterprises more secure against the latest threats. Rajpreet Kaur, senior research analyst at Gartner, shared her insights about the latest cybersecurity attacks on Indian enterprises and steps to mitigate risks from the attacks.

1.     What are the major cyberattack trends you see targeting Indian enterprises?

 Rajpreet: We see a hike in targeted attacks including state sponsored attacks against Indian enterprises of all sizes not just the large ones. There is an increase in the following attack vectors:

  • Web application attacks: Number of attacks targeted towards web applications are increasing.
  • DDoS attacks: Distributed Denial of service (DDoS) attacks, such as volumetric attacks are increasing.
  • Advanced malware attacks such as ransomwares: We all have seen ransomware attacks such as WannaCry, Petya. It is quite evident that the number of such attacks are increasing.
  • Spear phishing attacks: There is an increase in the number of phishing emails leading to spear phishing attacks.           

2.     What should be the focus for Indian enterprises?

Rajpreet: While enterprises are working towards deploying sophisticated technologies, they first need to get their basics right. The majority of cyber-attacks try to exploit an existing unpatched vulnerability and then move in the network using machine privileges. Before investing in new security tools, organizations should get their “3Ps” right: Patching, Privileges, and Passwords. Another grey area is poor detection and response capabilities, which needs a big improvement.

3.     Are digital ecosystems driving new cybersecurity trends in India?

Rajpreet: The attacks are still the same. However, with digitalization it has become easier to target Indian enterprises as the networks are expanding as opposed to the earlier closed networks.

4.     How have security teams evolved with the changing threat landscape?

Rajpreet: Security needs to evolve as business evolves, and so does the responsibility of the security team. Years ago the security team used to manage firewalls. Now they are looking after end point security, network security, security monitoring, analytics, forensic analysis and much more based on the network of the respective organization.

5.     What are the practical steps to manage risk and security in the digital ecosystems?

 Rajpreet:

  1. Sit with the stake holders and ask them about the key risks to the business.
  2. Categorize the risks into high, medium and low, and then tie it back to the organization’s cybersecurity key initiatives.
  3. Adapt and evolve the organization’s cybersecurity continuously.

Gartner analysts will provide additional analysis on IT security trends at the Gartner Security & Risk Management Summits 2017 taking place in Mumbai, India, Sao Paulo, Sydney, London and Dubai. Follow news and updates from the events on Twitter at #GartnerSEC.

 

 

 

Contacts
About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 13,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit www.gartner.com.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.